Updated Private ingress docs (#6)

* Updated private ingress docs
2018-10-03 21:52:09 +04:00 · 2018-10-03 21:52:09 +04:00 · 55c8d247a2
--- a/Networking_PrivateIngress.md
+++ b/Networking_PrivateIngress.md
@ -0,0 +1,134 @@
 # Private ingress
    > Running services with an ingress behind an internal load balancer
 Table of Contents
 =================
 * [Networking](./Networking.md)
  * Private Ingress
 You may want to use an Ingress controller to expose services, because you want to use its HTTP Layer 7 load balancinc features, SSL terminations, etc. but do so over an internal IP without exposing it externally.
 An Ingress controller creates a Kubernetes Service in the background, so the trick here would be to create a new Ingress controller and annotate it to create a Service backed up by an Internal Azure Load Balancer.
 For this example, you're going to provision a new nginx ingress controller using Helm. You can take a look at the [stable/nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) repository to figure out all the parameters but essentially, there are two important ones:
 1. `controller.ingressClass`: you'd want to set this to a value that you'll use later on, like `nginx-internal`
 1. `controller.service.annotations`: you'll use this to annotate the backing Kubernetes Service to use an internal load balancer.
 Create a [`values.yaml`](networking/internal_ingress_values.yaml) file with the content below:
 ```yaml
 controller:
  ingressClass: nginx-internal
  service:
    annotations:
      service.beta.kubernetes.io/azure-load-balancer-internal: "true"
 ```
 For RBAC-enabled AKS clusters run the command below:
 ```sh
 helm install stable/nginx-ingress --name nginx-ingress-internal --namespace ingress-controllers -f values.yaml
 ```
 For AKS clusters with RBAC disabled, run the command below:
 ```sh
 helm install stable/nginx-ingress --name nginx-ingress-internal --namespace ingress-controllers -f values.yaml --set rbac.create=false
 ```
 Wait for the new internal Azure Load Balancer to be provisioned and note the "external" IP, which is actually a private IP from your Virtual Network.
 ```sh
 kubectl get services nginx-ingress-internal-controller  --namespace ingress-controllers -w
 NAME                                TYPE           CLUSTER-IP    EXTERNAL-IP   PORT(S)                      AGE
 nginx-ingress-internal-controller   LoadBalancer   10.0.167.34   10.240.0.66    80:30291/TCP,443:31842/TCP   31s
 ```
 Deploy [the sample](networking/sample_internal_ingress_deployment.yaml) below. Notice the `ingress.class` used.
 ```yaml
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  labels:
    app: frontend
  name: frontend
 spec:
  selector:
    matchLabels:
      app: frontend
  template:
    metadata:
      labels:
        app: frontend
    spec:
      containers:
      - name: frontend
        image: nginx:1.7.9
        imagePullPolicy: Always
        ports:
        - containerPort: 80
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app: frontend
  name: frontend-service
 spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: frontend
  type: ClusterIP
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  annotations:
    kubernetes.io/ingress.class: nginx-internal
  name: frontend-ingress
 spec:
  rules:
    - host: www.example.com
      http:
        paths:
          - backend:
              serviceName: frontend-service
              servicePort: 80
            path: /
 ```
 Finally test by running a pod and using it to curl the internal ingress IP:
 ```sh
 kubectl run -it --rm aks-ingress-test --image=debian
 ```
 Install `curl` in the pod using `apt-get`:
 ```sh
 apt-get update && apt-get install -y curl
 ```
 Now use `curl` to access the internal IP of your ingress controller, providing the Host Header information as per the ingress specification. Note that your IP address may be different than the below:
 ```
 curl -L http://10.240.0.66 -H "Host: www.example.com"
 ```
 You should get the nginx welcome page
 ```html
 <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome to nginx!</title>
 ...
 ```
--- a/Operational_Excellence.md
+++ b/Operational_Excellence.md
@ -42,7 +42,7 @@ Table of Contents
  * AKS master components
  * acs-engine
 * Networking
-  * Public and Private Ingresses
+  * [Private Ingress](Networking_PrivateIngress.md)
 * Identity and permissions
  * Azure RBAC roles
  * Kubernetes RBAC
--- a/networking/internal_ingress_values.yaml
+++ b/networking/internal_ingress_values.yaml
@ -0,0 +1,5 @@
 controller:
  ingressClass: nginx-internal
  service:
    annotations:
      service.beta.kubernetes.io/azure-load-balancer-internal: "true"
--- a/networking/sample_internal_ingress_deployment.yaml
+++ b/networking/sample_internal_ingress_deployment.yaml
@ -0,0 +1,52 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  labels:
    app: frontend
  name: frontend
 spec:
  selector:
    matchLabels:
      app: frontend
  template:
    metadata:
      labels:
        app: frontend
    spec:
      containers:
      - name: frontend
        image: nginx:1.7.9
        imagePullPolicy: Always
        ports:
        - containerPort: 80
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app: frontend
  name: frontend-service
 spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: frontend
  type: ClusterIP
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  annotations:
    kubernetes.io/ingress.class: nginx-internal
  name: frontend-ingress
 spec:
  rules:
    - host: www.example.com
      http:
        paths:
          - backend:
              serviceName: frontend-service
              servicePort: 80
            path: /