├── deploy.sh
├── remove.sh
├── cluster-admin.yml
├── nginx-ingress-controller-service.yml
├── README.md
├── nginx-ingress-controller.yml
├── default-backend.yml
└── nginx-ingress-controller-rbac.yml


/deploy.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | kubectl create -f default-backend.yml
3 | kubectl create -f nginx-ingress-controller-rbac.yml
4 | kubectl create -f nginx-ingress-controller.yml
5 | kubectl create -f nginx-ingress-controller-service.yml
6 | 
7 | 


--------------------------------------------------------------------------------
/remove.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | kubectl delete -f default-backend.yml
3 | kubectl delete -f nginx-ingress-controller-rbac.yml
4 | kubectl delete -f nginx-ingress-controller.yml
5 | kubectl delete -f nginx-ingress-controller-service.yml
6 | 
7 | 


--------------------------------------------------------------------------------
/cluster-admin.yml:
--------------------------------------------------------------------------------
 1 | kind: ClusterRoleBinding
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | metadata:
 4 |   name: cluster-admins
 5 | subjects:
 6 | - kind: User
 7 |   name: <YOURUSER>
 8 | roleRef:
 9 |   kind: ClusterRole
10 |   name: cluster-admin
11 |   apiGroup: ""
12 | 


--------------------------------------------------------------------------------
/nginx-ingress-controller-service.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: nginx-ingress
 5 |   namespace: default
 6 | spec:
 7 |   type: LoadBalancer
 8 |   ports:
 9 |   ports:
10 |   - name: http
11 |     port: 80
12 |     targetPort: http
13 |   - name: https
14 |     port: 443
15 |     targetPort: https
16 |   selector:
17 |     k8s-app: nginx-ingress-lb
18 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Overview
 2 | 
 3 | This is the [NGINX Ingress Controller](https://github.com/kubernetes/ingress-nginx) for use with GKE.
 4 | 
 5 | # Requirement - Cluster Admin
 6 | 
 7 | Before applying the RBAC, edit the `cluster-admin.yml` file and edit it to add your user:
 8 | 
 9 | ```
10 | kind: ClusterRoleBinding
11 | apiVersion: rbac.authorization.k8s.io/v1
12 | metadata:
13 |   name: cluster-admins
14 | subjects:
15 | - kind: User
16 |   name: <YOUR-GCLOUD-USER>
17 | roleRef:
18 |   kind: ClusterRole
19 |   name: cluster-admin
20 |   apiGroup: ""
21 | ```
22 | 
23 | Now apply the setting:
24 | 
25 | ```
26 | kubectl create -f cluster-admin.yml
27 | ```
28 | 
29 | # Deployment
30 | 
31 | - Deploy the default backend and Nginx Ingress Controller RBAC/deployment/loadbalancer:
32 | 
33 | ```
34 | ./deploy.sh
35 | ```
36 | 
37 | (which basically runs...)
38 | 
39 | ```
40 | kubectl create -f default-backend.yml
41 | kubectl create -f nginx-ingress-controller-rbac.yml
42 | kubectl create -f nginx-ingress-controller.yml
43 | kubectl create -f nginx-ingress-controller-service.yml
44 | ```
45 | 
46 | # Uninstall
47 | 
48 | - To uninstall/remove:
49 | 
50 | ```
51 | ./remove.sh
52 | ```
53 | 


--------------------------------------------------------------------------------
/nginx-ingress-controller.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: nginx-ingress-controller
 5 |   namespace: default
 6 | spec:
 7 |   replicas: 2
 8 |   selector:
 9 |     matchLabels:
10 |         k8s-app: nginx-ingress-lb
11 |   template:
12 |     metadata:
13 |       annotations:
14 |         prometheus.io/scrape: 'true'
15 |         prometheus.io/port: '10254'
16 |       labels:
17 |         k8s-app: nginx-ingress-lb
18 |     spec:
19 |       serviceAccountName: nginx-ingress-serviceaccount
20 |       containers:
21 |         - name: nginx-ingress-controller
22 |           image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
23 |           args:
24 |              - /nginx-ingress-controller
25 |              - --default-backend-service=default/default-http-backend
26 |              - --default-ssl-certificate=$(POD_NAMESPACE)/tls-certificate
27 |           env:
28 |              - name: POD_NAME
29 |                valueFrom:
30 |                  fieldRef:
31 |                    fieldPath: metadata.name
32 |              - name: POD_NAMESPACE
33 |                valueFrom:
34 |                  fieldRef:
35 |                    fieldPath: metadata.namespace
36 |           ports:
37 |           - name: http
38 |             containerPort: 80
39 |           - name: https
40 |             containerPort: 443
41 | 


--------------------------------------------------------------------------------
/default-backend.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: default-http-backend
 5 |   labels:
 6 |     k8s-app: default-http-backend
 7 |   namespace: default
 8 | spec:
 9 |   replicas: 1
10 |   template:
11 |     metadata:
12 |       labels:
13 |         k8s-app: default-http-backend
14 |     spec:
15 |       terminationGracePeriodSeconds: 60
16 |       containers:
17 |       - name: default-http-backend
18 |         # Any image is permissable as long as:
19 |         # 1. It serves a 404 page at /
20 |         # 2. It serves 200 on a /healthz endpoint
21 |         image: gcr.io/google_containers/defaultbackend:1.0
22 |         livenessProbe:
23 |           httpGet:
24 |             path: /healthz
25 |             port: 8080
26 |             scheme: HTTP
27 |           initialDelaySeconds: 30
28 |           timeoutSeconds: 5
29 |         ports:
30 |         - containerPort: 8080
31 |         resources:
32 |           limits:
33 |             cpu: 10m
34 |             memory: 20Mi
35 |           requests:
36 |             cpu: 10m
37 |             memory: 20Mi
38 | ---
39 | apiVersion: v1
40 | kind: Service
41 | metadata:
42 |   name: default-http-backend
43 |   namespace: default
44 |   labels:
45 |     k8s-app: default-http-backend
46 | spec:
47 |   ports:
48 |   - port: 80
49 |     targetPort: 8080
50 |   selector:
51 |     k8s-app: default-http-backend
52 | 


--------------------------------------------------------------------------------
/nginx-ingress-controller-rbac.yml:
--------------------------------------------------------------------------------
  1 | apiVersion: v1
  2 | kind: ServiceAccount
  3 | metadata:
  4 |   name: nginx-ingress-serviceaccount
  5 |   namespace: default
  6 | ---
  7 | apiVersion: rbac.authorization.k8s.io/v1beta1
  8 | kind: ClusterRole
  9 | metadata:
 10 |   name: nginx-ingress-clusterrole
 11 | rules:
 12 |   - apiGroups:
 13 |       - ""
 14 |     resources:
 15 |       - configmaps
 16 |       - endpoints
 17 |       - nodes
 18 |       - pods
 19 |       - secrets
 20 |     verbs:
 21 |       - list
 22 |       - watch
 23 |   - apiGroups:
 24 |       - ""
 25 |     resources:
 26 |       - nodes
 27 |     verbs:
 28 |       - get
 29 |   - apiGroups:
 30 |       - ""
 31 |     resources:
 32 |       - services
 33 |     verbs:
 34 |       - get
 35 |       - list
 36 |       - watch
 37 |   - apiGroups:
 38 |       - "extensions"
 39 |     resources:
 40 |       - ingresses
 41 |     verbs:
 42 |       - get
 43 |       - list
 44 |       - watch
 45 |   - apiGroups:
 46 |       - ""
 47 |     resources:
 48 |         - events
 49 |     verbs:
 50 |         - create
 51 |         - patch
 52 |   - apiGroups:
 53 |       - "extensions"
 54 |     resources:
 55 |       - ingresses/status
 56 |     verbs:
 57 |       - update
 58 | ---
 59 | apiVersion: rbac.authorization.k8s.io/v1beta1
 60 | kind: Role
 61 | metadata:
 62 |   name: nginx-ingress-role
 63 |   namespace: default
 64 | rules:
 65 |   - apiGroups:
 66 |       - ""
 67 |     resources:
 68 |       - configmaps
 69 |       - pods
 70 |       - secrets
 71 |       - namespaces
 72 |     verbs:
 73 |       - get
 74 |   - apiGroups:
 75 |       - ""
 76 |     resources:
 77 |       - configmaps
 78 |     resourceNames:
 79 |       # Defaults to "<election-id>-<ingress-class>"
 80 |       # Here: "<ingress-controller-leader>-<nginx>"
 81 |       # This has to be adapted if you change either parameter
 82 |       # when launching the nginx-ingress-controller.
 83 |       - "ingress-controller-leader-nginx"
 84 |     verbs:
 85 |       - get
 86 |       - update
 87 |   - apiGroups:
 88 |       - ""
 89 |     resources:
 90 |       - configmaps
 91 |     verbs:
 92 |       - create
 93 |   - apiGroups:
 94 |       - ""
 95 |     resources:
 96 |       - endpoints
 97 |     verbs:
 98 |       - get
 99 |       - create
100 |       - update
101 | ---
102 | apiVersion: rbac.authorization.k8s.io/v1beta1
103 | kind: RoleBinding
104 | metadata:
105 |   name: nginx-ingress-role-nisa-binding
106 |   namespace: default
107 | roleRef:
108 |   apiGroup: rbac.authorization.k8s.io
109 |   kind: Role
110 |   name: nginx-ingress-role
111 | subjects:
112 |   - kind: ServiceAccount
113 |     name: nginx-ingress-serviceaccount
114 |     namespace: default
115 | ---
116 | apiVersion: rbac.authorization.k8s.io/v1beta1
117 | kind: ClusterRoleBinding
118 | metadata:
119 |   name: nginx-ingress-clusterrole-nisa-binding
120 | roleRef:
121 |   apiGroup: rbac.authorization.k8s.io
122 |   kind: ClusterRole
123 |   name: nginx-ingress-clusterrole
124 | subjects:
125 |   - kind: ServiceAccount
126 |     name: nginx-ingress-serviceaccount
127 |     namespace: default
128 | 


--------------------------------------------------------------------------------