ingress-nginx
Posted ccbky
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ingress-nginx相关的知识,希望对你有一定的参考价值。
.下载 ingress-nginx: wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.24.0/deploy/mandatory.yaml [root@master yaml]# ll 总用量 583304 drwxr-xr-x 2 root root 58 11月 14 16:58 ingress -rw-r--r-- 1 root root 347 11月 13 15:08 ingress-nodeport.yaml -rw-r--r-- 1 root root 642 11月 13 15:10 jenkins.yaml -rw-r--r-- 1 root root 5976 11月 12 22:35 mandatory.yaml -rw-r--r-- 1 root root 517 11月 13 21:33 myapp-demo.yaml -rw-r--r-- 1 root root 479 11月 14 09:38 nginx-deploy.yaml -rw-r--r-- 1 root root 597274112 11月 13 00:37 nginx.tar -rw-r--r-- 1 root root 543 11月 14 01:13 tomcat-deploy.yaml 2.部署ingress-nginx-controller: [root@master test]#kubectl apply -f mandatory.yaml [root@master yaml]# kubectl get pod -n ingress-nginx NAME READY STATUS RESTARTS AGE nginx-ingress-controller-8f4cc97c9-ft7pk 1/1 Running 2 20h
3.暴露Ingress-nginx-controller端口:
[root@master yaml]# vim ingress-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: 80
4.查看暴露端口:
[root@master yaml]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.96.117.119 <none> 80:32446/TCP 43h
##此时,ingress-nginx-controller的80端口映射为宿主机的端口32446.
此时,可以访问inrgess-nginx-controller的pod:
[root@master yaml]# curl 192.168.100.200:32446
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
##此时ingress-nginx-controller部署完成。
5.部署一个后端的pod:
[root@master yaml]# vim myapp-demo.yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: myapp labels: app: myapp spec: replicas: 2 selector: matchLabels: app: myapp template: metadata: name: myapp labels: app: myapp spec: containers: - name: myapp image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: myapp-svc spec: selector: app: myapp ports: - name: myapp port: 80 targetPort: 80
4.查看pod:
[root@master yaml]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-599d47757d-gfz8d 1/1 Running 1 20h 10.244.2.41 node2 <none> <none>
myapp-599d47757d-qdf8g 1/1 Running 2 20h 10.244.1.34 node1 <none> <none>
[root@master yaml]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11d
myapp-svc ClusterIP 10.100.182.96 <none> 80/TCP 9d
7.编写ingress规则:
[root@master ingress]# vim myapp-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
ikubernetes.io/ingress.class: nginx
spec:
rules:
- host: www.test-myapp.com
http:
paths:
- path:
backend:
serviceName: myapp-svc
servicePort: 80
[root@master ingress]# kubectl apply -f myapp-ingress.yaml
[root@master ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
myapp-ingress www.test-myapp.com 80 26s
[root@master ingress]# kubectl describe ingress myapp-ingress
Name: myapp-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
www.test-myapp.com
myapp-svc:80 (10.244.1.34:80,10.244.2.41:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"ikubernetes.io/ingress.class":"nginx"},"name":"myapp-ingress","namespace":"default"},"spec":{"rules":[{"host":"www.test-myapp.com","http":{"paths":[{"backend":{"serviceName":"myapp-svc","servicePort":80},"path":null}]}}]}}
ikubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 43s nginx-ingress-controller Ingress default/myapp-ingress
8.测试此时可以访问www.test.myapp.com:
[root@master ingress]# curl www.test-myapp.com:32446
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
##注意: www.test-myapp.com 需要添加本地解析。
9. 基于url访问:
[root@master ingress]# vim nginx-ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: deployment-nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path:
backend:
serviceName: nginx-svc
servicePort: 80
- path: /app1
backend:
serviceName: myapp-svc
servicePort: 80
~
[root@master ingress]# kubectl apply -f nginx-ingress.yaml
[root@master ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
deployment-nginx-ingress www.test-nginx.com 80 2m51s
10.测试访问:
[root@master ingress]# curl www.test-nginx.com:32446
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
........
[root@master ingress]# curl www.test-nginx.com:32446/app1
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
基于https访问:
1.创建自签证书: [root@master cert]# openssl genrsa -out tls.key 2048 [root@master cert]# openssl req -new -x509 -key tls.key -days 3650 -out tls.crt -subj /C=CN/ST=HangZhou/L=HangZhou/O=devops/CN=www.test-http.com
[root@master cert]# ll 总用量 8 -rw-r--r-- 1 root root 1302 11月 15 14:12 tls.crt -rw-r--r-- 1 root root 1679 11月 15 14:07 tls.key [root@master cert]# kubectl create secret tls http-ingress-secret --cert=./tls.crt --key=./tls.key secret/http-ingress-secret created [root@master cert]# kubectl get secret NAME TYPE DATA AGE default-token-gjjv5 kubernetes.io/service-account-token 3 11d http-ingress-secret kubernetes.io/tls 2 28s [root@master cert]# kubectl describe secret http-ingress-secret Name: http-ingress-secret Namespace: default Labels: <none> Annotations: <none> Type: kubernetes.io/tls Data ==== tls.crt: 1302 bytes tls.key: 1679 bytes 2.编写ingress规则: [root@master ingress]# cat http-ingress.yaml --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: http-ingress namespace: default annotations: kubernetes.io/ingress.class: nginx spec: tls: - hosts: - www.test-http.com secretName: http-ingress-secret rules: - host: www.test-http.com http: paths: - path: backend: serviceName: http-svc servicePort: 80
3.修改ingress-nodeport开启443端口: [root@master yaml]# cat ingress-nodeport.yaml apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: type: NodePort selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 443 [root@master yaml]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx NodePort 10.96.117.119 <none> 80:32446/TCP,443:32180/TCP 2d14h 4.测试访问:https://www.test-http.com:32180
以上是关于ingress-nginx的主要内容,如果未能解决你的问题,请参考以下文章
[CKA备考实验][ingress-nginx] 4.1如何优雅部署自己的ingress-nginx环境