github.com/nginxinc/kubernetes-ingress@v1.12.5/examples/mergeable-ingress-types/README.md (about)

     1  # Mergeable Ingress Types Support
     2  
     3  You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the same or different namespaces. This enables
     4  easier management when using a large number of paths.
     5  
     6  ## Syntax and Rules
     7  
     8  A Master is declared using `nginx.org/mergeable-ingress-type: master`. A Master will process all configurations at the
     9  host level, which includes the TLS configuration, and any annotations which will be applied for the complete host. There
    10  can only be one ingress resource on a unique host that contains the master value. Paths cannot be part of the
    11  ingress resource.
    12  
    13  Masters cannot contain the following annotations:
    14  * nginx.org/rewrites
    15  * nginx.org/ssl-services
    16  * nginx.org/grpc-services
    17  * nginx.org/websocket-services
    18  * nginx.com/sticky-cookie-services
    19  * nginx.com/health-checks
    20  * nginx.com/health-checks-mandatory
    21  * nginx.com/health-checks-mandatory-queue
    22  
    23  A Minion is declared using `nginx.org/mergeable-ingress-type: minion`. A Minion will be used to append different
    24  locations to an ingress resource with the Master value. TLS configurations are not allowed. Multiple minions can be
    25  applied per master as long as they do not have conflicting paths. If a conflicting path is present then the path defined
    26  on the oldest minion will be used.
    27  
    28  Minions cannot contain the following annotations:
    29  * nginx.org/proxy-hide-headers
    30  * nginx.org/proxy-pass-headers
    31  * nginx.org/redirect-to-https
    32  * ingress.kubernetes.io/ssl-redirect
    33  * nginx.org/hsts
    34  * nginx.org/hsts-max-age
    35  * nginx.org/hsts-include-subdomains
    36  * nginx.org/server-tokens
    37  * nginx.org/listen-ports
    38  * nginx.org/listen-ports-ssl
    39  * nginx.org/server-snippets
    40  
    41  Minions inherent the following annotations from the master, unless they override them:
    42  * nginx.org/proxy-connect-timeout
    43  * nginx.org/proxy-read-timeout
    44  * nginx.org/client-max-body-size
    45  * nginx.org/proxy-buffering
    46  * nginx.org/proxy-buffers
    47  * nginx.org/proxy-buffer-size
    48  * nginx.org/proxy-max-temp-file-size
    49  * nginx.org/location-snippets
    50  * nginx.org/lb-method
    51  * nginx.org/keepalive
    52  * nginx.org/max-fails
    53  * nginx.org/fail-timeout
    54  
    55  Note: Ingress Resources with more than one host cannot be used.
    56  
    57  ## Example
    58  
    59  In this example we deploy the NGINX Ingress controller, a simple web application and then configure
    60  load balancing for that application using Ingress resources with the `nginx.org/mergeable-ingress-type` annotations.
    61  
    62  ## Running the Example
    63  
    64  ## 1. Deploy the Ingress Controller
    65  
    66  1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress controller.
    67  
    68  2. Save the public IP address of the Ingress controller into a shell variable:
    69      ```
    70      $ IC_IP=XXX.YYY.ZZZ.III
    71      ```
    72  3. Save the HTTPS port of the Ingress controller into a shell variable:
    73      ```
    74      $ IC_HTTPS_PORT=<port number>
    75      ```
    76  
    77  ## 2. Deploy the Cafe Application
    78  
    79  Create the coffee and the tea deployments and services:
    80  ```
    81  $ kubectl create -f cafe.yaml
    82  ```
    83  
    84  ## 3. Configure Load Balancing
    85  
    86  1. Create a secret with an SSL certificate and a key:
    87      ```
    88      $ kubectl create -f cafe-secret.yaml
    89      ```
    90  
    91  2. Create the Master Ingress resource:
    92      ```
    93      $ kubectl create -f cafe-master.yaml
    94      ```
    95      
    96  3. Create the Minion Ingress resource for the Coffee Service:
    97      ```
    98      $ kubectl create -f coffee-minion.yaml
    99      ```
   100  
   101  4. Create the Minion Ingress resource for the Tea Service:
   102     ```
   103      $ kubectl create -f tea-minion.yaml
   104      ```
   105  
   106  ## 4. Test the Application
   107  
   108  1. To access the application, curl the coffee and the tea services. We'll use ```curl```'s --insecure option to turn off certificate verification of our self-signed
   109  certificate and the --resolve option to set the Host header of a request with ```cafe.example.com```
   110      
   111      To get coffee:
   112      ```
   113      $ curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/coffee --insecure
   114      Server address: 10.12.0.18:80
   115      Server name: coffee-7586895968-r26zn
   116      ...
   117      ```
   118      If you prefer tea:
   119      ```
   120      $ curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea --insecure
   121      Server address: 10.12.0.19:80
   122      Server name: tea-7cd44fcb4d-xfw2x
   123      ...
   124      ```
   125      
   126  ## 5. Examine the Configuration
   127  
   128  1. Access the NGINX Pod.
   129  ```
   130  $ kubectl get pods -n nginx-ingress
   131  NAME                             READY     STATUS    RESTARTS   AGE
   132  nginx-ingress-66bc44674b-hrcx8   1/1       Running   0          4m
   133  ```
   134  
   135  2. Examine the NGINX Configuration.
   136  ```
   137  $ kubectl exec -it nginx-ingress-66bc44674b-hrcx8 -n nginx-ingress -- cat /etc/nginx/conf.d/default-cafe-ingress-master.conf
   138  
   139  upstream default-cafe-ingress-coffee-minion-cafe.example.com-coffee-svc {
   140  	server 172.17.0.5:80;
   141  	server 172.17.0.6:80;
   142  }
   143  upstream default-cafe-ingress-tea-minion-cafe.example.com-tea-svc {
   144  	server 172.17.0.7:80;
   145  	server 172.17.0.8:80;
   146  	server 172.17.0.9:80;	
   147  }
   148   # *Master*, configured in Ingress Resource: default-cafe-ingress-master
   149  server {
   150  	listen 80;
   151  	listen 443 ssl;
   152  	ssl_certificate /etc/nginx/secrets/default-cafe-secret;
   153  	ssl_certificate_key /etc/nginx/secrets/default-cafe-secret;
   154  	server_tokens on;
   155  	server_name cafe.example.com;
   156  	if ($scheme = http) {
   157  		return 301 https://$host:443$request_uri;
   158  	}
   159  	 # *Minion*, configured in Ingress Resource: default-cafe-ingress-coffee-minion
   160  	location /coffee {
   161  		proxy_http_version 1.1;
   162  		proxy_connect_timeout 60s;
   163  		proxy_read_timeout 60s;
   164  		client_max_body_size 1m;
   165  		proxy_set_header Host $host;
   166  		proxy_set_header X-Real-IP $remote_addr;
   167  		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   168  		proxy_set_header X-Forwarded-Host $host;
   169  		proxy_set_header X-Forwarded-Port $server_port;
   170  		proxy_set_header X-Forwarded-Proto $scheme;
   171  		proxy_buffering on;
   172  		proxy_pass http://default-cafe-ingress-coffee-minion-cafe.example.com-coffee-svc;	
   173  	}
   174  	 # *Minion*, configured in Ingress Resource: default-cafe-ingress-tea-minion
   175  	location /tea {
   176  		proxy_http_version 1.1;
   177  		proxy_connect_timeout 60s;
   178  		proxy_read_timeout 60s;
   179  		client_max_body_size 1m;
   180  		proxy_set_header Host $host;
   181  		proxy_set_header X-Real-IP $remote_addr;
   182  		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   183  		proxy_set_header X-Forwarded-Host $host;
   184  		proxy_set_header X-Forwarded-Port $server_port;
   185  		proxy_set_header X-Forwarded-Proto $scheme;
   186  		proxy_buffering on;
   187  		proxy_pass http://default-cafe-ingress-tea-minion-cafe.example.com-tea-svc;
   188  	}
   189  }
   190  ```