From 54704fd07c14849f5521d54f0a300797cf733deb Mon Sep 17 00:00:00 2001 From: shaun-nx Date: Fri, 1 Dec 2023 11:57:32 +0000 Subject: [PATCH 1/4] Document option for installing CRDs from a single remote yaml --- .../installation-with-manifests.md | 43 +++++++++++++++---- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/docs/content/installation/installing-nic/installation-with-manifests.md b/docs/content/installation/installing-nic/installation-with-manifests.md index 37b4b38afb..9c9d9c35a3 100644 --- a/docs/content/installation/installing-nic/installation-with-manifests.md +++ b/docs/content/installation/installing-nic/installation-with-manifests.md @@ -58,26 +58,50 @@ This guide assumes you are using the latest release. To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll need to create custom resource definitions (CRDs) for various components. Alternatively, you can disable this requirement by setting the `-enable-custom-resources` command-line argument to `false`. +{{}} + +{{%tab name="Install CRDs from single YAML"%}} + ### Core custom resource definitions -1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), and [Policy]({{< relref "configuration/policy-resource.md" >}}): +1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): ```shell - kubectl apply -f common/crds/k8s.nginx.org_virtualservers.yaml - kubectl apply -f common/crds/k8s.nginx.org_virtualserverroutes.yaml - kubectl apply -f common/crds/k8s.nginx.org_transportservers.yaml - kubectl apply -f common/crds/k8s.nginx.org_policies.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds.yaml ``` ### Optional custom resource definitions -1. (Optional) For TCP and UDP load balancing, create a cCRD for [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): +1. For the NGINX App Protect WAF module, create CRDs for `APPolicy`, `APLogConf` and `APUserSig`: + + ```shell + kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-waf.yaml + ``` + +2. For the NGINX App Protect DoS module, create CRDs for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`: + + ```shell + kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-dos.yaml + ``` + +{{%/tab%}} + +{{%tab name="Install CRDs from cloning the repo"%}} + +### Core custom resource definitions + +1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): ```shell + kubectl apply -f common/crds/k8s.nginx.org_virtualservers.yaml + kubectl apply -f common/crds/k8s.nginx.org_virtualserverroutes.yaml + kubectl apply -f common/crds/k8s.nginx.org_transportservers.yaml + kubectl apply -f common/crds/k8s.nginx.org_policies.yaml kubectl apply -f common/crds/k8s.nginx.org_globalconfigurations.yaml ``` +### Optional custom resource definitions -2. (Optional) For the NGINX App Protect WAF module, create CRDs for `APPolicy`, `APLogConf` and `APUserSig`: +1. For the NGINX App Protect WAF module, create CRDs for `APPolicy`, `APLogConf` and `APUserSig`: ```shell kubectl apply -f common/crds/appprotect.f5.com_aplogconfs.yaml @@ -85,13 +109,16 @@ To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll kubectl apply -f common/crds/appprotect.f5.com_apusersigs.yaml ``` -3. (Optional) For the NGINX App Protect DoS module, create CRDs for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`: +2. For the NGINX App Protect DoS module, create CRDs for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`: ```shell kubectl apply -f common/crds/appprotectdos.f5.com_apdoslogconfs.yaml kubectl apply -f common/crds/appprotectdos.f5.com_apdospolicy.yaml kubectl apply -f common/crds/appprotectdos.f5.com_dosprotectedresources.yaml ``` +{{%/tab%}} + +{{}} --- From dae8409d20826f6a818bfc55ac727e3529eb0ae1 Mon Sep 17 00:00:00 2001 From: shaun-nx Date: Tue, 5 Dec 2023 10:41:13 +0000 Subject: [PATCH 2/4] Update references to deployments directory and fix references to CRDs --- .../installation/create-common-resources.md | 8 +- .../installation/manifests/daemonset.md | 4 +- .../installation/manifests/deployment.md | 4 +- docs/content/includes/rbac/set-up-rbac.md | 8 +- .../installation-with-manifests.md | 85 ++++++++++++++----- 5 files changed, 74 insertions(+), 35 deletions(-) diff --git a/docs/content/includes/installation/create-common-resources.md b/docs/content/includes/installation/create-common-resources.md index 6645a3d798..b22e876303 100644 --- a/docs/content/includes/installation/create-common-resources.md +++ b/docs/content/includes/installation/create-common-resources.md @@ -8,22 +8,20 @@ In this section, you'll create resources that most NGINX Ingress Controller inst By default, the server returns a _404 Not Found_ page for all requests when no ingress rules are set up. Although we provide a self-signed certificate and key for testing purposes, we recommend using your own certificate. - To begin, make sure you're in the `kubernetes-ingress/deployment` directory, and then run: - ```shell - kubectl apply -f ../examples/shared-examples/default-server-secret/default-server-secret.yaml + kubectl apply -f examples/shared-examples/default-server-secret/default-server-secret.yaml ``` 2. Create a ConfigMap to customize your NGINX settings: ```shell - kubectl apply -f common/nginx-config.yaml + kubectl apply -f deployments/common/nginx-config.yaml ``` 3. Create an `IngressClass` resource. NGINX Ingress Controller won't start without an `IngressClass` resource. ```shell - kubectl apply -f common/ingress-class.yaml + kubectl apply -f deployments/common/ingress-class.yaml ``` If you want to make this NGINX Ingress Controller instance your cluster's default, uncomment the `ingressclass.kubernetes.io/is-default-class` annotation. This action will auto-assign `IngressClass` to new ingresses that don't specify an `ingressClassName`. diff --git a/docs/content/includes/installation/manifests/daemonset.md b/docs/content/includes/installation/manifests/daemonset.md index 050ee649b5..4fafb434b3 100644 --- a/docs/content/includes/installation/manifests/daemonset.md +++ b/docs/content/includes/installation/manifests/daemonset.md @@ -9,13 +9,13 @@ When you deploy NGINX Ingress Controller as a DaemonSet, Kubernetes creates an I - For NGINX, run: ```shell - kubectl apply -f daemon-set/nginx-ingress.yaml + kubectl apply -f deployments/daemon-set/nginx-ingress.yaml ``` - For NGINX Plus, run: ```shell - kubectl apply -f daemon-set/nginx-plus-ingress.yaml + kubectl apply -f deployments/daemon-set/nginx-plus-ingress.yaml ``` Update the `nginx-plus-ingress.yaml` file to include your chosen image from the F5 Container registry or your custom container image. diff --git a/docs/content/includes/installation/manifests/deployment.md b/docs/content/includes/installation/manifests/deployment.md index 45a110081b..9a56ab7dc5 100644 --- a/docs/content/includes/installation/manifests/deployment.md +++ b/docs/content/includes/installation/manifests/deployment.md @@ -9,13 +9,13 @@ When you deploy NGINX Ingress Controller as a Deployment, Kubernetes automatical - For NGINX, run: ```shell - kubectl apply -f deployment/nginx-ingress.yaml + kubectl apply -f deployments/deployment/nginx-ingress.yaml ``` - For NGINX Plus, run: ```shell - kubectl apply -f deployment/nginx-plus-ingress.yaml + kubectl apply -f deployments/deployment/nginx-plus-ingress.yaml ``` Update the `nginx-plus-ingress.yaml` file to include your chosen image from the F5 Container registry or your custom container image. diff --git a/docs/content/includes/rbac/set-up-rbac.md b/docs/content/includes/rbac/set-up-rbac.md index e17c768756..2a0e156ba1 100644 --- a/docs/content/includes/rbac/set-up-rbac.md +++ b/docs/content/includes/rbac/set-up-rbac.md @@ -7,13 +7,13 @@ docs: 1. Create a namespace and a service account: ```shell - kubectl apply -f common/ns-and-sa.yaml + kubectl apply -f deployments/common/ns-and-sa.yaml ``` 2. Create a cluster role and binding for the service account: ```shell - kubectl apply -f rbac/rbac.yaml + kubectl apply -f deployments/rbac/rbac.yaml ```
@@ -23,11 +23,11 @@ If you're planning to use NGINX App Protect or NGINX App Protect DoS, additional 1. (NGINX App Protect only) Create the *App Protect* role and binding: ```shell - kubectl apply -f rbac/ap-rbac.yaml + kubectl apply -f deployments/rbac/ap-rbac.yaml ``` 2. (NGINX App Protect DoS only) Create the *App Protect DoS* role and binding: ```shell - kubectl apply -f rbac/apdos-rbac.yaml + kubectl apply -f deployments/rbac/apdos-rbac.yaml ``` diff --git a/docs/content/installation/installing-nic/installation-with-manifests.md b/docs/content/installation/installing-nic/installation-with-manifests.md index 9c9d9c35a3..6360ea3fef 100644 --- a/docs/content/installation/installing-nic/installation-with-manifests.md +++ b/docs/content/installation/installing-nic/installation-with-manifests.md @@ -29,11 +29,10 @@ Choose one of the following methods to get the NGINX Ingress Controller image: ### Clone the repository -Clone the NGINX Ingress Controller repository and go to the _deployments_ folder. Replace `` with the specific release you want to use. +Clone the NGINX Ingress Controller repository using the command shown below, and replace `` with the specific release you want to use. ```shell git clone https://github.com/nginxinc/kubernetes-ingress.git --branch -cd kubernetes-ingress/deployments ``` For example, if you want to use version 3.3.2, the command would be `git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v3.3.2`. @@ -57,14 +56,17 @@ This guide assumes you are using the latest release. ## Create custom resources {#create-custom-resources} To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll need to create custom resource definitions (CRDs) for various components. Alternatively, you can disable this requirement by setting the `-enable-custom-resources` command-line argument to `false`. +There are two ways you can install the custom resource definitions: + 1. Using a URL to apply a single CRD yaml file. We recommend this approach. + 2. Applying your local copy of the CRD yaml files. This requires that you [clone the repository](clone-the-repository) -{{}} +{{}} {{%tab name="Install CRDs from single YAML"%}} ### Core custom resource definitions -1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): +1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds.yaml @@ -86,35 +88,37 @@ To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll {{%/tab%}} -{{%tab name="Install CRDs from cloning the repo"%}} +{{%tab name="Install CRDs after cloning the repo"%}} + +If you are installing the CRDs this way, ensure that you have first [cloned the repository](#clone-the-repository) ### Core custom resource definitions 1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): ```shell - kubectl apply -f common/crds/k8s.nginx.org_virtualservers.yaml - kubectl apply -f common/crds/k8s.nginx.org_virtualserverroutes.yaml - kubectl apply -f common/crds/k8s.nginx.org_transportservers.yaml - kubectl apply -f common/crds/k8s.nginx.org_policies.yaml - kubectl apply -f common/crds/k8s.nginx.org_globalconfigurations.yaml + kubectl apply -f config/crd/bases/k8s.nginx.org_virtualservers.yaml + kubectl apply -f config/crd/bases/k8s.nginx.org_virtualserverroutes.yaml + kubectl apply -f config/crd/bases/k8s.nginx.org_transportservers.yaml + kubectl apply -f config/crd/bases/k8s.nginx.org_policies.yaml + kubectl apply -f config/crd/bases/k8s.nginx.org_globalconfigurations.yaml ``` ### Optional custom resource definitions 1. For the NGINX App Protect WAF module, create CRDs for `APPolicy`, `APLogConf` and `APUserSig`: ```shell - kubectl apply -f common/crds/appprotect.f5.com_aplogconfs.yaml - kubectl apply -f common/crds/appprotect.f5.com_appolicies.yaml - kubectl apply -f common/crds/appprotect.f5.com_apusersigs.yaml + kubectl apply -f config/crd/bases/appprotect.f5.com_aplogconfs.yaml + kubectl apply -f config/crd/bases/appprotect.f5.com_appolicies.yaml + kubectl apply -f config/crd/bases/appprotect.f5.com_apusersigs.yaml ``` 2. For the NGINX App Protect DoS module, create CRDs for `APDosPolicy`, `APDosLogConf` and `DosProtectedResource`: ```shell - kubectl apply -f common/crds/appprotectdos.f5.com_apdoslogconfs.yaml - kubectl apply -f common/crds/appprotectdos.f5.com_apdospolicy.yaml - kubectl apply -f common/crds/appprotectdos.f5.com_dosprotectedresources.yaml + kubectl apply -f config/crd/bases/appprotectdos.f5.com_apdoslogconfs.yaml + kubectl apply -f config/crd/bases/appprotectdos.f5.com_apdospolicy.yaml + kubectl apply -f config/crd/bases/appprotectdos.f5.com_dosprotectedresources.yaml ``` {{%/tab%}} @@ -160,7 +164,7 @@ For more information about the _NodePort_ service, refer to the [Kubernetes doc 1. To create a service of type *NodePort*, run: ```shell - kubectl create -f service/nodeport.yaml + kubectl create -f deployments/service/nodeport.yaml ``` Kubernetes automatically allocates two ports on every node in the cluster. You can access NGINX Ingress Controller by combining any node's IP address with these ports. @@ -174,13 +178,13 @@ For more information about the _LoadBalancer_ service, refer to the [Kubernetes - GCP or Azure: ```shell - kubectl apply -f service/loadbalancer.yaml + kubectl apply -f deployments/service/loadbalancer.yaml ``` - AWS: ```shell - kubectl apply -f service/loadbalancer-aws-elb.yaml + kubectl apply -f deployments/service/loadbalancer-aws-elb.yaml ``` If you're using AWS, Kubernetes will set up a Classic Load Balancer (ELB) in TCP mode. This load balancer will have the PROXY protocol enabled to pass along the client's IP address and port. @@ -198,7 +202,7 @@ For more information about the _LoadBalancer_ service, refer to the [Kubernetes - Update the ConfigMap: ```shell - kubectl apply -f common/nginx-config.yaml + kubectl apply -f deployments/common/nginx-config.yaml ``` {{}}AWS users have more customization options for their load balancers. These include choosing the load balancer type and configuring SSL termination. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more. {{}} @@ -248,8 +252,45 @@ Connect to ports 80 and 443 using the IP address of any node in the cluster wher kubectl delete clusterrolebinding nginx-ingress ``` -3. **Delete the Custom Resource Definitions**: Be aware that this step will also erase all associated custom resources. To proceed, run: +3. **Delete the Custom Resource Definitions**: + + {{}} + + {{%tab name="Deleting CRDs from single YAML"%}} + 1. Delete core custom resource definitions: ```shell - kubectl delete -f common/crds/ + kubectl delete -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds.yaml + ``` + 2. Delete custom resource definitions for the NGINX App Protect WAF module: + + ```shell + kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-waf.yaml + ``` + + 3. Delete custom resource definitions for the NGINX App Protect DoS module: + ```shell + kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-dos.yaml ``` + {{%/tab%}} + + {{%tab name="Deleting CRDs after cloning the repo"%}} + + 1. Delete core custom resource definitions: + ```shell + kubectl delete -f config/crd/bases/crds.yaml + ``` + 2. Delete custom resource definitions for the NGINX App Protect WAF module: + + ```shell + kubectl apply -f config/crd/bases/crds-nap-waf.yaml + ``` + + 3. Delete custom resource definitions for the NGINX App Protect DoS module: + ```shell + kubectl apply -f config/crd/bases/crds-nap-dos.yaml + ``` + + {{%/tab%}} + + {{}} \ No newline at end of file From 7b75867628d4aa26f421b9b717b8e20652e6ebf5 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 10:42:24 +0000 Subject: [PATCH 3/4] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- .../installing-nic/installation-with-manifests.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/content/installation/installing-nic/installation-with-manifests.md b/docs/content/installation/installing-nic/installation-with-manifests.md index 6360ea3fef..01660d6005 100644 --- a/docs/content/installation/installing-nic/installation-with-manifests.md +++ b/docs/content/installation/installing-nic/installation-with-manifests.md @@ -90,7 +90,7 @@ There are two ways you can install the custom resource definitions: {{%tab name="Install CRDs after cloning the repo"%}} -If you are installing the CRDs this way, ensure that you have first [cloned the repository](#clone-the-repository) +If you are installing the CRDs this way, ensure that you have first [cloned the repository](#clone-the-repository) ### Core custom resource definitions @@ -255,7 +255,7 @@ Connect to ports 80 and 443 using the IP address of any node in the cluster wher 3. **Delete the Custom Resource Definitions**: {{}} - + {{%tab name="Deleting CRDs from single YAML"%}} 1. Delete core custom resource definitions: @@ -266,14 +266,14 @@ Connect to ports 80 and 443 using the IP address of any node in the cluster wher ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-waf.yaml - ``` + ``` 3. Delete custom resource definitions for the NGINX App Protect DoS module: ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds-nap-dos.yaml ``` {{%/tab%}} - + {{%tab name="Deleting CRDs after cloning the repo"%}} 1. Delete core custom resource definitions: @@ -284,7 +284,7 @@ Connect to ports 80 and 443 using the IP address of any node in the cluster wher ```shell kubectl apply -f config/crd/bases/crds-nap-waf.yaml - ``` + ``` 3. Delete custom resource definitions for the NGINX App Protect DoS module: ```shell @@ -292,5 +292,5 @@ Connect to ports 80 and 443 using the IP address of any node in the cluster wher ``` {{%/tab%}} - - {{}} \ No newline at end of file + + {{}} From d2e768f9c88628b9d4cb5ed2c10210ef67799b1d Mon Sep 17 00:00:00 2001 From: shaun-nx Date: Tue, 5 Dec 2023 16:51:00 +0000 Subject: [PATCH 4/4] Fix reference link --- .../installing-nic/installation-with-manifests.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/installation/installing-nic/installation-with-manifests.md b/docs/content/installation/installing-nic/installation-with-manifests.md index 01660d6005..ec72c4073e 100644 --- a/docs/content/installation/installing-nic/installation-with-manifests.md +++ b/docs/content/installation/installing-nic/installation-with-manifests.md @@ -58,7 +58,7 @@ This guide assumes you are using the latest release. To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll need to create custom resource definitions (CRDs) for various components. Alternatively, you can disable this requirement by setting the `-enable-custom-resources` command-line argument to `false`. There are two ways you can install the custom resource definitions: 1. Using a URL to apply a single CRD yaml file. We recommend this approach. - 2. Applying your local copy of the CRD yaml files. This requires that you [clone the repository](clone-the-repository) + 2. Applying your local copy of the CRD yaml files. This requires that you [clone the repository](#lone-the-repository). {{}} @@ -66,7 +66,7 @@ There are two ways you can install the custom resource definitions: ### Core custom resource definitions -1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): +1. Create CRDs for [VirtualServer and VirtualServerRoute]({{< relref "configuration/virtualserver-and-virtualserverroute-resources.md" >}}), [TransportServer]({{< relref "configuration/transportserver-resource.md" >}}), [Policy]({{< relref "configuration/policy-resource.md" >}}) and [GlobalConfiguration]({{< relref "configuration/global-configuration/globalconfiguration-resource.md" >}}): ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.2/deploy/crds.yaml