Add Docs (#438)

voyagermesh · Aug 31, 2017 · 5a511ab · 5a511ab
1 parent ba1a67f
commit 5a511ab
Show file tree

Hide file tree

Showing 8 changed files with 194 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -33,6 +33,11 @@ You can find the generated HAProxy Configuration [here](hack/example/haproxy_gen
   - [Supports AWS certificate manager](docs/user-guide/ingress/aws-cert-manager.md)
   - [Scale load balancer using HorizontalPodAutoscaling](docs/user-guide/ingress/replicas-and-autoscaling.md)
   - [Configure Custom Timeouts for HAProxy](docs/user-guide/ingress/configure-timeouts.md)
+  - [Custom port for HTTP](docs/user-guide/ingress/custom-http-port.md)
+  - [Set NodePort](docs/user-guide/ingress/node-port.md)
+  - [Backend TLS](docs/user-guide/ingress/backend-tls.md)
+  - [Configure Options](docs/user-guide/ingress/configure-options.md)
+
 
 ### Comparison with Kubernetes
 | Feauture | [Kube Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) | AppsCode Ingress |

diff --git a/docs/README.md b/docs/README.md
@@ -33,6 +33,10 @@ You can find the generated HAProxy Configuration [here](hack/example/haproxy_gen
   - [Supports AWS certificate manager](docs/user-guide/ingress/aws-cert-manager.md)
   - [Scale load balancer using HorizontalPodAutoscaling](docs/user-guide/ingress/replicas-and-autoscaling.md)
   - [Configure Custom Timeouts for HAProxy](docs/user-guide/ingress/configure-timeouts.md)
+  - [Custom port for HTTP](docs/user-guide/ingress/custom-http-port.md)
+  - [Set NodePort](docs/user-guide/ingress/node-port.md)
+  - [Backend TLS](docs/user-guide/ingress/backend-tls.md)
+  - [Configure Options](docs/user-guide/ingress/configure-options.md)
 
 ### Comparison with Kubernetes
 | Feauture | [Kube Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) | AppsCode Ingress |

diff --git a/docs/user-guide/ingress/backend-tls.md b/docs/user-guide/ingress/backend-tls.md
@@ -0,0 +1,65 @@
+Voyager can connect to a tls enabled backend server with or without ssl verification.
+
+Available Options
+   ssl:
+    Creates a TLS/SSL socket when connecting to this server in order to cipher/decipher the traffic
+
+    if verify not set the following error may occurred
+    [/etc/haproxy/haproxy.cfg:49] verify is enabled by default but no CA file specified.
+    If you're running on a LAN where you're certain to trust the server's certificate,
+    please set an explicit 'verify none' statement on the 'server' line, or use
+    'ssl-server-verify none' in the global section to disable server-side verifications by default.
+
+   verify (none|required):
+    Sets HAProxy‘s behavior regarding the certificated presented by the server:
+   none :
+    doesn’t verify the certificate of the server
+
+   required (default value) :
+    TLS handshake is aborted if the validation of the certificate presented by the server returns an error.
+
+   veryfyhost <hostname>:
+    Sets a <hostname> to look for in the Subject and SubjectAlternateNames fields provided in the
+    certificate sent by the server. If <hostname> can’t be found, then the TLS handshake is aborted.
+    ie.
+    ingress.appscode.com/backend-tls: "ssl verify none"
+
+    If this annotation is not set HAProxy will connect to backend as http,
+    This value should not be set if the backend do not support https resolution.
+
+Example
+```
+kind: Service
+apiVersion: v1
+metadata:
+  name: my-service
+  annotations:
+      ingress.appscode.com/backend-tls: ssl verify none
+spec:
+  selector:
+    app: MyApp
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 9376
+
+```
+
+```
+apiVersion: voyager.appscode.com/v1beta1
+kind: Ingress
+metadata:
+  name: test-ingress
+  namespace: default
+spec:
+  backend:
+    serviceName: test-server
+    servicePort: '80'
+  rules:
+  - host: appscode.example.com
+    http:
+      paths:
+      - backend:
+          serviceName: my-service
+          servicePort: '80'
+```
diff --git a/docs/user-guide/ingress/configure-options.md b/docs/user-guide/ingress/configure-options.md
@@ -0,0 +1,44 @@
+Voyager Supports all valid options for defaults section of HAProxy config
+https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-option%20abortonclose
+from the list from here
+expects a json encoded map
+ie: "ingress.appscode.com/default-option": {"http-keep-alive": "true", "dontlognull": "true", "clitcpka": "false"}
+This will be appended in the defaults section of HAProxy as
+```
+option http-keep-alive
+option dontlognull
+no option clitcpka
+
+```
+Ingress Example:
+```yaml
+apiVersion: voyager.appscode.com/v1beta1
+kind: Ingress
+metadata:
+  name: test-ingress
+  namespace: default
+  annotations:
+    ingress.appscode.com/default-options: '{"http-keep-alive": "true", "dontlognull": "true", "clitcpka": "false"}'
+spec:
+  backend:
+    serviceName: test-server
+    servicePort: '80'
+  rules:
+  - host: appscode.example.com
+    http:
+      paths:
+      - backend:
+          serviceName: test-service
+          servicePort: '80'
+```
+
+This ingress will generate a HAProxy template with provided timeouts. like
+```console
+defaults
+	log global
+
+	option http-keep-alive
+	option dontlognull
+	no option clitcpka
+
+```
diff --git a/docs/user-guide/ingress/custom-http-port.md b/docs/user-guide/ingress/custom-http-port.md
@@ -0,0 +1,33 @@
+### Custom HTTP Port
+Voyager 3.2+ supports opening http port in any non custom port.
+
+```yaml
+apiVersion: voyager.appscode.com/v1beta1
+kind: Ingress
+metadata:
+  name: test-ingress
+  namespace: default
+spec:
+  rules:
+  - host: appscode.example.com
+    http:
+      port: '8989'
+      paths:
+      - backend:
+          serviceName: test-service
+          servicePort: '80'
+  - host: appscode.example.com
+      http:
+        port: '4343'
+        paths:
+        - backend:
+            serviceName: test-service
+            servicePort: '80'
+
+```
+
+For this configuration, the loadbalancer will listen to `8989` and `4343` port for incoming HTTP connections, and will
+pass any request coming to it to the desired backend.
+
+> For one Ingress Type you cannot have multiple rules listening to same port, even if they do not have
+same `host`.
diff --git a/docs/user-guide/ingress/node-port.md b/docs/user-guide/ingress/node-port.md
@@ -0,0 +1,35 @@
+### Setup NodePort
+Voyager 3.2+ supports defining NodePort.
+
+```yaml
+apiVersion: voyager.appscode.com/v1beta1
+kind: Ingress
+metadata:
+  name: test-ingress
+  namespace: default
+spec:
+  rules:
+  - host: appscode.example.com
+    http:
+      port: '8989'
+      nodePort: '32666'
+      paths:
+      - backend:
+          serviceName: test-service
+          servicePort: '80'
+  - host: appscode.example.com
+    tcp:
+      port: '4343'
+      nodePort: '35666'
+      paths:
+      - backend:
+          serviceName: test-service
+          servicePort: '80'
+
+```
+
+For this configuration, the loadbalancer will listen to `8989` and `4343` port for incoming HTTP
+connections and these port will map to specified nodeports, and will pass any request coming to it to the desired backend.
+
+> For one Ingress Type you cannot have multiple rules listening to same port or same node port, even if they do not have
+same `host`.
diff --git a/docs/user-guide/ingress/tcp.md b/docs/user-guide/ingress/tcp.md
@@ -12,8 +12,8 @@ metadata:
   namespace: default
 spec:
   rules:
-  - tcp:
-    - host: appscode.example.com
+  - host: appscode.example.com
+    tcp:
       port: '9898'
       backend:
         serviceName: tcp-service

diff --git a/docs/user-guide/ingress/tls.md b/docs/user-guide/ingress/tls.md
@@ -57,14 +57,17 @@ metadata:
   name: test-ingress
   namespace: default
 spec:
+  tls:
+    - secretName: testsecret
+      hosts:
+      - appscode.example.com
   rules:
-  - tcp:
-    - host: appscode.example.com
+  - host: appscode.example.com
+    tcp:
       port: '9898'
       backend:
         serviceName: tcp-service
         servicePort: '50077'
-      secretName: testsecret
 
 ```
 You need to set  the secretName field with the TCP rule to use a certificate.