diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index a7bb599c92..b87d73b74a 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -15,6 +15,9 @@ on: nap_modules: required: false type: string + release-url: + required: false + type: string defaults: run: @@ -106,12 +109,7 @@ jobs: - name: NAP modules id: nap_modules run: | - modules="" - if [[ "${{ inputs.nap_modules }}" == "waf,dos" ]]; then - modules="both" - else - modules="${{ inputs.nap_modules }}" - fi + [[ "${{ inputs.nap_modules }}" == "waf,dos" ]] && modules="both" || modules="${{ inputs.nap_modules }}" echo "modules=${modules}" >> $GITHUB_OUTPUT if: ${{ inputs.nap_modules != '' }} @@ -142,6 +140,41 @@ jobs: "nginx-repo.key=${{ inputs.nap_modules != '' && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}" ${{ inputs.nap_modules != '' && contains(inputs.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }} + - name: AWS variables + id: aws + run: | + aws_registry=$(echo "${{ steps.meta.outputs.tags }}" | grep -oP "709825985650.dkr.ecr.us-east-1.amazonaws.com/[^[:space:]]+") + version=$(echo ${{ steps.meta.outputs.version }} | sed 's/-mktpl//') + declare -A nap_mapping=( + ["waf"]=_NAP_WAF + ["dos"]=_NAP_DOS + ["waf,dos"]=_NAP_WAF_DOS + ) + modules=${{ inputs.nap_modules }} + [[ -n $modules && ${nap_mapping[$modules]+_} ]] && nap=${nap_mapping[$modules]} + + echo "version=$version" >> $GITHUB_OUTPUT + echo "product_code=AWS${nap}_PRODUCT_CODE" >> $GITHUB_OUTPUT + echo "registry=${aws_registry}" >> $GITHUB_OUTPUT + if: startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws') + + - name: Publish to AWS Marketplace + uses: nginxinc/aws-marketplace-publish@9e9f4ae1c545da9fa6adc24b0b10ce50e0d4969c # v0.1.0 + continue-on-error: true + with: + version: ${{ steps.aws.outputs.version }} + product-id: ${{ secrets[steps.aws.outputs.product_code] }} + registry: ${{ steps.aws.outputs.registry }} + release-notes: ${{ inputs.release-url }} + description: | + Best-in-class traffic management solution for services in Amazon EKS. + This is the official implementation of NGINX Ingress Controller (based on NGINX Plus) from NGINX. + usage-instructions: | + This container requires Kubernetes and can be deployed to EKS. + Review the installation instructions https://docs.nginx.com/nginx-ingress-controller/installation/ and utilize the deployment resources available https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments + Use this image instead of building your own. + if: ${{ startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws') }} + - name: Load image for Trivy uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 with: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aa83a66328..c9101c3339 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -80,16 +80,30 @@ jobs: with: files: ./coverage.txt - release: + binaries: + name: Build Binaries runs-on: ubuntu-22.04 needs: [checks, unit-tests] - if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }} + outputs: + release-url: ${{ steps.release-notes.outputs.release-url }} steps: - name: Checkout Repository uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 0 + + - name: Setup Golang Environment + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: go.mod + + - name: Download Syft + uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3 + if: startsWith(github.ref, 'refs/tags/') - name: Create/Update Draft - uses: lucacome/draft-release@b79be3ff634f771230b2b6ee9f47308c5793671a # v0.2.0 + uses: lucacome/draft-release@d13ccde6350706e32f451566ee5cd4bf5a27de3d # v0.2.1 + id: release-notes with: minor-label: "enhancement" major-label: "change" @@ -108,25 +122,7 @@ jobs: - Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/examples - Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/deployments/helm-chart - Operator -- https://github.com/nginxinc/nginx-ingress-operator/ - - binaries: - name: Build Binaries - runs-on: ubuntu-22.04 - needs: [checks, unit-tests] - steps: - - name: Checkout Repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - fetch-depth: 0 - - - name: Setup Golang Environment - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: go.mod - - - name: Download Syft - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3 - if: startsWith(github.ref, 'refs/tags/') + if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }} - name: Build binaries uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 @@ -323,7 +319,7 @@ jobs: build-docker-plus: name: Build Docker Plus - needs: build-docker + needs: [binaries, build-docker] strategy: fail-fast: false matrix: @@ -339,6 +335,7 @@ jobs: platforms: ${{ matrix.platforms }} image: ${{ matrix.image }} target: ${{ matrix.target }} + release-url: ${{ needs.binaries.outputs.release-url }} secrets: inherit build-docker-nap: diff --git a/docs/content/tutorials/nginx-ingress-linkerd.md b/docs/content/tutorials/nginx-ingress-linkerd.md new file mode 100644 index 0000000000..787d460de9 --- /dev/null +++ b/docs/content/tutorials/nginx-ingress-linkerd.md @@ -0,0 +1,155 @@ +--- +title: NGINX Ingress Controller and Linkerd +description: | + Using Linkerd with the F5 NGINX Ingress Controller. +weight: 1800 +doctypes: ["concept"] +toc: true +--- + +## Overview + +This document explains how to integrate NGINX Ingress Controller with Linkerd using Linkerd's sidecar proxy. Linkerd works with both NGINX Ingress Controller open source and NGINX Ingress Controller using NGINX Plus. + +--- + +## Before you Begin + +There are two methods provided in this tutorial: + +* Adding Linkerd to a new NGINX Ingress Controller Installation +* Adding Linkerd to an Existing NGINX Ingress Controller Installation + +If you are adding Linkerd to an existing installation, these are the requirements: + +* A working NGINX Ingress Controller instance. +* A working [Linkerd installation](https://linkerd.io/2.13/getting-started/). + +--- + +## Integrating Linkerd + +Linkerd integrates with NGINX Ingress Controller using its control plane utility through injection. + +You can do this through the use of NGINX Ingress Controller's custom resource definitions (CRDs) in a Kubernetes Manifest, or Helm. + +--- + +### During Installation +**Using Manifests** + +When installing NGINX Ingress Controller, you can [create a custom resource](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#3-create-custom-resources) for Linkerd. + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + annotations: + linkerd.io/inject: enabled + labels: + app: nginx-ingress + app.kubernetes.io/name: nginx-ingress +``` + +**Using Helm** + +Add the following annotation to your Helm deployment: + +```yaml +controller: + pod: + ## The annotations of the Ingress Controller pod. + annotations: { linkerd.io/inject: enabled } +``` + +This annotation will instruct `helm` to tell `Linkerd` to automatically inject its sidecar during the installation of NGINX Ingress Controller. + +--- + +### With an Existing Installation +To integrate Linkerd with an existing NGINX Ingress Controller installation, you will need to inject the `Linkerd` sidecar, using its `linkerd` control plane utility. + +**Using Manifests** + +If you want to inject into an existing Manifest-based installation, you can run the following: + +```bash +kubectl get deployment -n nginx-ingress nginx-ingress -o yaml | linkerd inject - | kubectl apply -f - +``` + +**Using Helm** +If you want to inject into an existing `Helm` installation, you can run the following: + +```bash +kubectl get deployment -n -o yaml | linkerd inject - | kubectl apply -f - +``` +In this example, the `helm` release named `kic01-nginx-ingress-controller` is injected into the `nginx-ingress` namespace: + +```bash +kubectl get deploy -n nginx-ingress kic01-nginx-ingress-controller -o yaml | linkerd inject - | kubectl apply -f - +``` + +## Testing the Integration + +Once NGINX Ingress Controller has been integrated with Linkerd, we can check the number of pods to confirm that the sidecar has successfully injected. + +```bash +kubectl get pods -n nginx-ingress + +NAME READY STATUS RESTARTS AGE +kic01-nginx-ingress-controller-5f8c9b586d-ng4r8 2/2 Running 0 30m +``` + +In the above example, `2/2` displays the number of pods, and confirms the `Linkerd` sidecar has successfully injected into NGINX Ingress Controller. + +For additional testing, we can install an example application. In this case, we'll use the `httpbin` image. + +```bash +kubectl create ns httpbin +curl -sL https://raw.githubusercontent.com/openservicemesh/osm-docs/release-v1.2/manifests/samples/httpbin/httpbin.yaml +kubectl apply -f httpbin.yaml +``` + +Once `httpbin` has been created and applied, we can inject it into an existing deployment with the following command: + +```bash +kubectl get deployment -n httpbin httpbin -o yaml | linkerd inject - | kubectl apply -f - +``` + +Like the main installation, you can check the number of pods to confirm that the application has been successfully injected using the `linkerd` sidecar: + +```bash +kubectl get pods -n httpbin +NAME READY STATUS RESTARTS AGE +httpbin-66df5bfbc9-ffhdp 2/2 Running 0 67s +``` + +We can now start sending traffic to NGINX Ingress Controller, to verify that `Linkerd` is handling the sidecar traffic connections. + +```bash +curl -k https://httpbin.example.com -I + +HTTP/1.1 200 OK +Server: nginx/1.23.4 +Date: Sat, 20 May 2023 00:08:31 GMT +Content-Type: text/html; charset=utf-8 +Content-Length: 9593 +Connection: keep-alive +access-control-allow-credentials: true +access-control-allow-origin: * +``` + +You can additionally view the status of NGINX Ingress Controller and Linkerd by using the Viz dashboard provided by Linkerd. + +```bash +linkerd viz dashboard +``` diff --git a/docs/go.mod b/docs/go.mod index a21c7f7de5..1fc325947c 100644 --- a/docs/go.mod +++ b/docs/go.mod @@ -2,4 +2,4 @@ module github.com/nginxinc/kubernetes-ingress/docs go 1.19 -require github.com/nginxinc/nginx-hugo-theme v0.32.0 +require github.com/nginxinc/nginx-hugo-theme v0.33.0 diff --git a/tests/requirements.txt b/tests/requirements.txt index d6afd622d9..347cb0d9b9 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -200,9 +200,9 @@ flaky==3.7.0 \ forcediphttpsadapter==1.0.2 \ --hash=sha256:f7582b34aaa6ab6b17f69ab1abbfe67097b952ed0682b758b5e01e18fe24433e # via -r requirements.txt -google-auth==2.20.0 \ - --hash=sha256:030af34138909ccde0fbce611afc178f1d65d32fbff281f25738b1fe1c6f3eaa \ - --hash=sha256:23b7b0950fcda519bfb6692bf0d5289d2ea49fc143717cc7188458ec620e63fa +google-auth==2.21.0 \ + --hash=sha256:b28e8048e57727e7cf0e5bd8e7276b212aef476654a09511354aa82753b45c66 \ + --hash=sha256:da3f18d074fa0f5a7061d99b9af8cee3aa6189c987af7c1b07d94566b6b11268 # via # -r requirements.txt # kubernetes