-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Start FAQ docs #66
Start FAQ docs #66
Conversation
d1a5980
to
f606a85
Compare
de54f9b
to
f661655
Compare
f661655
to
85c4317
Compare
ready for review |
|
||
Yes, please see [this](/examples/static-ip) example. | ||
|
||
## Does updating a Kubernetes secrete update the GCE TLS certs? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo, secret or secrets
|
||
## Does updating a Kubernetes secrete update the GCE TLS certs? | ||
|
||
Yes, expect O(30s) delay. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for a faq, prefer something like "up to a minute delay"
Yes, expect O(30s) delay. | ||
|
||
The controller should create a second ssl certificate suffixed with `-1` and | ||
atomically swap it with the ssl certificate in your taret proxy, then delete |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo, target proxy
|
||
The controller should create a second ssl certificate suffixed with `-1` and | ||
atomically swap it with the ssl certificate in your taret proxy, then delete | ||
the obselete ssl certificate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo, obsolete
## Is there a maximum number of Endpoints I can add to the Ingress? | ||
|
||
This limit is directly related to the maximum number of endpoints allowed in a | ||
Kubernetes cluster, not the the HTTP LB configuration, since the HTTP LB sends |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo, "the the" -> "the"
|
||
1. Navigate to the [cloud console](https://console.cloud.google.com/) and click on the "Networking" tab, then choose "LoadBalancing" | ||
2. Find the loadbalancer you'd like to delete, it should have a name formatted as: k8s-um-ns-name--UUID | ||
3. Delete it, check the boxes to also casade the deletion down to associated resources (eg: backend-services) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo: "casade" -> "cascade"
If you find yourself in such a situation, you can delete the resources by hand: | ||
|
||
1. Navigate to the [cloud console](https://console.cloud.google.com/) and click on the "Networking" tab, then choose "LoadBalancing" | ||
2. Find the loadbalancer you'd like to delete, it should have a name formatted as: k8s-um-ns-name--UUID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be nice for it to be clear what's a variable and what's not. No clue if "-um-" is literal of meant to stand for something.
e.g. k8s-???-$namespace-$name--$UUID
is fairly well understood for indicating variables.
@bprashanth please add a reference to how is possible to achieve IP preservation in gce/gke |
Yeah, on GCE with today's http lb you can't preserve it (you only get XFF). You can manually setup an ssl proxy (does tls termination and proxy protocol) and point it at the nginx controller (with proxy protocol enabled). I will write an example about this. |
Yeah exactly, they'd need to deploy the nginx ingress contorller, create the ingress with |
@bprashanth the ssl proxy needs a backend service, which only accepts node pools as backends and also requires a health check. Could you point me to an example of this working on GCE/GKE? |
The Kubernetes Service is an abstraction over endpoints (pod-ip:port pairings). | ||
The Ingress is an abstraction over Services. This doesn't mean all Ingress | ||
controller must route *through* a Service, but rather, that routing, security | ||
and auth configuration is represented in the Ingerss resource per Service, and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo: s/Ingerss/Ingress/
I'll address comments in a follow up (#102), merging now since I'm on vacation and this doc will answer FAQ while I'm AFK |
update copyright
No description provided.