k8s之 nginx ingress
下载
wget http://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml需要修改的地方
image地址换成 ccr.ccs.tencentyun.com/cl0411/nginx-ingress-controller:0.20.0
211行增加 hostNetwork: true
或者设置kind为 DaemonSet 删除replicas
创建ingress-nginx pod
kubectl apply -f mandatory.yaml创建ingress-nginx.svc.yaml
[root@node1 ~]# cat ingress-nginx.svc.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
externalIPs:
- 192.168.57.14 #这个是node节点的ip
- 192.168.57.15
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: http
port: 443
targetPort: 443
protocol: TCP
selector:
app: ingress-nginx创建一个deployment
[root@node1 ~]# cat nginx-igress.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
labels:
web: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: daocloud.io/library/nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80创建ingress.yaml
[root@node1 ~]# cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: test.ingress.com #指定域名
http:
paths: #默认为/ 如果是其他路径请指明如/blog
- backend:
serviceName: nginx-service #指定要代理的服务
servicePort: 80 #指定代理服务的端口查看
[root@node1 ~]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
nginx-ingress test.ingress.com 192.168.57.14,192.168.57.15 80 26m浏览器访问test.ingress.com 查看结果 需要绑定hosts
http 模拟
创建证书及secret
[root@node1 ~]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=test.tomcat.com
[root@node1 ~]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key
secret/tomcat-ingress-secret created创建deployment
[root@node1 ~]# cat tomcat-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
targetPort: 8080
port: 8080
- name: ajp
targetPort: 8009
port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: daocloud.io/library/tomcat:9-jre8-alpine
ports:
- name: http
containerPort: 8080
- name: ajp
containerPort: 8009创建ingress
[root@node1 ~]# cat ingress-tomcat-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- test.tomcat.com
secretName: tomcat-ingress-secret
rules:
- host: test.tomcat.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080使用http://test.tomcat.com 验证结果
NodePort访问流程
client -> lb -> nodeport/service -> iptables/ipvs -> pod -> container
Ingress访问流程:
client -> lb -> ingress controller(nginx)/service -> pod -> container
k8s之 nginx ingress
http://www.jcwit.com/article/108/