Ingress-Nginx

ingress-nginx为7层代理,通过配置域名访问后端服务

ingress-nginx容器和kubernetes api交互,动态生成nginx配置

ingress服务定义域名规则,最终更新到ingress容器

官网

https://kubernetes.github.io/ingress-nginx/deploy/

https://github.com/kubernetes/ingress-nginx

#部署ingress-nginx

#下载ingress-nginx yaml文件

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

#查看image

grep image mandatory.yaml

#更改镜像源(hub.docker.com官网找镜像)

sed -i 's@quay.io/kubernetes-ingress-controller@siriuszg@' mandatory.yaml

#下载镜像

docker pull $(awk '/image/{print $2}' mandatory.yaml)

#部署Pod

kubectl apply -f mandatory.yaml

#查看

kubectl get pod -n ingress-nginx

#下载NodePort yaml

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

#NodePort默认为随机端口,固定添加端口30080 30443

sed  -i '/targetPort: 80/a\ \ \ \ \ \ nodePort: 30080' service-nodeport.yaml

sed  -i '/targetPort: 443/a\ \ \ \ \ \ nodePort: 30443' service-nodeport.yaml

#部署

kubectl apply -f service-nodeport.yaml

#查看

kubectl get svc -n ingress-nginx

#部署后端web demo

#ingress-nginx-demo.yaml

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

 name: nginx-dm

spec:

 replicas: 2

 template:

   metadata:

     labels:

       name: nginx

   spec:

     containers:

     - name: myapp

       image: alivv/nginx:node

       imagePullPolicy: IfNotPresent

       ports:

       - name: http

         containerPort: 80

---

apiVersion: v1

kind: Service

metadata:

 name: nginx-svc

spec:

 selector:

   name: nginx

 ports:

   - port: 80

     targetPort: 80

     protocol: TCP

#ingress 使用域名代理

#ingress-nginx-http.yaml

#Ingress HTTP代理 http://abc1.tt.dev

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

 name: ingress-nginx-http-demo

spec:

 rules:

   - host: abc1.tt.dev

     http:

       paths:

       - path: /

         backend:

           serviceName: nginx-svc

           servicePort: 80

---

#Ingress HTTPS代理 https://abc2.tt.dev

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

 name: ingress-nginx-https-demo

spec:

 tls:

   - hosts:

     - abc2.tt.dev

     secretName: tls-secret

 rules:

   - host: abc2.tt.dev

     http:

       paths:

       - path: /

         backend:

           serviceName: nginx-svc

           servicePort: 80


#创建域名证书,https用

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/O=DevOps/CN=abc2.tt.dev"

#创建cert存储

kubectl create secret tls tls-secret --key tls.key --cert tls.crt

#部署

kubectl apply -f ingress-nginx-demo.yaml

kubectl apply -f ingress-nginx-http.yaml

#查看

kubectl  get pod

kubectl  get deployment

kubectl  get svc -A

kubectl  get ingress

#查看ingress-nginx容器Nginx配置

pod_ingress=$(kubectl get pod -n ingress-nginx |awk '/nginx-ingress/{print $1}')

kubectl exec -it -n ingress-nginx $pod_ingress -- cat /etc/nginx/nginx.conf

#访问测试

#host解析tt.dev

echo "127.0.0.1    abc1.tt.dev abc2.tt.dev" >>/etc/hosts

#curl访问域名

curl  http://abc1.tt.dev:30080

curl  https://abc2.tt.dev:30443 -k

#Ingress-Nginx BasicAuth 密码验证

#ingress-with-auth.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

 name: ingress-with-auth

 annotations:

   nginx.ingress.kubernetes.io/auth-type: basic

   nginx.ingress.kubernetes.io/auth-secret: basic-auth

   nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'

spec:

 rules:

 - host: auth.tt.dev

   http:

     paths:

     - path: /

       backend:

         serviceName: nginx-svc

         servicePort: 80


#创建密码文件auth 用户foo 密码pswd

#yum install httpd-tools

#htpasswd -bc auth  foo pswd

docker run -it --rm -v $(pwd):/data -w /data jess/htpasswd   -bc auth  foo pswd

cat auth

kubectl create secret generic basic-auth --from-file=auth

kubectl get secret basic-auth -o yaml

#创建

kubectl apply -f ingress-with-auth.yaml

#master节点host解析abc.tt.dev

echo "127.0.0.1    auth.tt.dev" >>/etc/hosts

#curl访问测试

curl http://auth.tt.dev:30080  #无认证用户,访问失败

curl http://auth.tt.dev:30080 -u 'foo:pswd'

#删除测试项

#删除

kubectl delete -f ingress-with-auth.yaml

kubectl delete -f ingress-nginx-http.yaml

kubectl delete -f ingress-nginx-demo.yaml

kubectl delete -f service-nodeport.yaml

kubectl delete -f mandatory.yaml

kubectl delete secret tls-secret

kubectl delete secret basic-auth

sed -i '/tt.dev/d' /etc/hosts

Blog地址 https://www.cnblogs.com/elvi/p/11755780.html

本文git地址 https://gitee.com/almi/k8s/tree/master/notes

最新文章

  1. Eclipse 日期和时间格式自定义
  2. AFNetworking 2.0指北
  3. <读书笔记>软件调试之道 :问题的核心-诊断
  4. php WIN下编译注意问题
  5. 解决CentOS6.4 Docker "Couldn't connect to Docker daemon ..." 问题
  6. Hive 实战(1)--hive数据导入/导出基础
  7. hdu-5703 Desert(水题)
  8. .NET中的注释种类,单行注释、多行注释、文档注释。。。
  9. Web网站的性能测试工具
  10. 省市区三级联动JS
  11. Ext.Net学习笔记21:Ext.Net FormPanel 字段验证(validation)
  12. C#中邮件的发送基本操作
  13. nodejs安装不了和npm安装不了的解决方法
  14. iMX6Q开发板的EIM接口的配置可以与FPGA通讯-交换数据-最常用的接口配置
  15. Java中的方法(形参及实参)return返回类型
  16. vue获得当前页面URL动态拼接URL复制邀请链接方法
  17. Appium系列文章(1)获取appPackage和appActivity
  18. iOS开发之线程组解决请求多个接口数据,完成后,再刷新界面
  19. js splice vs slice
  20. DevExpress GridView自动滚动

热门文章

  1. 学习-Pytest(五)yield操作
  2. usermod 修改用户信息
  3. 2018牛客网暑期ACM多校训练营(第十场)J Rikka with Nickname(二分,字符串)
  4. u-boot中bss段的使用
  5. 【JAVA】Maven profiles控制多环境数据源日志打包(转载)
  6. yang学习
  7. pymysql ,主键, 索引
  8. java面向对象5--内部类
  9. 消息中间件--kafka(1)安装部署
  10. pyqt5-表格TableWidGet