diff --git a/examples/https-nginx/Dockerfile b/examples/https-nginx/Dockerfile index 6ea973bdce1..c144a7957fb 100644 --- a/examples/https-nginx/Dockerfile +++ b/examples/https-nginx/Dockerfile @@ -13,6 +13,13 @@ # limitations under the License. FROM nginx -MAINTAINER Prashanth B -COPY default.conf /etc/nginx/conf.d/default.conf -CMD ["nginx", "-g", "daemon off;"] + +MAINTAINER Mengqi Yu + +COPY index2.html /usr/share/nginx/html/index2.html +RUN chmod +r /usr/share/nginx/html/index2.html +COPY auto-reload-nginx.sh /home/auto-reload-nginx.sh +RUN chmod +x /home/auto-reload-nginx.sh + +# install inotify +RUN apt-get update && apt-get install -y inotify-tools diff --git a/examples/https-nginx/README.md b/examples/https-nginx/README.md index b9bd835f45b..7dbd744e39f 100644 --- a/examples/https-nginx/README.md +++ b/examples/https-nginx/README.md @@ -1,3 +1,4 @@ + @@ -34,8 +35,8 @@ Documentation for other releases can be found at # Nginx https service -This example creates a basic nginx https service useful in verifying proof of concept, keys, secrets, and end-to-end https service creation in kubernetes. -It uses an [nginx server block](http://wiki.nginx.org/ServerBlockExample) to serve the index page over both http and https. +This example creates a basic nginx https service useful in verifying proof of concept, keys, secrets, configmap, and end-to-end https service creation in kubernetes. +It uses an [nginx server block](http://wiki.nginx.org/ServerBlockExample) to serve the index page over both http and https. It will detect changes to nginx's configuration file, default.conf, mounted as a configmap volume and reload nginx automatically. ### Generate certificates @@ -49,51 +50,136 @@ $ make keys secret KEY=/tmp/nginx.key CERT=/tmp/nginx.crt SECRET=/tmp/secret.jso You need a [running kubernetes cluster](../../docs/getting-started-guides/) for this to work. -``` +Create a secret and a configmap. + +```sh $ kubectl create -f /tmp/secret.json -secrets/nginxsecret +secret "nginxsecret" created +$ kubectl create configmap nginxconfigmap --from-file=examples/https-nginx/default.conf +configmap "nginxconfigmap" created +``` + +Create a service and a replication controller using the configuration in nginx-app.yaml. + +```sh $ kubectl create -f examples/https-nginx/nginx-app.yaml -services/nginxsvc -replicationcontrollers/my-nginx +You have exposed your service on an external port on all nodes in your +cluster. If you want to expose this service to the external internet, you may +need to set up firewall rules for the service port(s) (tcp:32211,tcp:30028) to serve traffic. +... +service "nginxsvc" created +replicationcontroller "my-nginx" created +``` -$ kubectl get svc nginxsvc -o json +Then, find the node port that Kubernetes is using for http and https traffic. + +```sh +$ kubectl get service nginxsvc -o json ... { "name": "http", "protocol": "TCP", "port": 80, "targetPort": 80, - "nodePort": 30849 + "nodePort": 32211 }, { "name": "https", "protocol": "TCP", "port": 443, "targetPort": 443, - "nodePort": 30744 + "nodePort": 30028 } ... +``` +If you are using Kubernetes on a cloud provider, you may need to create cloud firewall rules to serve traffic. +If you are using GCE or GKE, you can use the following commands to add firewall rules. + +```sh +$ gcloud compute firewall-rules create allow-nginx-http --allow tcp:32211 --description "Incoming http allowed." +Created [https://www.googleapis.com/compute/v1/projects/hello-world-job/global/firewalls/allow-nginx-http]. +NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS +allow-nginx-http default 0.0.0.0/0 tcp:32211 + +$ gcloud compute firewall-rules create allow-nginx-https --allow tcp:30028 --description "Incoming https allowed." +Created [https://www.googleapis.com/compute/v1/projects/hello-world-job/global/firewalls/allow-nginx-https]. +NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS +allow-nginx-https default 0.0.0.0/0 tcp:30028 +``` + +Find your nodes' IPs. + +```sh $ kubectl get nodes -o json | grep ExternalIP -A 2 -... "type": "ExternalIP", - "address": "104.197.63.17" + "address": "104.198.1.26" } -- "type": "ExternalIP", - "address": "104.154.89.170" + "address": "104.198.12.158" } -... +-- + "type": "ExternalIP", + "address": "104.198.11.137" + } +``` -$ curl https://nodeip:30744 -k +Now your service is up. You can either use your browser or type the following commands. + +```sh +$ curl https://: -k + +$ curl https://104.198.1.26:30028 -k ... Welcome to nginx! ... ``` -For more information on how to run this in a kubernetes cluster, please see the [user-guide](../../docs/user-guide/connecting-applications.md). +Then we will update the configmap. First check your kubectl version. +```sh +$ kubectl version +Client Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.4", GitCommit:"dd6b458ef8dbf24aff55795baa68f83383c9b3a9", GitTreeState:"clean", BuildDate:"2016-08-01T16:45:16Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"} +Server Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.5", GitCommit:"b0deb2eb8f4037421077f77cb163dbb4c0a2a9f5", GitTreeState:"clean", BuildDate:"2016-08-11T20:21:58Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"} +``` + +If you are using 1.5 or higher: +Edit file `default.conf`: change `index index.html;` in line 8 to `index index2.html;`. + +```sh +$ kubectl replace configmap nginxconfigmap --from-file=default.conf +configmap "nginxconfigmap" replaced +``` + +If you are using 1.4 or lower: +Retrieve configmap nginxconfigmap. + +```sh +$ kubectl get configmap nginxconfigmap -o yaml > examples/https-nginx/nginxcm.yaml +``` + +Edit file `nginxcm.yaml`: change `index index.html;` to `index index2.html;`. +Apply the change. + +```sh +$ kubectl apply -f examples/https-nginx/nginxcm.yaml +configmap "nginxconfigmap" configured +``` + +Wait a few seconds to let the change propagate. Now you should be able to either use your browser or type the following commands to verify Nginx has been reloaded with new configuration. + +```sh +$ curl https://: -k + +$ curl https://104.198.1.26:30028 -k +... +Nginx reloaded! +... +``` + +For more information on how to run this in a kubernetes cluster, please see the [user-guide](../../docs/user-guide/connecting-applications.md). [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/examples/https-nginx/README.md?pixel)]() diff --git a/examples/https-nginx/auto-reload-nginx.sh b/examples/https-nginx/auto-reload-nginx.sh new file mode 100755 index 00000000000..d96d36385cd --- /dev/null +++ b/examples/https-nginx/auto-reload-nginx.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +# Copyright 2016 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +nginx "$@" +oldcksum=`cksum /etc/nginx/conf.d/default.conf` + +inotifywait -mr --timefmt '%d/%m/%y %H:%M' --format '%T' \ +/etc/nginx/conf.d/ | while read date time; do + + newcksum=`cksum /etc/nginx/conf.d/default.conf` + if [ "$newcksum" != "$oldcksum" ]; then + echo "At ${time} on ${date}, config file update detected." + oldcksum=$newcksum + nginx -s reload + fi + +done diff --git a/examples/https-nginx/default.conf b/examples/https-nginx/default.conf index 093a812065c..d91a5ba6d72 100644 --- a/examples/https-nginx/default.conf +++ b/examples/https-nginx/default.conf @@ -5,7 +5,7 @@ server { listen 443 ssl; root /usr/share/nginx/html; - index index.html index.htm; + index index.html; server_name localhost; ssl_certificate /etc/nginx/ssl/nginx.crt; diff --git a/examples/https-nginx/index2.html b/examples/https-nginx/index2.html new file mode 100644 index 00000000000..86280c98673 --- /dev/null +++ b/examples/https-nginx/index2.html @@ -0,0 +1,28 @@ + + + +Nginx reloaded! + + + +

Nginx has been reloaded!

+

If you see this page, the nginx web server has been automaticly reloaded, since the config file has been updated using Kubernetes.

+ + +

For online documentation and support please refer to +kubernetes.io.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + diff --git a/examples/https-nginx/nginx-app.yaml b/examples/https-nginx/nginx-app.yaml index 611d8d54c4d..a5ce0bd375d 100644 --- a/examples/https-nginx/nginx-app.yaml +++ b/examples/https-nginx/nginx-app.yaml @@ -31,12 +31,24 @@ spec: - name: secret-volume secret: secretName: nginxsecret + - name: configmap-volume + configMap: + name: nginxconfigmap containers: - name: nginxhttps - image: bprashanth/nginxhttps:1.0 + image: ymqytw/nginxhttps:1.5 + command: ["/home/auto-reload-nginx.sh"] ports: - containerPort: 443 - containerPort: 80 + livenessProbe: + httpGet: + path: /index.html + port: 80 + initialDelaySeconds: 30 + timeoutSeconds: 1 volumeMounts: - mountPath: /etc/nginx/ssl name: secret-volume + - mountPath: /etc/nginx/conf.d + name: configmap-volume