4.2.k8s.Ingress-Nginx
2024-10-21 02:54:01
Ingress-Nginx
ingress-nginx为7层代理,通过配置域名访问后端服务
ingress-nginx容器和kubernetes api交互,动态生成nginx配置
ingress服务定义域名规则,最终更新到ingress容器官网
https://kubernetes.github.io/ingress-nginx/deploy/
https://github.com/kubernetes/ingress-nginx
#部署ingress-nginx
#下载ingress-nginx yaml文件
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
#查看image
grep image mandatory.yaml
#更改镜像源(hub.docker.com官网找镜像)
sed -i 's@quay.io/kubernetes-ingress-controller@siriuszg@' mandatory.yaml
#下载镜像
docker pull $(awk '/image/{print $2}' mandatory.yaml)
#部署Pod
kubectl apply -f mandatory.yaml
#查看
kubectl get pod -n ingress-nginx
#下载NodePort yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
#NodePort默认为随机端口,固定添加端口30080 30443
sed -i '/targetPort: 80/a\ \ \ \ \ \ nodePort: 30080' service-nodeport.yaml
sed -i '/targetPort: 443/a\ \ \ \ \ \ nodePort: 30443' service-nodeport.yaml
#部署
kubectl apply -f service-nodeport.yaml
#查看
kubectl get svc -n ingress-nginx
#部署后端web demo
#ingress-nginx-demo.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-dm
spec:
replicas: 2
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: myapp
image: alivv/nginx:node
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
selector:
name: nginx
ports:
- port: 80
targetPort: 80
protocol: TCP
#ingress 使用域名代理
#ingress-nginx-http.yaml
#Ingress HTTP代理 http://abc1.tt.dev
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx-http-demo
spec:
rules:
- host: abc1.tt.dev
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
---
#Ingress HTTPS代理 https://abc2.tt.dev
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx-https-demo
spec:
tls:
- hosts:
- abc2.tt.dev
secretName: tls-secret
rules:
- host: abc2.tt.dev
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
#创建域名证书,https用
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/O=DevOps/CN=abc2.tt.dev"
#创建cert存储
kubectl create secret tls tls-secret --key tls.key --cert tls.crt
#部署
kubectl apply -f ingress-nginx-demo.yaml
kubectl apply -f ingress-nginx-http.yaml
#查看
kubectl get pod
kubectl get deployment
kubectl get svc -A
kubectl get ingress
#查看ingress-nginx容器Nginx配置
pod_ingress=$(kubectl get pod -n ingress-nginx |awk '/nginx-ingress/{print $1}')
kubectl exec -it -n ingress-nginx $pod_ingress -- cat /etc/nginx/nginx.conf
#访问测试
#host解析tt.dev
echo "127.0.0.1 abc1.tt.dev abc2.tt.dev" >>/etc/hosts
#curl访问域名
curl http://abc1.tt.dev:30080
curl https://abc2.tt.dev:30443 -k
#Ingress-Nginx BasicAuth 密码验证
#ingress-with-auth.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
rules:
- host: auth.tt.dev
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
#创建密码文件auth 用户foo 密码pswd
#yum install httpd-tools
#htpasswd -bc auth foo pswd
docker run -it --rm -v $(pwd):/data -w /data jess/htpasswd -bc auth foo pswd
cat auth
kubectl create secret generic basic-auth --from-file=auth
kubectl get secret basic-auth -o yaml
#创建
kubectl apply -f ingress-with-auth.yaml
#master节点host解析abc.tt.dev
echo "127.0.0.1 auth.tt.dev" >>/etc/hosts
#curl访问测试
curl http://auth.tt.dev:30080 #无认证用户,访问失败
curl http://auth.tt.dev:30080 -u 'foo:pswd'
#删除测试项
#删除
kubectl delete -f ingress-with-auth.yaml
kubectl delete -f ingress-nginx-http.yaml
kubectl delete -f ingress-nginx-demo.yaml
kubectl delete -f service-nodeport.yaml
kubectl delete -f mandatory.yaml
kubectl delete secret tls-secret
kubectl delete secret basic-auth
sed -i '/tt.dev/d' /etc/hosts
Blog地址 https://www.cnblogs.com/elvi/p/11755780.html
本文git地址 https://gitee.com/almi/k8s/tree/master/notes
最新文章
- Eclipse 日期和时间格式自定义
- AFNetworking 2.0指北
- <;读书笔记>;软件调试之道 :问题的核心-诊断
- php WIN下编译注意问题
- 解决CentOS6.4 Docker ";Couldn&#39;t connect to Docker daemon ..."; 问题
- Hive 实战(1)--hive数据导入/导出基础
- hdu-5703 Desert(水题)
- .NET中的注释种类,单行注释、多行注释、文档注释。。。
- Web网站的性能测试工具
- 省市区三级联动JS
- Ext.Net学习笔记21:Ext.Net FormPanel 字段验证(validation)
- C#中邮件的发送基本操作
- nodejs安装不了和npm安装不了的解决方法
- iMX6Q开发板的EIM接口的配置可以与FPGA通讯-交换数据-最常用的接口配置
- Java中的方法(形参及实参)return返回类型
- vue获得当前页面URL动态拼接URL复制邀请链接方法
- Appium系列文章(1)获取appPackage和appActivity
- iOS开发之线程组解决请求多个接口数据,完成后,再刷新界面
- js splice vs slice
- DevExpress GridView自动滚动