aledbf/ingress-idea.md Secret

## ingress-idea.md

      
    Raw
  

              ingress-idea.md
            
          
    Custom nginx Ingress controller similar to nginx-alpha but with a custom configuration.

enable ThirdPartyResources in apiserver

--runtime-config=extensions/v1beta1/thirdpartyresources=true

create a new resource

metadata:
  name: nginx-ingress-load-balancer.k8s.io
apiVersion: extensions/v1beta1
kind: ThirdPartyResource
description: "nginx custom configuration"
versions:
- name: stable/v1


Create a configuration

curl -X POST http://172.17.4.99:8080/apis/k8s.io/stable/v1/namespaces/default/nginxingressloadbalancers/ -d @lb.json
this is an JSON object. The idea to not show a valid json is to show the default values.
the idea is to load the defaults and merge that with the configured values
{
  "metadata": {
    "name": "DefaultNginxIngressLoadBalancer"   -> it allows multiple configurations
                                                for different envs (pin a lb to one 
                                                node for dev/next and other for "prod")
  },
  "apiVersion": "k8s.io/stable/v1",
  "kind": "NginxIngressLoadBalancer",
  [
    affinityArg               false                  [false,hash,ip]
    bodySize                  1m
    defaultTimeout            1300
    enforceHTTPS              false
    enforceWhitelist          ""                     [ip addressess] 
    errorLogLevel             info
    htsEnabled                true
    htsIncludeSubDomains      true
    htsMaxAge                 360000000
    keepalive                 75
    maxWorkerConnections      768
    proxyRealIpCidr           10.0.0.0/8
    secrets                   "" -> secrets to mount containing ssl cert and key
    serverNameHashMaxSize     512
    serverNameHashBucketSize  64
    sslBufferSize             4k
    sslDhparam                file
    sslProtocols              TLSv1 TLSv1.1 TLSv1.2
    sslSessionCache           true
    sslSessionTickets         on
    sslSessionTimeout         10m
    useProxyProtocol          false
    useFirewall               false
    useGzip                   true                    [true,false]
  ]
}


create ingress rules


create nginx ingress lb


add annotation to ^^ to associate the "configuration"


nginxIngressLoadBalancer.k8s.io:"DefaultNginxIngressLoadBalancer"

the nginx controller wil read the annotation, reload and use new configuration. It must be possible to update/change the configuration without manual intervention in the pod
References:

https://github.com/kubernetes/kubernetes/blob/master/docs/design/extending-api.md
https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/ingress.md
https://github.com/kubernetes/contrib/tree/master/Ingress/controllers

Next:

dynamic ssl using lua https://litespeed.io/dynamic-tls-certificates-with-openresty-and-ssl_certificate_by_lua/
1 upstream http://openresty.org/#DynamicRoutingBasedOnRedis
https://github.com/exoplay/waco-kid
https://github.com/openresty/lua-nginx-module/blob/balancer-by-lua/t/133-balancer.t