附020.Nginxingress部署及使用
一 手动部署-官网版
1.1 获取资源
[root@master01 ~]# mkdir ingress
[root@master01 ~]# cd ingress/
[root@master01 ingress]# git clone https://github.com/nginxinc/kubernetes-ingress/
[root@master01 ingress]# cd kubernetes-ingress/deployments
[root@master01 ingress]# git checkout v1.7.0
1.2 安装RBAC
[root@master01 deployments]# kubectl apply -f common/ns-and-sa.yaml #部署namespace及ServiceAccount
[root@master01 deployments]# kubectl apply -f rbac/rbac.yaml #部署RBAC角色及权限等
1.3 安装基础资源
[root@master01 deployments]# kubectl apply -f common/default-server-secret.yaml
说明:
创建TLS证书和NGINX中默认服务器的secret。默认服务器返回Not Found页面,其中包含404状态代码,用于未定义的所有访问规则请求的返回值。默认包含了一个自签名的证书和生成的密钥。
[root@master01 deployments]# kubectl apply -f common/nginx-config.yaml
[root@master01 deployments]# kubectl apply -f common/vs-definition.yaml
[root@master01 deployments]# kubectl apply -f common/vsr-definition.yaml
[root@master01 deployments]# kubectl apply -f common/ts-definition.yaml #创建虚拟主机
[root@master01 deployments]# kubectl apply -f common/gc-definition.yaml
[root@master01 deployments]# kubectl apply -f common/global-configuration.yaml
1.4 安装ingress controllers
[root@master01 deployments]# vi daemon-set/nginx-ingress.yaml
1 ……2 - -global-configuration=$(POD_NAMESPACE)/nginx-configuration
3 ……
[root@master01 deployments]# kubectl apply -f daemon-set/nginx-ingress.yaml
[root@master01 deployments]# kubectl get pods --namespace=nginx-ingress
NAME READY STATUS RESTARTS AGE
nginx-ingress-cqv2m 1/1 Running 0 43s
nginx-ingress-fpmbv 1/1 Running 0 43s
nginx-ingress-kdl9p 1/1 Running 0 43s
nginx-ingress-lggw9 1/1 Running 0 43s
nginx-ingress-lnw28 1/1 Running 0 43s
nginx-ingress-z8rn8 1/1 Running 0 43s
1.5 创建ingress controllers service
[root@master01 deployments]# vi service/nodeport.yaml
1 apiVersion: v12 kind: Service
3 metadata:
4name: nginx-ingress
5 namespace: nginx-ingress
6 spec:
7 type: NodePort
8 ports:
9 - port: 80
10 targetPort: 80
11 protocol: TCP
12name: http
13 nodePort: 30011
14 - port: 443
15 targetPort: 443
16 protocol: TCP
17name: https
18 nodePort: 30012
19 selector:
20 app: nginx-ingress
[root@master01 deployments]# kubectl create -f service/nodeport.yaml
[root@master01 deployments]# kubectl get svc nginx-ingress --namespace=nginx-ingress
[root@master01 deployments]# kubectl describe svc nginx-ingress --namespace=nginx-ingress
参考文档:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/。
二 手动部署-github社区版(推荐)
2.1 获取资源
[root@master01 ~]# mkdir ingress
[root@master01 ~]# cd ingress/
[root@master01 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/cloud/deploy.yaml
[root@master01 ingress]# vi deploy.yaml
1 ……2 apiVersion: apps/v1
3 kind: Deployment
4 ……
5 spec:
6 replicas: 3
7 ……
8 - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
9 ……
10 apiVersion: v1
11 kind: Service
12 ……
13name: ingress-nginx-controller
14 ……
15 spec:
16 type: NodePort
17 externalTrafficPolicy: Local
18 ports:
19 - name: http
20 port: 80
21 protocol: TCP
22 targetPort: http
23 nodePort: 80
24 - name: https
25 port: 443
26 protocol: TCP
27 targetPort: https
28 nodePort: 443
29 ……
[root@master01 ingress]# kubectl create -f deploy.yaml
提示:添加默认backend需要等待default-backend创建完成controllers才能成功部署。
2.2 创建default backend
[root@master01 ingress]# vi default-backend.yaml
1 ---2 apiVersion: apps/v1
3 kind: Deployment
4 metadata:
5name: default-http-backend
6 labels:
7 app.kubernetes.io/name: default-http-backend
8 app.kubernetes.io/part-of: ingress-nginx
9 namespace: ingress-nginx
10 spec:
11 replicas: 1
12 selector:
13 matchLabels:
14 app.kubernetes.io/name: default-http-backend
15 app.kubernetes.io/part-of: ingress-nginx
16 template:
17 metadata:
18 labels:
19 app.kubernetes.io/name: default-http-backend
20 app.kubernetes.io/part-of: ingress-nginx
21 spec:
22 terminationGracePeriodSeconds: 60
23 containers:
24 - name: default-http-backend
25# Any image is permissible as long as:
26# 1. It serves a 404 page at /
27# 2. It serves 200 on a /healthz endpoint
28 image: k8s.gcr.io/defaultbackend-amd64:1.5
29 livenessProbe:
30 httpGet:
31path: /healthz
32 port: 8080
33 scheme: HTTP
34 initialDelaySeconds: 30
35 timeoutSeconds: 5
36 ports:
37 - containerPort: 8080
38 resources:
39 limits:
40 cpu: 10m
41 memory: 20Mi
42 requests:
43 cpu: 10m
44 memory: 20Mi
45
46 ---
47 apiVersion: v1
48 kind: Service
49 metadata:
50name: default-http-backend
51 namespace: ingress-nginx
52 labels:
53 app.kubernetes.io/name: default-http-backend
54 app.kubernetes.io/part-of: ingress-nginx
55 spec:
56 ports:
57 - port: 80
58 targetPort: 8080
59 selector:
60 app.kubernetes.io/name: default-http-backend
61 app.kubernetes.io/part-of: ingress-nginx
62 ---
[root@master01 ingress]# kubectl create -f default-backend.yaml
2.3 确认验证
[root@master01 ingress]# kubectl get pods -n ingress-nginx
[root@master01 ingress]# kubectl get svc -n ingress-nginx
参考文档:https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md。
三 ingress使用
3.1 创建demo环境
[root@master01 ingress]# vi deploy-demo01.yaml #创建第一个用于测试的svc和pod
1 apiVersion: v12 kind: Service
3 metadata:
4name: mydemo01svc
5 namespace: default
6 spec:
7 selector:
8 app: mydemo01
9 ports:
10 - name: http
11 port: 80
12 targetPort: 80
13 ---
14 apiVersion: apps/v1
15 kind: Deployment
16 metadata:
17name: mydemo01pod
18 spec:
19 replicas: 3
20 selector:
21 matchLabels:
22 app: mydemo01
23 template:
24 metadata:
25 labels:
26 app: mydemo01
27 spec:
28 containers:
29 - name: myapp
30 image: ikubernetes/myapp:v2
31 ports:
32 - name: httpd
33 containerPort: 80
[root@master01 ingress]# echo "<h1>Hello world!</h1>" > index.html #创建Tomcat测试页面
[root@master01 ingress]# scp index.html root@worker01:/etc/kubernetes/
[root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/
[root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/
[root@master01 ingress]# vi deploy-demo02.yaml #创建第二个用于测试的svc和pod
1 apiVersion: v12 kind: Service
3 metadata:
4name: mydemo02svc
5 namespace: default
6 spec:
7 selector:
8 app: mydemo02
9 ports:
10 - name: httpd
11 port: 8080
12 targetPort: 8080
13
14 ---
15 apiVersion: apps/v1
16 kind: Deployment
17 metadata:
18name: mydemo02pod
19 spec:
20 replicas: 3
21 selector:
22 matchLabels:
23 app: mydemo02
24 template:
25 metadata:
26 labels:
27 app: mydemo02
28 spec:
29 containers:
30 - name: mytomcat
31 image: tomcat:9
32 ports:
33 - name: httpd
34 containerPort: 8080
35 volumeMounts:
36 - mountPath: "/usr/local/tomcat/webapps/ROOT/index.html"
37name: sample-volume
38 readOnly: true
39 volumes:
40 - name: sample-volume
41 hostPath:
42 type: File
43path: /etc/kubernetes/index.html
[root@master01 ingress]# kubectl apply -f deploy-demo01.yaml
[root@master01 ingress]# kubectl apply -f deploy-demo02.yaml
[root@master01 ingress]# kubectl get pods -o wide
[root@master01 ingress]# kubectl get svc -o wide
3.2 创建ingress策略
[root@master01 ingress]# vi deploy-demo-ingress-http.yaml
1 apiVersion: extensions/v1beta12 kind: Ingress
3 metadata:
4name: ingress-mydemo01
5 namespace: default
6 annotations:
7 kubernetes.io/ingress.class: "nginx"
8 spec:
9 rules:
10 - host: demo01.odocker.com
11 http:
12 paths:
13 - path:
14 backend:
15 serviceName: mydemo01svc
16 servicePort: 80
17 ---
18 apiVersion: extensions/v1beta1
19 kind: Ingress
20 metadata:
21name: ingress-mydemo02
22 namespace: default
23 annotations:
24 kubernetes.io/ingress.class: "nginx"
25 spec:
26 rules:
27 - host: demo02.odocker.com
28 http:
29 paths:
30 - path:
31 backend:
32 serviceName: mydemo02svc
33 servicePort: 8080
[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-http.yaml
[root@master01 ingress]# kubectl get pods -o wide
[root@master01 ingress]# kubectl get svc -o wide
[root@master01 ingress]# kubectl get ingress -o wide
3.3 确认验证
添加demo01.odocker.com和demo02.odocker.com的解析。分别访问两个地址:
参考:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
四 ingress https使用
4.1 创建证书
使用自签名证书,证书创建参考《附008.Kubernetes TLS证书介绍及创建》。
4.2 创建secret
[root@master01 ingress]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo02.key -out demo02.crt -subj "/CN=demo02.odocker.com"
[root@master01 ingress]# kubectl create secret generic demo02-tls --from-file=demo02.crt --from-file=demo02.key -n default
[root@master01 ingress]# kubectl get secret demo02-tls
NAME TYPE DATA AGE
demo02-tls Opaque 2 27s
4.3 创建TLS ingress策略
[root@master01 ingress]# vi deploy-demo-ingress-https.yaml
1 apiVersion: extensions/v1beta12 kind: Ingress
3 metadata:
4name: ingress-mydemo02-https
5 namespace: default
6 annotations:
7 kubernets.io/ingress.class: "nginx"
8 spec:
9 tls:
10 - hosts:
11 - demo02.odocker.com
12 secretName: demo02-tls
13 rules:
14 - host: demo02.odocker.com
15 http:
16 paths:
17 - path:
18 backend:
19 serviceName: mydemo02svc
20 servicePort: 8080
[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-https.yaml
4.4 确认验证
浏览器访问:https://rancher.linuxsb.com/。
原文链接:https://www.cnblogs.com/itzgr/archive/2020/06/02/13030762.html
以上是 附020.Nginxingress部署及使用 的全部内容, 来源链接: utcz.com/z/517051.html
