kubernetes Ingress Nginx Controller
kubernetes Ingress Nginx Controller
公众号: 云原生生态圈
发布于 2021-11-15 17:29:51
发布于 2021-11-15 17:29:51
文章被收录于专栏:云原生生态圈
克隆ingress-nginx-controller 仓库到本地
- 实验使用版本: https://github.com/opsenv/ingress-nginx
- 官方仓库地址: https://github.com/kubernetes/ingress-nginx
- fork仓库地址到opsenv下 部署的清单文件在deploy目录下,修改的配置清单已经在https://github.com/opsenv/ingress-nginx 下的deploy目录下
- 因为国内拉取ingress-nginx-controller很慢,所以先准备好镜像
docker pull bluerdocker/nginx-ingress-controller:0.21.0docker tag bluerdocker/nginx-ingress-controller:0.21.0 quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0- 安装ingress-nginx-controller
cd /opt/k8s/works/
git clone https://github.com/opsenv/ingress-nginxcd ingress-nginx/deploy
kubectl apply -f .
root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get pods -n ingress-nginxNAME READY STATUS RESTARTS AGE
nginx-ingress-controller-f7667b986-sgwr6 1/1 Running 0 72m
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get svc -n ingress-nginxNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.254.112.213 <none> 80:30756/TCP,443:30135/TCP 47m
root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get configmap -n ingress-nginxNAME DATA AGE
ingress-controller-leader-nginx 0 3d16h
nginx-configuration 0 3d16h
tcp-services 0 3d16h
udp-services 0 3d16h- 部署一个app
使用replicaset创建pod
replicaSet-demo1.yaml
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: myapp-rs
namespace: devops
spec:
replicas: 2
selector:
matchLabels:
app: myapp
release: canary
env: dev
template:
metadata:
name: myapp-rs-pod
namespace: devops
labels:
app: myapp
release: canary
env: dev
spec:
containers:
- name: myapp-rs-container
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443kubectl apply -f replicaSet-demo1.yaml
root@k8s-m1:/opt/k8s/work/manifests# kubectl get rs -n devopsNAME DESIRED CURRENT READY AGE
myapp-rs 2 2 2 2m50s
root@k8s-m1:/opt/k8s/work/manifests# kubectl get pods -n devopsNAME READY STATUS RESTARTS AGE
myapp-rs-7hbcx 1/1 Running 0 3m1s
myapp-rs-rm5qq 1/1 Running 0 3m1s- 为myapp pod创建一个服务
创建名为myapp-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: devops
spec:
selector:
app: myapp
release: canary
clusterIP: 10.254.189.200
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 80- 给myapp创建一个ingress资源
创建名为ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: devops
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.xsllab.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get ingress -n devopsNAME HOSTS ADDRESS PORTS AGE
ingress-myapp myapp.xsllab.com 80 3d15h- 查看ingress-nginx-controller中的变化
root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get pods -n ingress-nginxNAME READY STATUS RESTARTS AGE
nginx-ingress-controller-f7667b986-sgwr6 1/1 Running 0 3d16h
kubectl exec -it nginx-ingress-controller-f7667b986-sgwr6 -n ingress-nginx -- /bin/bash
www-data@nginx-ingress-controller-f7667b986-sgwr6:/etc/nginx$ cat nginx.conf |grep myapp## start server myapp.xsllab.comserver_name myapp.xsllab.com ;set $ingress_name "ingress-myapp";set $service_name "myapp";set $proxy_upstream_name "devops-myapp-80";## end server myapp.xsllab.comroot@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get svc -n ingress-nginxNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.254.112.213 <none> 80:30756/TCP,443:30135/TCP 3d16h
root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# echo "192.168.10.247 myapp.xsllab.com" >> /etc/hostsroot@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# curl http://myapp.xsllab.com:30756Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# curl http://myapp.xsllab.com:30756/hostname.htmlmyapp-rs-7hbcx- 通过secret配置一个ssl证书
openssl genrsa -out tls.key 2048openssl req -new -x509 -key tls.key -out tls-myapp.crt -subj /C=CN/ST=Beijing/L=Beijing/CN=myapp.xsllab.com
kubectl create secret tls myapp-ingress-secret --cert=tls-myapp.crt --key=tls.key -n devops
root@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get secret -n devopsNAME TYPE DATA AGE
default-token-wqr7h kubernetes.io/service-account-token 3 15d
myapp-ingress-secret kubernetes.io/tls 2 24s
tomcat-ingress-secret kubernetes.io/tls 2 3d15h
kubectl describe secret myapp-ingress-secret -n devops- 给myapp配置一个机遇tls的服务
创建名称为: ingress-myapp-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp-tls
namespace: devops
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.xsllab.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80
tls:
- hosts:
- myapp.xsllab.com
secretName: myapp-ingress-secretroot@k8s-m1:/opt/k8s/work/manifests/ingress-nginx/deploy# kubectl get ingress -n devopsNAME HOSTS ADDRESS PORTS AGE
ingress-myapp myapp.xsllab.com 80 3d16h
ingress-myapp-tls myapp.xsllab.com 80, 443 18s
ingress-tomcat tomcat.xsllab.com 80 3d15h
ingress-tomcat-tls tomcat.xsllab.com 80, 443 3d15h- 在浏览器中访问的话就需要使用443对应的NodePort访问
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2019-08-08,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
相关产品与服务
容器服务
腾讯云容器服务(Tencent Kubernetes Engine, TKE)基于原生 kubernetes 提供以容器为核心的、高度可扩展的高性能容器管理服务,覆盖 Serverless、边缘计算、分布式云等多种业务部署场景,业内首创单个集群兼容多种计算节点的容器资源管理模式。同时产品作为云原生 Finops 领先布道者,主导开源项目Crane,全面助力客户实现资源优化、成本控制。
腾讯云开发者
