From c483d6d3d8a58fc1ad81ceb7a9deb58111011660 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 20 Aug 2021 13:41:47 -0400 Subject: [PATCH 1/5] Created new ingress config file --- .../ingress-config/_index.md | 55 +++++++++++++++++++ .../ingress/_index.md | 52 ------------------ 2 files changed, 55 insertions(+), 52 deletions(-) create mode 100644 content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md diff --git a/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md new file mode 100644 index 00000000000..9f383966e9c --- /dev/null +++ b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md @@ -0,0 +1,55 @@ +--- +title: Ingress Rule Configuration +description: Ingress configuration +weight: 9999 +--- + +- [Automatically generate a xip.io hostname](#automatically-generate-a-xip-io-hostname) +- [Specify a hostname to use](#specify-a-hostname-to-use) +- [Use as the default backend](#use-as-the-default-backend) +- [Certificates](#certificates) +- [Labels and Annotations](#labels-and-annotations) + +### Automatically generate a xip.io hostname + +If you choose this option, ingress routes requests to hostname to a DNS name that's automatically generated. Rancher uses [xip.io](http://xip.io/) to automatically generates the DNS name. This option is best used for testing, _not_ production environments. + +>**Note:** To use this option, you must be able to resolve to `xip.io` addresses. + +1. Add a **Target Backend**. By default, a workload is added to the ingress, but you can add more targets by clicking either **Service** or **Workload**. +1. **Optional:** If you want specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path** field. Typically, the first rule that you create does not include a path. +1. Select a workload or service from the **Target** drop-down list for each target you've added. +1. Enter the **Port** number that each target operates on. + +### Specify a hostname to use + +If you use this option, ingress routes requests for a hostname to the service or workload that you specify. + +1. Enter the hostname that your ingress will handle request forwarding for. For example, `www.mysite.com`. +1. Add a **Target Backend**. By default, a workload is added to the ingress, but you can add more targets by clicking either **Service** or **Workload**. +1. **Optional:** If you want specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path** field. Typically, the first rule that you create does not include a path. +1. Select a workload or service from the **Target** drop-down list for each target you've added. +1. Enter the **Port** number that each target operates on. + +### Use as the default backend + +Use this option to set an ingress rule for handling requests that don't match any other ingress rules. For example, use this option to route requests that can't be found to a `404` page. + +>**Note:** If you deployed Rancher using RKE, a default backend for 404s and 202s is already configured. + +1. Add a **Target Backend**. Click either **Service** or **Workload** to add the target. +1. Select a service or workload from the **Target** drop-down list. + +### Certificates +>**Note:** You must have an SSL certificate that the ingress can use to encrypt/decrypt communications. For more information see [Adding SSL Certificates]({{}}/rancher/v2.6/en/k8s-in-rancher/certificates/). + +1. Click **Add Certificate**. +1. Select a **Certificate** from the drop-down list. +1. Enter the **Host** using encrypted communication. +1. To add additional hosts that use the certificate, click **Add Hosts**. + +### Labels and Annotations + +Add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and/or [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to provide metadata for your ingress. + +For a list of annotations available for use, see the [Nginx Ingress Controller Documentation](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/). \ No newline at end of file diff --git a/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md index 82884b42375..9ab7b65b4a5 100644 --- a/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md +++ b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md @@ -18,55 +18,3 @@ Ingress can be added for workloads to provide load balancing, SSL termination an **Result:** Your ingress is added to the project. The ingress begins enforcing your ingress rules. - -# Ingress Rule Configuration - -- [Automatically generate a xip.io hostname](#automatically-generate-a-xip-io-hostname) -- [Specify a hostname to use](#specify-a-hostname-to-use) -- [Use as the default backend](#use-as-the-default-backend) -- [Certificates](#certificates) -- [Labels and Annotations](#labels-and-annotations) - -### Automatically generate a xip.io hostname - -If you choose this option, ingress routes requests to hostname to a DNS name that's automatically generated. Rancher uses [xip.io](http://xip.io/) to automatically generates the DNS name. This option is best used for testing, _not_ production environments. - ->**Note:** To use this option, you must be able to resolve to `xip.io` addresses. - -1. Add a **Target Backend**. By default, a workload is added to the ingress, but you can add more targets by clicking either **Service** or **Workload**. -1. **Optional:** If you want specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path** field. Typically, the first rule that you create does not include a path. -1. Select a workload or service from the **Target** drop-down list for each target you've added. -1. Enter the **Port** number that each target operates on. - -### Specify a hostname to use - -If you use this option, ingress routes requests for a hostname to the service or workload that you specify. - -1. Enter the hostname that your ingress will handle request forwarding for. For example, `www.mysite.com`. -1. Add a **Target Backend**. By default, a workload is added to the ingress, but you can add more targets by clicking either **Service** or **Workload**. -1. **Optional:** If you want specify a workload or service when a request is sent to a particular hostname path, add a **Path** for the target. For example, if you want requests for `www.mysite.com/contact-us` to be sent to a different service than `www.mysite.com`, enter `/contact-us` in the **Path** field. Typically, the first rule that you create does not include a path. -1. Select a workload or service from the **Target** drop-down list for each target you've added. -1. Enter the **Port** number that each target operates on. - -### Use as the default backend - -Use this option to set an ingress rule for handling requests that don't match any other ingress rules. For example, use this option to route requests that can't be found to a `404` page. - ->**Note:** If you deployed Rancher using RKE, a default backend for 404s and 202s is already configured. - -1. Add a **Target Backend**. Click either **Service** or **Workload** to add the target. -1. Select a service or workload from the **Target** drop-down list. - -### Certificates ->**Note:** You must have an SSL certificate that the ingress can use to encrypt/decrypt communications. For more information see [Adding SSL Certificates]({{}}/rancher/v2.6/en/k8s-in-rancher/certificates/). - -1. Click **Add Certificate**. -1. Select a **Certificate** from the drop-down list. -1. Enter the **Host** using encrypted communication. -1. To add additional hosts that use the certificate, click **Add Hosts**. - -### Labels and Annotations - -Add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and/or [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to provide metadata for your ingress. - -For a list of annotations available for use, see the [Nginx Ingress Controller Documentation](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/). \ No newline at end of file From bb52f4b06f929c2c7e4699c4b61921308e62399e Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 20 Aug 2021 14:34:56 -0400 Subject: [PATCH 2/5] NGINX Ingress controller changes in v1.21 --- .../load-balancers-and-ingress/ingress-config/_index.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md index 9f383966e9c..10308210279 100644 --- a/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md +++ b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md @@ -1,15 +1,20 @@ --- -title: Ingress Rule Configuration +title: Ingress Configuration description: Ingress configuration weight: 9999 --- +- [NGINX Ingress controller changes in v1.21](#nginx-ingress-controller-changes-in-v1-21) - [Automatically generate a xip.io hostname](#automatically-generate-a-xip-io-hostname) - [Specify a hostname to use](#specify-a-hostname-to-use) - [Use as the default backend](#use-as-the-default-backend) - [Certificates](#certificates) - [Labels and Annotations](#labels-and-annotations) +### NGINX Ingress controller changes in v1.21 + +For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork but uses hostPorts for port 80 and port 443. This was done so the admission webhook can be configured to be accessed using ClusterIP so it can only be reached inside the cluster. + ### Automatically generate a xip.io hostname If you choose this option, ingress routes requests to hostname to a DNS name that's automatically generated. Rancher uses [xip.io](http://xip.io/) to automatically generates the DNS name. This option is best used for testing, _not_ production environments. From 7ad408fd06a3b54a4d78164c6d12c9c8629f9aa4 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Mon, 23 Aug 2021 13:37:13 -0400 Subject: [PATCH 3/5] Added k8s to v1.21 --- .../load-balancers-and-ingress/ingress-config/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md index 10308210279..019c4b6367b 100644 --- a/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md +++ b/content/rancher/v2.6/en/k8s-in-rancher/load-balancers-and-ingress/ingress-config/_index.md @@ -4,14 +4,14 @@ description: Ingress configuration weight: 9999 --- -- [NGINX Ingress controller changes in v1.21](#nginx-ingress-controller-changes-in-v1-21) +- [NGINX Ingress controller changes in Kubernetes v1.21](#nginx-ingress-controller-changes-in-Kubernetes-v1-21) - [Automatically generate a xip.io hostname](#automatically-generate-a-xip-io-hostname) - [Specify a hostname to use](#specify-a-hostname-to-use) - [Use as the default backend](#use-as-the-default-backend) - [Certificates](#certificates) - [Labels and Annotations](#labels-and-annotations) -### NGINX Ingress controller changes in v1.21 +### NGINX Ingress controller changes in Kubernetes v1.21 For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork but uses hostPorts for port 80 and port 443. This was done so the admission webhook can be configured to be accessed using ClusterIP so it can only be reached inside the cluster. From fe89614c15be946cdcda79dad6918904f11f8b28 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Mon, 23 Aug 2021 15:08:23 -0400 Subject: [PATCH 4/5] Updated RKE v1.30 with updated NGINX ingress note --- .../en/config-options/add-ons/ingress-controllers/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md b/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md index fae1012abc9..08fd57b58f9 100644 --- a/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md +++ b/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md @@ -115,9 +115,9 @@ ingress: ### Configuring network options -_Available as of v1.1.11_ +_Available as of v1.30_ -By default, the nginx ingress controller is configured using `hostNetwork: true` on the default ports `80` and `443`. If you want to change the mode and/or the ports, see the options below. +For Kubernetes v1.21 and up, the NGINX ingress controller no longer runs in `hostNetwork: true` but uses hostPorts for port `80` and port `443`. This was done so the admission webhook can be configured to be accessed using ClusterIP so it can only be reached inside the cluster. If you want to change the mode and/or the ports, see the options below. Configure the nginx ingress controller using `hostPort` and override the default ports: From ac035811005498562f9bf23ff6804c4f5db2fd88 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Wed, 25 Aug 2021 17:15:50 -0400 Subject: [PATCH 5/5] Added back info for RKE v1.1.11 & instructions for v1.30 --- .../add-ons/ingress-controllers/_index.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md b/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md index 08fd57b58f9..2ee8cc6dcfb 100644 --- a/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md +++ b/content/rke/latest/en/config-options/add-ons/ingress-controllers/_index.md @@ -115,9 +115,14 @@ ingress: ### Configuring network options -_Available as of v1.30_ - -For Kubernetes v1.21 and up, the NGINX ingress controller no longer runs in `hostNetwork: true` but uses hostPorts for port `80` and port `443`. This was done so the admission webhook can be configured to be accessed using ClusterIP so it can only be reached inside the cluster. If you want to change the mode and/or the ports, see the options below. +{{% tabs %}} +{{% tab "v1.30" %}} +For Kubernetes v1.21 and up, the NGINX ingress controller no longer runs in `hostNetwork: true` but uses hostPorts for port `80` and port `443`. This was done so the admission webhook can be configured to be accessed using ClusterIP so it can only be reached inside the cluster. If you want to change the mode and/or the ports, see the options below. +{{% /tab %}} +{{% tab "v1.1.11" %}} +By default, the nginx ingress controller is configured using `hostNetwork: true` on the default ports `80` and `443`. If you want to change the mode and/or the ports, see the options below. +{{% /tab %}} +{{% /tabs %}} Configure the nginx ingress controller using `hostPort` and override the default ports: