Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
9bea6de8
Commit
9bea6de8
authored
Dec 15, 2018
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Miscellaneous doc polish.
parent
2ba7229b
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
53 additions
and
18 deletions
+53
-18
README.md
README.md
+8
-5
README.md
container/README.md
+7
-1
README.md
deploy/README.md
+35
-12
self-sharding.md
docs/self-sharding.md
+3
-0
No files found.
README.md
View file @
9bea6de8
...
@@ -15,10 +15,9 @@ version 6.1.1.
...
@@ -15,10 +15,9 @@ version 6.1.1.
## WORK IN PROGRESS
## WORK IN PROGRESS
The Ingress controller implementation is presently under development
The Ingress controller implementation is presently in development and
as a minimum viable product (MVP) and is undergoing initial testing. It is
is undergoing initial testing. It is currently subject to a number of
currently subject to a number of limitations, expected to be removed over
limitations, expected to be removed over time, including:
time, including:
*
No support for TLS connections
*
No support for TLS connections
*
The controller only attends to definitions (Ingresses, Services and
*
The controller only attends to definitions (Ingresses, Services and
...
@@ -26,9 +25,13 @@ time, including:
...
@@ -26,9 +25,13 @@ time, including:
*
Only one Ingress definition is valid at a time. If more than one definition
*
Only one Ingress definition is valid at a time. If more than one definition
is added to the namespace, then the most recent definition becomes valid.
is added to the namespace, then the most recent definition becomes valid.
*
A variety of elements in the implementation are hard-wired, as
*
A variety of elements in the implementation are hard-wired, as
detailed in the documentation
,
These are expected to become configurable
detailed in the documentation
.
These are expected to become configurable
in further development.
in further development.
Other features are subject to change on short notice. Testing and
feedback are nevertheless welcome, and very valuable at this early
stage.
# Installation
# Installation
Varnish for the purposes of Ingress and the controller that manages it
Varnish for the purposes of Ingress and the controller that manages it
...
...
container/README.md
View file @
9bea6de8
...
@@ -22,8 +22,14 @@ If you are testing with ``minikube``, set the environment variable
...
@@ -22,8 +22,14 @@ If you are testing with ``minikube``, set the environment variable
``MINIKUBE=1``
before running
``make container``
, so that the
``MINIKUBE=1``
before running
``make container``
, so that the
container will be available to the local k8s cluster:
container will be available to the local k8s cluster:
```
```
$
MINIKUBE=1 make
container
$
make MINIKUBE=1
container
```
```
Use
``DOCKER_BUILD_OPTIONS``
to alter the
``docker build``
command:
```
# Re-build the controller image without using the cache
$ make DOCKER_BUILD_OPTIONS=--no-cache controller
```
Both images must be pushed to a repository available to the k8s
Both images must be pushed to a repository available to the k8s
cluster.
cluster.
...
...
deploy/README.md
View file @
9bea6de8
# Deploying an Ingress
# Deploying an Ingress
There is a variety of ways to deploy an Ingress in a Kubernetes
Deployment of the Varnish Ingress in a Kubernetes cluster must fulfill
cluster. The YAML configurations in this folder prepare a simple
some requirements, while in some respects you can make choices
method of deployment, suitable for testing and editing according to
suitable to your requirements. The YAML configurations in this folder
your needs.
prepare a method of deployment, suitable for testing and editing as
needed.
## Namespace and ServiceAccount
## Namespace and ServiceAccount
...
@@ -47,6 +48,11 @@ $ kubectl apply -f adm-secret.yaml
...
@@ -47,6 +48,11 @@ $ kubectl apply -f adm-secret.yaml
# the Secret:
# the Secret:
$ head -c32 /dev/urandom | base64
$ head -c32 /dev/urandom | base64
```
```
**IMPORTANT**
: Please do
*not*
copy the secret data from the sample
manifest in your deployment; create a new secret, for example using
the command shown above. The purpose of authorization is defeated if
everyone uses the same secret from an example.
**TO DO**
: The
``metadata.name``
field of the Secret is currently
**TO DO**
: The
``metadata.name``
field of the Secret is currently
hard-wired to the value
``adm-secret``
, and the key for the Secret (in
hard-wired to the value
``adm-secret``
, and the key for the Secret (in
the
``data``
field) is hard-wired to
``admin``
. The Secret must be
the
``data``
field) is hard-wired to
``admin``
. The Secret must be
...
@@ -74,13 +80,16 @@ properly:
...
@@ -74,13 +80,16 @@ properly:
*
``spec.template``
must specify a
``label``
with a value that is
*
``spec.template``
must specify a
``label``
with a value that is
matched by the Varnish admin Service described below. In this
matched by the Varnish admin Service described below. In this
example:
example:
```
```
template:
template:
metadata:
metadata:
labels:
labels:
app: varnish-ingress
app: varnish-ingress
```
```
*
The HTTP, readiness and admin ports must be specified:
*
The HTTP, readiness and admin ports must be specified:
```
```
ports:
ports:
- name: http
- name: http
...
@@ -90,16 +99,19 @@ properly:
...
@@ -90,16 +99,19 @@ properly:
- name: admport
- name: admport
containerPort: 6081
containerPort: 6081
```
```
**TO DO**
: The ports are currently hard-wired to these port numbers.
A port for TLS access is currently not supported.
**TO DO**
: The ports are currently hard-wired to these port numbers.
A port for TLS access is currently not supported.
*
``volumeMounts``
and
``volumes``
must be specified so that the
*
``volumeMounts``
and
``volumes``
must be specified so that the
Secret defined above is available to Varnish:
Secret defined above is available to Varnish:
```
```
volumeMounts:
volumeMounts:
- name: adm-secret
- name: adm-secret
mountPath: "/var/run/varnish"
mountPath: "/var/run/varnish"
readOnly: true
readOnly: true
```
```
```
```
volumes:
volumes:
- name: adm-secret
- name: adm-secret
...
@@ -109,15 +121,17 @@ A port for TLS access is currently not supported.
...
@@ -109,15 +121,17 @@ A port for TLS access is currently not supported.
- key: admin
- key: admin
path: _.secret
path: _.secret
```
```
**TO DO**
: The
``mountPath``
is currently hard-wired to
**TO DO**
: The
``mountPath``
is currently hard-wired to
``/var/run/varnish``
. The
``secretName``
is hard-wired to
``/var/run/varnish``
. The
``secretName``
is hard-wired to
``adm-secret``
, the
``key``
to
``admin``
, and
``path``
to
``adm-secret``
, the
``key``
to
``admin``
, and
``path``
to
``_.secret``
.
``_.secret``
.
*
The liveness check should determine if the Varnish master process is
*
The liveness check should determine if the Varnish master process is
running. Since Varnish is started in the foreground as the entry
running. Since Varnish is started in the foreground as the entry
point of the container, the container is live if it is running at
point of the container, the container is live if it is running at
all. This check verifies that a
``varnishd``
process with parent PID
all. This check verifies that a
``varnishd``
process with parent PID
0 is found in the process table:
0 is found in the process table:
```
```
livenessProbe:
livenessProbe:
exec:
exec:
...
@@ -127,14 +141,17 @@ A port for TLS access is currently not supported.
...
@@ -127,14 +141,17 @@ A port for TLS access is currently not supported.
- "0"
- "0"
- varnishd
- varnishd
```
```
*
The readiness check is an HTTP probe at the reserved listener (named
*
The readiness check is an HTTP probe at the reserved listener (named
``k8sport``
above) for the URL path
``/ready``
:
``k8sport``
above) for the URL path
``/ready``
:
```
```
readinessProbe:
readinessProbe:
httpGet:
httpGet:
path: /ready
path: /ready
port: k8sport
port: k8sport
```
```
The port name must match the name given for port 8080 above.
The port name must match the name given for port 8080 above.
### varnishd options
### varnishd options
...
@@ -197,7 +214,7 @@ Among these restrictions are:
...
@@ -197,7 +214,7 @@ Among these restrictions are:
With a Deployment, you may choose a resource such as a LoadBalancer or
With a Deployment, you may choose a resource such as a LoadBalancer or
Nodeport to create external access to Varnish's HTTP port. The present
Nodeport to create external access to Varnish's HTTP port. The present
example creates a Nodeport, which is simple for development and
example creates a Nodeport, which is simple for development and
testing
(a LoadBalancer is more likely in production deployments)
:
testing:
```
```
$ kubectl apply -f nodeport.yaml
$ kubectl apply -f nodeport.yaml
```
```
...
@@ -220,22 +237,27 @@ The Service definition must fulfill some requirements:
...
@@ -220,22 +237,27 @@ The Service definition must fulfill some requirements:
Endpoints to be listed when the container is not ready (since
Endpoints to be listed when the container is not ready (since
the Varnish instances are initialized in the not ready state).
the Varnish instances are initialized in the not ready state).
The means for doing so has changed in different versions of
The means for doing so has changed in different versions of
Kubernetes. In versions up 1.9, this annotation must be used:
Kubernetes. In versions up to 1.9, this annotation must be used:
```
```
annotations:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
```
```
Since 1.9, the annotation is deprecated, and this field in
``spec``
Since 1.9, the annotation is deprecated, and this field in
``spec``
should be specified instead:
should be specified instead:
```
```
spec:
spec:
publishNotReadyAddresses: true
publishNotReadyAddresses: true
```
```
In recent versions, both specifications are permitted in the YAML,
In recent versions, both specifications are permitted in the YAML,
as in example YAML (the annotation is deprecated, but is not yet an
as in example YAML (the annotation is deprecated, but is not yet an
error).
error).
*
The
``selector``
must match the
``label``
given for the Varnish
*
The
``selector``
must match the
``label``
given for the Varnish
deployment, as discussed above. In the present example:
deployment, as discussed above. In the present example:
```
```
selector:
selector:
app: varnish-ingress
app: varnish-ingress
...
@@ -257,6 +279,7 @@ The requirements are:
...
@@ -257,6 +279,7 @@ The requirements are:
*
The
``image``
must be
``varnish-ingress/controller``
.
*
The
``image``
must be
``varnish-ingress/controller``
.
*
``spec.template.spec``
must specify the
``POD_NAMESPACE``
*
``spec.template.spec``
must specify the
``POD_NAMESPACE``
environment variable:
environment variable:
```
```
env:
env:
- name: POD_NAMESPACE
- name: POD_NAMESPACE
...
...
docs/self-sharding.md
View file @
9bea6de8
...
@@ -155,6 +155,9 @@ defined for an Ingress, or if it has any other value, then sharding is
...
@@ -155,6 +155,9 @@ defined for an Ingress, or if it has any other value, then sharding is
not configured, and all other
``self-sharding-*``
annotations are
not configured, and all other
``self-sharding-*``
annotations are
ignored.
ignored.
The
``self-sharding-*``
parameters are all optional; default values
hold if they are left out of the configuration.
These parameters configure the corresponding values for the
These parameters configure the corresponding values for the
[
health probes
](
https://varnish-cache.org/docs/6.1/reference/vcl.html#probes
)
[
health probes
](
https://varnish-cache.org/docs/6.1/reference/vcl.html#probes
)
that instances in the cluster use to check one another's health:
that instances in the cluster use to check one another's health:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment