附020.Nginx-ingress部署及使用
一 手动部署-官网版
1.1 获取资源
[root@master01 ~]# mkdir ingress
[root@master01 ~]# cd ingress/
[root@master01 ingress]# git clone https://github.com/nginxinc/kubernetes-ingress/
[root@master01 ingress]# cd kubernetes-ingress/deployments
[root@master01 ingress]# git checkout v1.7.0
1.2 安装RBAC
[root@master01 deployments]# kubectl apply -f common/ns-and-sa.yaml #部署namespace及ServiceAccount
[root@master01 deployments]# kubectl apply -f rbac/rbac.yaml #部署RBAC角色及权限等
1.3 安装基础资源
[root@master01 deployments]# kubectl apply -f common/default-server-secret.yaml
说明:
创建TLS证书和NGINX中默认服务器的secret。默认服务器返回Not Found页面,其中包含404状态代码,用于未定义的所有访问规则请求的返回值。默认包含了一个自签名的证书和生成的密钥。
[root@master01 deployments]# kubectl apply -f common/nginx-config.yaml
[root@master01 deployments]# kubectl apply -f common/vs-definition.yaml
[root@master01 deployments]# kubectl apply -f common/vsr-definition.yaml
[root@master01 deployments]# kubectl apply -f common/ts-definition.yaml #创建虚拟主机
[root@master01 deployments]# kubectl apply -f common/gc-definition.yaml
[root@master01 deployments]# kubectl apply -f common/global-configuration.yaml
1.4 安装ingress controllers
[root@master01 deployments]# vi daemon-set/nginx-ingress.yaml
……
- -global-configuration=$(POD_NAMESPACE)/nginx-configuration
……
[root@master01 deployments]# kubectl apply -f daemon-set/nginx-ingress.yaml
[root@master01 deployments]# kubectl get pods --namespace=nginx-ingress
NAME READY STATUS RESTARTS AGE
nginx-ingress-cqv2m 1/1 Running 0 43s
nginx-ingress-fpmbv 1/1 Running 0 43s
nginx-ingress-kdl9p 1/1 Running 0 43s
nginx-ingress-lggw9 1/1 Running 0 43s
nginx-ingress-lnw28 1/1 Running 0 43s
nginx-ingress-z8rn8 1/1 Running 0 43s
1.5 创建ingress controllers service
[root@master01 deployments]# vi service/nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
nodePort: 30011
- port: 443
targetPort: 443
protocol: TCP
name: https
nodePort: 30012
selector:
app: nginx-ingress
[root@master01 deployments]# kubectl create -f service/nodeport.yaml
[root@master01 deployments]# kubectl get svc nginx-ingress --namespace=nginx-ingress
[root@master01 deployments]# kubectl describe svc nginx-ingress --namespace=nginx-ingress
参考文档:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/。
二 手动部署-github社区版(推荐)
2.1 获取资源
[root@master01 ~]# mkdir ingress
[root@master01 ~]# cd ingress/
[root@master01 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml
[root@master01 ingress]# vi deploy.yaml
……
apiVersion: apps/v1
kind: Deployment
……
spec:
replicas: 3
……
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
……
apiVersion: v1
kind: Service
……
name: ingress-nginx-controller
……
spec:
type: NodePort
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
nodePort: 80
- name: https
port: 443
protocol: TCP
targetPort: https
nodePort: 443
……
[root@master01 ingress]# kubectl create -f deploy.yaml
提示:添加默认backend需要等待default-backend创建完成controllers才能成功部署。
2.2 创建default backend
[root@master01 ingress]# vi default-backend.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: default-http-backend
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
namespace: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissible as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
image: k8s.gcr.io/defaultbackend-amd64:1.5
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi ---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: ingress-nginx
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
ports:
- port: 80
targetPort: 8080
selector:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
---
[root@master01 ingress]# kubectl create -f default-backend.yaml
2.3 确认验证
[root@master01 ingress]# kubectl get pods -n ingress-nginx
[root@master01 ingress]# kubectl get svc -n ingress-nginx
参考文档:https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md。
三 ingress使用
3.1 创建demo环境
[root@master01 ingress]# vi deploy-demo01.yaml #创建第一个用于测试的svc和pod
apiVersion: v1
kind: Service
metadata:
name: mydemo01svc
namespace: default
spec:
selector:
app: mydemo01
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydemo01pod
spec:
replicas: 3
selector:
matchLabels:
app: mydemo01
template:
metadata:
labels:
app: mydemo01
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: httpd
containerPort: 80
[root@master01 ingress]# echo '<h1>Hello world!</h1>' > index.html #创建Tomcat测试页面
[root@master01 ingress]# scp index.html root@worker01:/etc/kubernetes/
[root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/
[root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/
[root@master01 ingress]# vi deploy-demo02.yaml #创建第二个用于测试的svc和pod
apiVersion: v1
kind: Service
metadata:
name: mydemo02svc
namespace: default
spec:
selector:
app: mydemo02
ports:
- name: httpd
port: 8080
targetPort: 8080 ---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydemo02pod
spec:
replicas: 3
selector:
matchLabels:
app: mydemo02
template:
metadata:
labels:
app: mydemo02
spec:
containers:
- name: mytomcat
image: tomcat:9
ports:
- name: httpd
containerPort: 8080
volumeMounts:
- mountPath: "/usr/local/tomcat/webapps/ROOT/index.html"
name: sample-volume
readOnly: true
volumes:
- name: sample-volume
hostPath:
type: File
path: /etc/kubernetes/index.html
[root@master01 ingress]# kubectl apply -f deploy-demo01.yaml
[root@master01 ingress]# kubectl apply -f deploy-demo02.yaml
[root@master01 ingress]# kubectl get pods -o wide
[root@master01 ingress]# kubectl get svc -o wide
3.2 创建ingress策略
[root@master01 ingress]# vi deploy-demo-ingress-http.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-mydemo
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: demo01.linuxsb.com
http:
paths:
- path:
backend:
serviceName: mydemo01svc
servicePort: 80
- host: demo02.linuxsb.com
http:
paths:
- path:
backend:
serviceName: mydemo02svc
servicePort: 8080
[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-http.yaml
[root@master01 ingress]# kubectl get pods -o wide
[root@master01 ingress]# kubectl get svc -o wide
[root@master01 ingress]# kubectl get ingress -o wide
3.3 确认验证
添加demo01.odocker.com和demo02.odocker.com的解析。分别访问两个地址:
参考:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
四 ingress https使用
4.1 创建证书
使用自签名证书,证书创建参考《附008.Kubernetes TLS证书介绍及创建》。
4.2 创建secret
[root@master01 ingress]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo02.key -out demo02.crt -subj "/CN=demo02.odocker.com"
[root@master01 ingress]# kubectl create secret generic demo02-tls --from-file=demo02.crt --from-file=demo02.key -n default
[root@master01 ingress]# kubectl get secret demo02-tls
NAME TYPE DATA AGE
demo02-tls Opaque 2 27s
4.3 创建TLS ingress策略
[root@master01 ingress]# vi deploy-demo-ingress-https.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-mydemo02-https
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- demo02.odocker.com
secretName: demo02-tls
rules:
- host: demo02.odocker.com
http:
paths:
- path:
backend:
serviceName: mydemo02svc
servicePort: 8080
[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-https.yaml
4.4 确认验证
浏览器访问:https://demo02.odocker.com/。
最新文章
- Oracle Created Database Users: Password, Usage and Files References (文档 ID 160861.1)
- 在windows下用toolbox玩会docker
- MySQLdb模块操作
- 骑士问题(knight) (BFS)
- ABBYY FineReader 12 能够识别哪些文档语言
- C++ Templates之模板元编程
- swift:入门知识之类和对象
- java封装对象转json字符串
- 如何获取外网Ip呢, 终于找到方法了
- Cmake编译成静态库
- android经典Demo(转载)
- nginx-lua实现简单权限控制
- [翻译] 编写高性能 .NET 代码--第二章 GC -- 减少大对象堆的碎片,在某些情况下强制执行完整GC,按需压缩大对象堆,在GC前收到消息通知,使用弱引用缓存对象
- HBase源码实战:ImportTsv
- luoguP4705 玩游戏
- C# Thread.Jion()
- GDAL——命令使用专题——gdalsrsinfo命令
- wxPython的使用--类似画板的界面
- Linux机器之间复制文件和目录方式&Linux的scp命令详解
- 20170706xlVBA根据工资汇总表生成个人工资条