Skip to content

Commit

Permalink
Document option for installing CRDs from a single remote yaml (#4730)
Browse files Browse the repository at this point in the history
  • Loading branch information
shaun-nx authored Dec 6, 2023
1 parent 37897fc commit 4c1eef7
Show file tree
Hide file tree
Showing 5 changed files with 102 additions and 36 deletions.
8 changes: 3 additions & 5 deletions docs/content/includes/installation/create-common-resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,20 @@ In this section, you'll create resources that most NGINX Ingress Controller inst

By default, the server returns a _404 Not Found_ page for all requests when no ingress rules are set up. Although we provide a self-signed certificate and key for testing purposes, we recommend using your own certificate.

To begin, make sure you're in the `kubernetes-ingress/deployment` directory, and then run:

```shell
kubectl apply -f ../examples/shared-examples/default-server-secret/default-server-secret.yaml
kubectl apply -f examples/shared-examples/default-server-secret/default-server-secret.yaml
```

2. Create a ConfigMap to customize your NGINX settings:

```shell
kubectl apply -f common/nginx-config.yaml
kubectl apply -f deployments/common/nginx-config.yaml
```

3. Create an `IngressClass` resource. NGINX Ingress Controller won't start without an `IngressClass` resource.
```shell
kubectl apply -f common/ingress-class.yaml
kubectl apply -f deployments/common/ingress-class.yaml
```
If you want to make this NGINX Ingress Controller instance your cluster's default, uncomment the `ingressclass.kubernetes.io/is-default-class` annotation. This action will auto-assign `IngressClass` to new ingresses that don't specify an `ingressClassName`.
4 changes: 2 additions & 2 deletions docs/content/includes/installation/manifests/daemonset.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ When you deploy NGINX Ingress Controller as a DaemonSet, Kubernetes creates an I
- For NGINX, run:

```shell
kubectl apply -f daemon-set/nginx-ingress.yaml
kubectl apply -f deployments/daemon-set/nginx-ingress.yaml
```

- For NGINX Plus, run:

```shell
kubectl apply -f daemon-set/nginx-plus-ingress.yaml
kubectl apply -f deployments/daemon-set/nginx-plus-ingress.yaml
```

Update the `nginx-plus-ingress.yaml` file to include your chosen image from the F5 Container registry or your custom container image.
4 changes: 2 additions & 2 deletions docs/content/includes/installation/manifests/deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ When you deploy NGINX Ingress Controller as a Deployment, Kubernetes automatical
- For NGINX, run:

```shell
kubectl apply -f deployment/nginx-ingress.yaml
kubectl apply -f deployments/deployment/nginx-ingress.yaml
```

- For NGINX Plus, run:

```shell
kubectl apply -f deployment/nginx-plus-ingress.yaml
kubectl apply -f deployments/deployment/nginx-plus-ingress.yaml
```

Update the `nginx-plus-ingress.yaml` file to include your chosen image from the F5 Container registry or your custom container image.
8 changes: 4 additions & 4 deletions docs/content/includes/rbac/set-up-rbac.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@ docs:
1. Create a namespace and a service account:

```shell
kubectl apply -f common/ns-and-sa.yaml
kubectl apply -f deployments/common/ns-and-sa.yaml
```

2. Create a cluster role and binding for the service account:

```shell
kubectl apply -f rbac/rbac.yaml
kubectl apply -f deployments/rbac/rbac.yaml
```

<br>
Expand All @@ -23,11 +23,11 @@ If you're planning to use NGINX App Protect or NGINX App Protect DoS, additional
1. (NGINX App Protect only) Create the *App Protect* role and binding:
```shell
kubectl apply -f rbac/ap-rbac.yaml
kubectl apply -f deployments/rbac/ap-rbac.yaml
```
2. (NGINX App Protect DoS only) Create the *App Protect DoS* role and binding:
```shell
kubectl apply -f rbac/apdos-rbac.yaml
kubectl apply -f deployments/rbac/apdos-rbac.yaml
```
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,10 @@ Choose one of the following methods to get the NGINX Ingress Controller image:

### Clone the repository

Clone the NGINX Ingress Controller repository and go to the _deployments_ folder. Replace `<version_number>` with the specific release you want to use.
Clone the NGINX Ingress Controller repository using the command shown below, and replace `<version_number>` with the specific release you want to use.

```shell
git clone https://github.com/nginxinc/kubernetes-ingress.git --branch <version_number>
cd kubernetes-ingress/deployments
```

For example, if you want to use version 3.3.2, the command would be `git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v3.3.2`.
Expand All @@ -57,41 +56,73 @@ This guide assumes you are using the latest release.
## Create custom resources {#create-custom-resources}

To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll need to create custom resource definitions (CRDs) for various components. Alternatively, you can disable this requirement by setting the `-enable-custom-resources` command-line argument to `false`.
There are two ways you can install the custom resource definitions:
1. Using a URL to apply a single CRD yaml file. We recommend this approach.
2. Applying your local copy of the CRD yaml files. This requires that you [clone the repository](#lone-the-repository).

{{<tabs name="install-crds">}}

{{%tab name="Install CRDs from single YAML"%}}

### Core custom resource definitions

1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), and [Policy]({{< relref "configuration/policy-resource.md" >}}):
1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}):

```shell
kubectl apply -f common/crds/k8s.nginx.org_virtualservers.yaml
kubectl apply -f common/crds/k8s.nginx.org_virtualserverroutes.yaml
kubectl apply -f common/crds/k8s.nginx.org_transportservers.yaml
kubectl apply -f common/crds/k8s.nginx.org_policies.yaml
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds.yaml
```

### Optional custom resource definitions

1. (Optional) For TCP and UDP load balancing, create a cCRD for [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}):
1. For the NGINX App Protect WAF module, create CRDs for `APPolicy`, `APLogConf` and `APUserSig`:

```shell
kubectl apply -f common/crds/k8s.nginx.org_globalconfigurations.yaml
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-waf.yaml
```

2. (Optional) For the NGINX App Protect WAF module, create CRDs for `APPolicy`, `APLogConf` and `APUserSig`:
2. For the NGINX App Protect DoS module, create CRDs for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`:

```shell
kubectl apply -f common/crds/appprotect.f5.com_aplogconfs.yaml
kubectl apply -f common/crds/appprotect.f5.com_appolicies.yaml
kubectl apply -f common/crds/appprotect.f5.com_apusersigs.yaml
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-dos.yaml
```

3. (Optional) For the NGINX App Protect DoS module, create CRDs for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`:
{{%/tab%}}

{{%tab name="Install CRDs after cloning the repo"%}}

If you are installing the CRDs this way, ensure that you have first [cloned the repository](#clone-the-repository)

### Core custom resource definitions

1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}):

```shell
kubectl apply -f config/crd/bases/k8s.nginx.org_virtualservers.yaml
kubectl apply -f config/crd/bases/k8s.nginx.org_virtualserverroutes.yaml
kubectl apply -f config/crd/bases/k8s.nginx.org_transportservers.yaml
kubectl apply -f config/crd/bases/k8s.nginx.org_policies.yaml
kubectl apply -f config/crd/bases/k8s.nginx.org_globalconfigurations.yaml
```
### Optional custom resource definitions

1. For the NGINX App Protect WAF module, create CRDs for `APPolicy`, `APLogConf` and `APUserSig`:

```shell
kubectl apply -f config/crd/bases/appprotect.f5.com_aplogconfs.yaml
kubectl apply -f config/crd/bases/appprotect.f5.com_appolicies.yaml
kubectl apply -f config/crd/bases/appprotect.f5.com_apusersigs.yaml
```

2. For the NGINX App Protect DoS module, create CRDs for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`:

```shell
kubectl apply -f common/crds/appprotectdos.f5.com_apdoslogconfs.yaml
kubectl apply -f common/crds/appprotectdos.f5.com_apdospolicy.yaml
kubectl apply -f common/crds/appprotectdos.f5.com_dosprotectedresources.yaml
kubectl apply -f config/crd/bases/appprotectdos.f5.com_apdoslogconfs.yaml
kubectl apply -f config/crd/bases/appprotectdos.f5.com_apdospolicy.yaml
kubectl apply -f config/crd/bases/appprotectdos.f5.com_dosprotectedresources.yaml
```
{{%/tab%}}

{{</tabs>}}

---

Expand Down Expand Up @@ -133,7 +164,7 @@ For more information about the _NodePort_ service, refer to the [Kubernetes doc
1. To create a service of type *NodePort*, run:

```shell
kubectl create -f service/nodeport.yaml
kubectl create -f deployments/service/nodeport.yaml
```

Kubernetes automatically allocates two ports on every node in the cluster. You can access NGINX Ingress Controller by combining any node's IP address with these ports.
Expand All @@ -147,13 +178,13 @@ For more information about the _LoadBalancer_ service, refer to the [Kubernetes
- GCP or Azure:
```shell
kubectl apply -f service/loadbalancer.yaml
kubectl apply -f deployments/service/loadbalancer.yaml
```
- AWS:
```shell
kubectl apply -f service/loadbalancer-aws-elb.yaml
kubectl apply -f deployments/service/loadbalancer-aws-elb.yaml
```
If you're using AWS, Kubernetes will set up a Classic Load Balancer (ELB) in TCP mode. This load balancer will have the PROXY protocol enabled to pass along the client's IP address and port.
Expand All @@ -171,7 +202,7 @@ For more information about the _LoadBalancer_ service, refer to the [Kubernetes
- Update the ConfigMap:
```shell
kubectl apply -f common/nginx-config.yaml
kubectl apply -f deployments/common/nginx-config.yaml
```
{{<note>}}AWS users have more customization options for their load balancers. These include choosing the load balancer type and configuring SSL termination. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more. {{</note>}}
Expand Down Expand Up @@ -221,8 +252,45 @@ Connect to ports 80 and 443 using the IP address of any node in the cluster wher
kubectl delete clusterrolebinding nginx-ingress
```
3. **Delete the Custom Resource Definitions**: Be aware that this step will also erase all associated custom resources. To proceed, run:
3. **Delete the Custom Resource Definitions**:
{{<tabs name="delete-crds">}}
{{%tab name="Deleting CRDs from single YAML"%}}
1. Delete core custom resource definitions:
```shell
kubectl delete -f common/crds/
kubectl delete -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds.yaml
```
2. Delete custom resource definitions for the NGINX App Protect WAF module:
```shell
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-waf.yaml
```
3. Delete custom resource definitions for the NGINX App Protect DoS module:
```shell
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-dos.yaml
```
{{%/tab%}}
{{%tab name="Deleting CRDs after cloning the repo"%}}
1. Delete core custom resource definitions:
```shell
kubectl delete -f config/crd/bases/crds.yaml
```
2. Delete custom resource definitions for the NGINX App Protect WAF module:
```shell
kubectl apply -f config/crd/bases/crds-nap-waf.yaml
```
3. Delete custom resource definitions for the NGINX App Protect DoS module:
```shell
kubectl apply -f config/crd/bases/crds-nap-dos.yaml
```
{{%/tab%}}
{{</tabs>}}

0 comments on commit 4c1eef7

Please sign in to comment.