feat: add ability to deploy NGINX IC or NGINX Plus IC from reg (#90)

nginxinc · Feb 11, 2022 · 8ce6f0a · 8ce6f0a
1 parent 3eb3cd0
commit 8ce6f0a
Show file tree

Hide file tree

Showing 5 changed files with 123 additions and 105 deletions.
diff --git a/bin/start_kube.sh b/bin/start_kube.sh
@@ -146,14 +146,18 @@ sleep 5
 #
 # TODO: Integrate this into the mainline along with logic to work with/without #80
 #
-# Hack to deploy our secret....
+# This logic takes the JWT and transforms it into a secret so we can pull the NGINX Plus IC. If the user is not
+# deploying plus (and does not have a JWT) we create a placeholder credential that is used to create a secert. That
+# secret is not a valid secret, but it is created to make the logic easier to read/code.
+#
 if [[ -s "${script_dir}/../extras/jwt.token" ]]; then
   JWT=$(cat ${script_dir}/../extras/jwt.token)
   echo "Loading JWT into nginx-ingress/regcred"
   ${script_dir}/../pulumi/python/venv/bin/kubectl create secret docker-registry regcred --docker-server=private-registry.nginx.com --docker-username=${JWT} --docker-password=none -n nginx-ingress --dry-run=client -o yaml > ${script_dir}/../pulumi/python/kubernetes/nginx/ingress-controller-repo-only/manifests/regcred.yaml
 else
   # TODO: need to adjust so we can deploy from an unauthenticated registry (IC OSS) #81
-  echo "No JWT found; this will likely fail"
+  echo "No JWT found; writing placeholder manifest"
+  ${script_dir}/../pulumi/python/venv/bin/kubectl create secret docker-registry regcred --docker-server=private-registry.nginx.com --docker-username=placeholder --docker-password=placeholder -n nginx-ingress --dry-run=client -o yaml > ${script_dir}/../pulumi/python/kubernetes/nginx/ingress-controller-repo-only/manifests/regcred.yaml
 fi
 
 # Check for stack info....

diff --git a/docs/getting_started.md b/docs/getting_started.md
@@ -85,8 +85,8 @@ you are not building from source, you do not need to install `make`. By default,
 
 Docker is required because the Ingress Controller is a Docker image and needs Docker to generate the image.
 
-**NOTE**: The kubeconfig deployment option currently requires that a JWT token be used to pull the NGINX plus image from
-the nginx.com repository. This will be updated in a future release.
+**NOTE**: The kubeconfig deployment option currently only allows you to deploy from a registry. This allows you to
+deploy the NGINX IC or the NGINX Plus IC (with a JWT from your F5 account)
 
 #### Kubernetes
 

diff --git a/docs/status-and-issues.md b/docs/status-and-issues.md
@@ -20,21 +20,23 @@ includes the following:
 
 All of these configurations use Pulumi code within Python as the Infrastructure as Code (IaC) manager.
 
-| K8 Provider     | Tested | Infrastructure Support      | IC Options              | FQDN/IP         | Notes                                            |
-|-----------------|--------|-----------------------------|-------------------------|-----------------|--------------------------------------------------|
-| AWS EKS         | Yes    | Full Infrastructure Standup | Build, Pull (uses ECR)  | Provided        |                                                  |
-| Azure AKS       | Yes    | Kubeconfig Only (3)         | NGINX Plus (w/ JWT) (1) | Manual FQDN (2) |                                                  |
-| Google GKE      | Yes    | Kubeconfig Only (3)         | NGINX Plus (w/ JWT) (1) | Manual FQDN (2) |                                                  |
-| MicroK8s        | Yes    | Kubeconfig Only (3)         | NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Storage, DNS, and Metallb need to be Enabled (4) |
-| Harvester/RKE2  | Yes    | Kubeconfig Only (3)         | NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
-| K3S             | Yes    | Kubeconfig Only (3)         | NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
-| Rancher Desktop | No     | Kubeconfig Only (3)         | NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
-| Minikube        | No     | Kubeconfig Only (3)         | NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
+| K8 Provider     | Tested | Infrastructure Support      | IC Options                      | FQDN/IP         | Notes                                            |
+|-----------------|--------|-----------------------------|---------------------------------|-----------------|--------------------------------------------------|
+| AWS EKS         | Yes    | Full Infrastructure Standup | Build, Pull (uses ECR)          | Provided        |                                                  |
+| Azure AKS       | Yes    | Kubeconfig Only (3)         | NGINX / NGINX Plus (w/ JWT) (1) | Manual FQDN (2) |                                                  |
+| Google GKE      | Yes    | Kubeconfig Only (3)         | NGINX / NGINX Plus (w/ JWT) (1) | Manual FQDN (2) |                                                  |
+| MicroK8s        | Yes    | Kubeconfig Only (3)         | NGINX / NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Storage, DNS, and Metallb need to be Enabled (4) |
+| Harvester/RKE2  | Yes    | Kubeconfig Only (3)         | NGINX / NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
+| K3S             | Yes    | Kubeconfig Only (3)         | NGINX / NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
+| Rancher Desktop | No     | Kubeconfig Only (3)         | NGINX / NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
+| Minikube        | No     | Kubeconfig Only (3)         | NGINX / NGINX Plus (w/ JWT) (1) | Manual FQDN (2) | Needs Storage, K8 LoadBalancer                   |
 
 ### Notes:
 1. The NGINX IC build/deploy process is currently under active development and support for IC will be standardized across
 all providers. Follow [#81](https://github.com/nginxinc/kic-reference-architectures/issues/81) and 
-[#86](https://github.com/nginxinc/kic-reference-architectures/issues/86) for details.
+[#86](https://github.com/nginxinc/kic-reference-architectures/issues/86) for details. Currently, for all non-AWS environments
+you have the option to specify either NGINX or NGINX Plus as your IC. The later does require an active subscription and a 
+JWT to be included at build time. Please see the documentation for more details.
 2. The process via which the IP and FQDN are created and used is currently under active development, and will be streamlined
 and standardized for all providers. Follow [#82](https://github.com/nginxinc/kic-reference-architectures/issues/82) for
 details.