From 9e88fed7367cf389c8d5c2704beb91c78c8608e6 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 20 Jan 2023 16:44:53 -0500 Subject: [PATCH 1/3] updated ingress config page to note that hostNetwork must be set to true on K8s > v1.20 plus assorted copyedits --- .../ingress-configuration.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md index d69d7219875..1942333529a 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md @@ -5,7 +5,9 @@ description: Ingress configuration ### NGINX Ingress controller changes in Kubernetes v1.21 -For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork but uses hostPorts for port 80 and port 443. This was done so the admission webhook can be configured to be accessed using ClusterIP so it can only be reached inside the cluster. +For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork. It instead uses hostPorts for port 80 and port 443. This was done so that you can configure the admission webhook to be accessible only through the ClusterIP. This makes the webhook inaccessible from outside the cluster. + +Because of this change, the controller no longer has `hostNetwork` set to `true` by default. However, you must set `hostNetwork` to `true` on the controller for TCP- and UDP-based Services to work. ## Ingress Rule Configuration @@ -16,21 +18,22 @@ For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in host ### Specify a hostname to use -If you use this option, ingress routes requests for a hostname to the service or workload that you specify. +If you use this option, Ingress routes requests for a hostname to the service or workload that you specify. -1. Enter the **Request Host** that your ingress will handle request forwarding for. For example, `www.mysite.com`. +1. Enter the **Request Host** that your Ingress controller will handle request forwarding for. For example, `www.mysite.com`. 1. Add a **Target Service**. -1. **Optional:** If you want specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path** field. Typically, the first rule that you create does not include a path. +1. **Optional:** If you want to specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path**. The first rule that you create does not typically include a path. 1. Enter the **Port** number that each target operates on. + ### Certificates :::note -You must have an SSL certificate that the ingress can use to encrypt/decrypt communications. For more information see [Adding SSL Certificates](../encrypt-http-communication.md). +You must have an SSL certificate that Ingress can use to encrypt and decrypt communications. For more information, see [Adding SSL Certificates](../encrypt-http-communication.md). ::: -1. When creating an ingress, click the **Certificates** tab. +1. To create an Ingress controller, click the **Certificates** tab. 1. Click **Add Certificate**. 1. Select a **Certificate - Secret Name** from the drop-down list. 1. Enter the host using encrypted communication. From 06fcf1a0cfd9ebed699da29d7c925fc2c1323b60 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 23 Jan 2023 13:37:10 -0500 Subject: [PATCH 2/3] slight rewording, updated 2.6 version as well --- .../ingress-configuration.md | 6 +++--- .../ingress-configuration.md | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md index 1942333529a..4b0f9523ea7 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md @@ -5,9 +5,9 @@ description: Ingress configuration ### NGINX Ingress controller changes in Kubernetes v1.21 -For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork. It instead uses hostPorts for port 80 and port 443. This was done so that you can configure the admission webhook to be accessible only through the ClusterIP. This makes the webhook inaccessible from outside the cluster. +For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork by default. It instead uses hostPorts for port 80 and port 443, so you can configure the admission webhook to be accessible only through the ClusterIP. This ensures that the webhook is only accessible from within the cluster. -Because of this change, the controller no longer has `hostNetwork` set to `true` by default. However, you must set `hostNetwork` to `true` on the controller for TCP- and UDP-based Services to work. +Because of this change to the controller, the default behavior no longer sets `hostNetwork` to `true`. However, you must set `hostNetwork` to `true` for TCP- and UDP-based Services to work. ## Ingress Rule Configuration @@ -41,6 +41,6 @@ You must have an SSL certificate that Ingress can use to encrypt and decrypt com ### Labels and Annotations -Add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and/or [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to provide metadata for your ingress. +Add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and/or [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to provide metadata for your Ingress controller. For a list of annotations available for use, see the [Nginx Ingress Controller Documentation](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/). diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md index 930e1f5d0a9..e990be496b8 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md @@ -5,7 +5,9 @@ description: Ingress configuration ### NGINX Ingress controller changes in Kubernetes v1.21 -For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork but uses hostPorts for port 80 and port 443. This was done so the admission webhook can be configured to be accessed using ClusterIP so it can only be reached inside the cluster. +For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork by default. It instead uses hostPorts for port 80 and port 443, so you can configure the admission webhook to be accessible only through the ClusterIP. This ensures that the webhook is only accessible from within the cluster. + +Because of this change to the controller, the default behavior no longer sets `hostNetwork` to `true`. However, you must set `hostNetwork` to `true` for TCP- and UDP-based Services to work. ## Ingress Rule Configuration From 0e45caaa9478e22b011849c6c498d03042878147 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 23 Jan 2023 15:06:30 -0500 Subject: [PATCH 3/3] rm'd toc, restructured page so top section becomes a note this was done because a section was missing even though it was still in the toc. Also: the page title is 'Ingress Configuration'. Having the subsection that contains the toc have a similar title is confusing. --- .../ingress-configuration.md | 15 ++++-------- .../ingress-configuration.md | 24 ++++++++++--------- 2 files changed, 18 insertions(+), 21 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md index 4b0f9523ea7..0b915801be4 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md @@ -3,20 +3,15 @@ title: Ingress Configuration description: Ingress configuration --- -### NGINX Ingress controller changes in Kubernetes v1.21 +:::note For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork by default. It instead uses hostPorts for port 80 and port 443, so you can configure the admission webhook to be accessible only through the ClusterIP. This ensures that the webhook is only accessible from within the cluster. Because of this change to the controller, the default behavior no longer sets `hostNetwork` to `true`. However, you must set `hostNetwork` to `true` for TCP- and UDP-based Services to work. -## Ingress Rule Configuration +:::note -- [Specify a hostname to use](#specify-a-hostname-to-use) -- [Use as the default backend](#use-as-the-default-backend) -- [Certificates](#certificates) -- [Labels and Annotations](#labels-and-annotations) - -### Specify a hostname to use +## Specify a hostname to use If you use this option, Ingress routes requests for a hostname to the service or workload that you specify. @@ -25,7 +20,7 @@ If you use this option, Ingress routes requests for a hostname to the service or 1. **Optional:** If you want to specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path**. The first rule that you create does not typically include a path. 1. Enter the **Port** number that each target operates on. -### Certificates +## Certificates :::note @@ -39,7 +34,7 @@ You must have an SSL certificate that Ingress can use to encrypt and decrypt com 1. Enter the host using encrypted communication. 1. To add additional hosts that use the certificate, click **Add Hosts**. -### Labels and Annotations +## Labels and Annotations Add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and/or [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to provide metadata for your Ingress controller. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md index e990be496b8..db2bf05d4c5 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/ingress-configuration.md @@ -3,44 +3,46 @@ title: Ingress Configuration description: Ingress configuration --- -### NGINX Ingress controller changes in Kubernetes v1.21 +:::note For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork by default. It instead uses hostPorts for port 80 and port 443, so you can configure the admission webhook to be accessible only through the ClusterIP. This ensures that the webhook is only accessible from within the cluster. Because of this change to the controller, the default behavior no longer sets `hostNetwork` to `true`. However, you must set `hostNetwork` to `true` for TCP- and UDP-based Services to work. -## Ingress Rule Configuration +:::note + - [Specify a hostname to use](#specify-a-hostname-to-use) - [Use as the default backend](#use-as-the-default-backend) - [Certificates](#certificates) - [Labels and Annotations](#labels-and-annotations) -### Specify a hostname to use +## Specify a hostname to use -If you use this option, ingress routes requests for a hostname to the service or workload that you specify. +If you use this option, Ingress routes requests for a hostname to the service or workload that you specify. -1. Enter the **Request Host** that your ingress will handle request forwarding for. For example, `www.mysite.com`. +1. Enter the **Request Host** that your Ingress controller will handle request forwarding for. For example, `www.mysite.com`. 1. Specify a path of type `Prefix` and a specify a path such as `/`. 2. Add a **Target Service**. -3. **Optional:** If you want specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path** field. Typically, the first rule that you create does not include a path. +3. **Optional:** If you want to specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path** field. The first rule that you create does not typically include a path. 4. Enter the **Port** number that each target operates on. -### Certificates + +## Certificates :::note -You must have an SSL certificate that the ingress can use to encrypt/decrypt communications. For more information see [Adding SSL Certificates](../encrypt-http-communication.md). +You must have an SSL certificate that the Ingress controller can use to encrypt/decrypt communications. For more information, see [Adding SSL Certificates](../encrypt-http-communication.md). ::: -1. When creating an ingress, click the **Certificates** tab. +1. To create an Ingress controller, click the **Certificates** tab. 1. Click **Add Certificate**. 1. Select a **Certificate - Secret Name** from the drop-down list. 1. Enter the host using encrypted communication. 1. To add additional hosts that use the certificate, click **Add Hosts**. -### Labels and Annotations +## Labels and Annotations -Add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and/or [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to provide metadata for your ingress. +Add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and/or [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to provide metadata for your Ingress Controller. For a list of annotations available for use, see the [Nginx Ingress Controller Documentation](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/).