Merge "Ingress doc"

This commit is contained in:
Jenkins 2017-02-07 11:22:01 +00:00 committed by Gerrit Code Review
commit 26733607c5
2 changed files with 99 additions and 0 deletions

View File

@ -0,0 +1,98 @@
.. _external_access:
=======
Ingress
=======
One of the ways to make services in Kubernetes externally-reachable is to use
Ingress. This page describes how it can be enabled and used in CCP.
Ingress controller
~~~~~~~~~~~~~~~~~~
In order to make Ingress work, the cluster should have an Ingress controller.
You can use any implementation of it, the only requirement is that it should
be configured to use TLS.
There is a script :file:`deploy-ingress-controller.sh` in
:file:`fuel-ccp/tools/ingress` directory for testing purposes that can do it
for you. It will deploy traefik ingress controller and expose it as a k8s
service. The only required parameter is one of the k8s nodes IP which need to
be specified with `-i`. Ingress controller will be configured to use TLS. If
certificate and key were not provided with script parameters, the will be
generated automatically.
Enable Ingress in CCP
~~~~~~~~~~~~~~~~~~~~~
The following parameters are responsible for Ingress configuration:
::
configs:
ingress:
enabled: False
domain: external
port: 8443
Ingress is disabled by default. To enable it, `enabled` config option should
be set to `True`. Optionally domain and port can be changed.
.. NOTE:: There's no option to run Ingress without TLS.
.. NOTE:: `port` parameter should match HTTPS port of Ingress controller.
.. NOTE:: For multiple OpenStack deployments highly recommended to use
different `domain`s or run multiple Ingress controllers with
configured namespace isolation.
To get all Ingress domains of the current deployment you can run
:command:`ccp domains list` command:
::
+------------------------------+
| Ingress Domain |
+------------------------------+
| application-catalog.external |
| identity.external |
| orchestration.external |
| image.external |
| object-store.external |
| network.external |
| ironic.external |
| volume.external |
| console.external |
| data-processing.external |
| horizon.external |
| compute.external |
| search.external |
+------------------------------+
All of them should be resolved to the exposed IP of the Ingress controller.
It could be done with DNS or /etc/hosts.
The following command will prepare /etc/hosts for you. Only IP of the Ingress
controller (and configuration file if needed) should be specified:
::
echo INGRESS_CONTROLLER_IP $(ccp domains list -q -f value) | sudo tee -a /etc/hosts
Expose a service with Ingress
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To expose one of the ports of a service with Ingress, `ingress` parameter with
subdomain should be specified in the config section associated with that port:
::
configs:
public_port:
cont: 5000
ingress: identity
During the :command:`ccp deploy` command execution Ingress objects will be
created and all :ref:`address` occurrences with enabled `external` flag will be
substituted with proper Ingress domains.

View File

@ -17,6 +17,7 @@ User docs
config/index config/index
config/types config/types
bootstrapping bootstrapping
external_access
Advanced topics Advanced topics
--------------- ---------------