Skip to content

Instantly share code, notes, and snippets.

@bprashanth
Last active March 10, 2016 03:41
Show Gist options
  • Save bprashanth/545f00b3b5488109c727 to your computer and use it in GitHub Desktop.
Save bprashanth/545f00b3b5488109c727 to your computer and use it in GitHub Desktop.

Needs bprashanth/glbc:0.6.2

Create the static ip:

$ gcloud compute addresses create staticip --global
NAME     REGION ADDRESS       STATUS
staticip        107.some.ip RESERVED

Specify the annotation (this step assumes you have a secret called testsecret and a service called haproxy):

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: another-no-rules-map
  annotations:
    kubernetes.io/ingress.global-static-ip-name: "staticip"
spec:
  tls:
  - secretName: testsecret
  backend:
    serviceName: haproxy
    servicePort: 80

Wait till ip shows up:

$ k get ing 
NAME                   RULE      BACKEND      ADDRESS          AGE
another-no-rules-map   -         haproxy:80   107.some.ip      7m

Some caveats:

	// A note on IP management:
	// User specifies a different IP on startup:
	//	- We create a forwarding rule with the given IP.
	//		- If there's an error, we keep failing. This includes random IP,
	//		  ephemeral IP, etc.
	//	- No static ip is created or deleted by this controller.
	// User gets an allocated staticIP, but changes it:
	//  - We still delete the old static IP, but only when we tear down the
	//	  Ingress in Cleanup(). Till then the static IP stays around, but
	//    the forwarding rules get deleted/created with the new IP.
	//  - There will be a period of downtime as we flip IPs.
	// User gets an allocated ephemeralIP, but modifies Ingress with staticIP
	//  - Downtime as we flip between IPs.
	// User specifies the same static IP to 2 Ingresses:
	//  - GCE will throw a 400, and the controller will keep trying to use
	//    the IP in the hope that the user manually resolves the conflict
	//    or deletes/modifies the Ingress.
	// TODO: Handle the last case better.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment