From 3e3813ebc8e7183aed1996a7303cf011648859fc Mon Sep 17 00:00:00 2001
From: Meaghan Kjelland <mkjelland@google.com>
Date: Tue, 8 May 2018 09:33:50 -0700
Subject: [PATCH] Issue #81 Adding instructions for deploying ingress
 controller

---
 .../examples/gce-ingress-controller/README.md |  12 ++
 .../ingress-controller.yaml                   | 165 ++++++++++++++++++
 2 files changed, 177 insertions(+)
 create mode 100644 docs/examples/gce-ingress-controller/README.md
 create mode 100644 docs/examples/gce-ingress-controller/ingress-controller.yaml

diff --git a/docs/examples/gce-ingress-controller/README.md b/docs/examples/gce-ingress-controller/README.md
new file mode 100644
index 000000000000..f4b9f38c8e6a
--- /dev/null
+++ b/docs/examples/gce-ingress-controller/README.md
@@ -0,0 +1,12 @@
+# Deploy GCE Ingress Controller
+
+Instructions for how to deploy an ingress controller in a cluster
+that was deployed by gcp-deployer
+
+1. Replace `<YOUR PROJECT ID>` and `<YOUR CLUSTER NAME>` in
+`ingress-controller.yml`.
+1. Run `kubectl create -f ingress-controller.yml`. This will create
+Kubernetes service account with the correct permissions in the cluster,
+a default backend for the ingress controller, and the glbc app
+
+Now you will be able to create ingress objects.
\ No newline at end of file
diff --git a/docs/examples/gce-ingress-controller/ingress-controller.yaml b/docs/examples/gce-ingress-controller/ingress-controller.yaml
new file mode 100644
index 000000000000..205845a4cfbf
--- /dev/null
+++ b/docs/examples/gce-ingress-controller/ingress-controller.yaml
@@ -0,0 +1,165 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: glbc
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/
+kind: ClusterRole
+metadata:
+  name: system:controller:glbc
+rules:
+- apiGroups: [""]
+  resources: ["secrets", "endpoints", "services", "pods", "nodes", "namespaces", "configmaps", "events"]
+  verbs: ["describe", "get", "list", "watch", "update", "create", "patch"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses"]
+  verbs: ["get", "list", "watch", "update"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses/status"]
+  verbs: ["update"]
+---
+apiVersion: rbac.authorization.k8s.io/
+kind: ClusterRoleBinding
+metadata:
+  name: system:controller:glbc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:controller:glbc
+subjects:
+- kind: ServiceAccount
+  name: glbc
+  namespace: kube-system
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: l7-default-backend
+  namespace: kube-system
+  labels:
+    k8s-app: glbc
+    kubernetes.io/name: "GLBC"
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: glbc
+  template:
+    metadata:
+      labels:
+        k8s-app: glbc
+        name: glbc
+    spec:
+      containers:
+      - name: default-http-backend
+        # Any image is permissible as long as:
+        # 1. It serves a 404 page at /
+        # 2. It serves 200 on a /healthz endpoint
+        image: gcr.io/google_containers/defaultbackend:1.4
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 30
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 8080
+        resources:
+          limits:
+            cpu: 10m
+            memory: 20Mi
+          requests:
+            cpu: 10m
+            memory: 20Mi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ingress-controller-config
+  namespace: kube-system
+data:
+  gce.conf: |
+    [global]
+    project-id = <YOUR PROJECT ID>
+    node-tags = <YOUR CLUSTER NAME>
+---
+apiVersion: v1
+kind: Service
+metadata:
+  # This must match the --default-backend-service argument of the l7 lb
+  # controller and is required because GCE mandates a default backend.
+  name: default-http-backend
+  namespace: kube-system
+  labels:
+    k8s-app: glbc
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    kubernetes.io/name: "GLBCDefaultBackend"
+spec:
+  # The default backend must be of type NodePort.
+  type: NodePort
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    k8s-app: glbc
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  namespace: kube-system
+  name: l7-lb-controller
+  labels:
+    k8s-app: glbc
+    version: v1.1.1
+spec:
+  # There should never be more than 1 controller alive simultaneously.
+  replicas: 1
+  selector:
+    k8s-app: glbc
+    version: v1.1.1
+  template:
+    metadata:
+      labels:
+        k8s-app: glbc
+        version: v1.1.1
+        name: glbc
+    spec:
+      serviceAccountName: glbc
+      terminationGracePeriodSeconds: 600
+      containers:
+      - image: k8s.gcr.io/ingress-gce-glbc-amd64:v1.1.1
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+            scheme: HTTP
+          initialDelaySeconds: 30
+          timeoutSeconds: 5
+        name: l7-lb-controller
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 100m
+            memory: 50Mi
+        args:
+        - --default-backend-service=kube-system/default-http-backend
+        - --sync-period=300s
+        - --config-file-path=/etc/ingress-config/gce.conf
+        volumeMounts:
+        - mountPath: /etc/ingress-config
+          name: cloudconfig
+          readOnly: true
+      volumes:
+      - configMap:
+          name: ingress-controller-config
+        name: cloudconfig
\ No newline at end of file