The source code and default configuration of the Building Block is available in our code.sysEleven.de. For information on release notes and new features please follow the link: Release notes ingress-nginx
The Ingress Controller which is used by e.g. by Kubernetes for reverse proxy and load balancing capabilities.
You need to provide a storage provider for this Building Block. Proceed with the following prerequisite description to use the Velero Building Block out of the box.
A recommended resource overview is listed in the table below.
CPU / vCPU | Memory |
---|---|
1.26 | 532MiB |
No further activities need to be carried out in advance.
Add the directory syseleven-ingress-nginx
to your control repository as well as the .gitlab-ci.yml
to the directory with the following content:
include:
- project: syseleven/building-blocks/helmfiles/ingress-nginx
file: JobDevelopment.yaml
ref: 5.45.0
- project: syseleven/building-blocks/helmfiles/ingress-nginx
file: JobStaging.yaml
ref: 5.45.0
- project: syseleven/building-blocks/helmfiles/ingress-nginx
file: JobProduction.yaml
ref: 5.45.0
Remove environments you are not using by removing their include.
No configuration is required.
The following Ingress resource will create an ingress for the domain:
testdomain-cert.<customerdomain>.de
.
Due to the spec.tls section in the configuration, a certificate is generated for the domain.
The building block ingress-nginx creates a load balancer that binds an external IP address.
See kubectl get svc -n syseleven-ingess-nginx
A DNS A record pointing to the IP address of the load balancer is created for the ingress resource described here.
To make the following Ingress resource fully available, other Building Blocks besides the ingress-nginx
must be installed:
Create a namespace for the example:
kubectl create ns example-ingress
Create an http service:
kubectl apply -n example-ingress -f https://raw.githubusercontent.com/istio/istio/master/samples/httpbin/httpbin.yaml
This creates an application including a service httpbin
in the namespace example-ingress
.
The service endpoint should be available outside the cluster with its own domain name using https.
The ingress must exist in the same namespace as the Service object.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
namespace: example-ingress
annotations:
# Use ClusterIssuer: letsencrypt-production.
cert-manager.io/cluster-issuer: letsencrypt-production
labels:
# Use acme/solver: dns01defined in ClusterIssuer: letsencrypt-production.
cert-manager.io/solver: dns01
spec:
ingressClassName: nginx
rules:
- host: testdomain-cert.<customerdomain>.de
http:
paths:
- backend:
service:
name: httpbin
port:
number: 8000
pathType: ImplementationSpecific
tls:
- hosts:
- testdomain-cert.<customerdomain>.de
# Store the certificate as secret named testdomain-cert-secret in namespace: example-ingress
secretName: testdomain-cert-secret
Check the generated certificate:
kubectl describe certificate -n example-ingress testdomain-cert-secret
or
kubectl get -n example-ingress secret testdomain-cert-secret -o jsonpath='{.data.tls\.crt}'| base64 -d -| openssl x509 -dates -subject -noout
Check the generated DNS configuration:
Providing the DNS record can take a few minutes. Please check regularly with the following command:
dig @ns01.cloud.syseleven.net testdomain-cert.<customerdomain>.de
Check access to internal HTTPBIN service:
curl https://testdomain-cert.<customerdomain>.de/get
To remove the example again it is sufficient to delete the namespace.
kubectl delete ns example-ingress
The Building Block delivers a custom default backend. This default backend is used for all URLs the ingress-controller can not process (i.e., all the requests that are not mapped with an Ingress) or for requests that got a 502, 503 or 504 from the upstream backend server. This default backend delivers configurable static pages while still maintaining the original error code.
You can customize the default backend by overriding maintenancePages
in values-ingress-nginx-extension.yaml
. See the values.yaml for the default maintenance page.
Here is an example on how to configure different error pages for different error codes.
maintenancePages:
404.html: |-
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
</head>
<body>
...
</body>
</html>
418.html: |-
...
429.html: |-
...
500.html: |-
...
502.html: |-
...
503.html: |-
...
523.html: |-
...
Please find more infos on release notes and new features Release notes Ingres-Nginx