kubernetes部署Ingress-nginx
Ingress-nginx简介
Pod的IP以及service IP只能在集群内访问,如果想在集群外访问kubernetes提供的服务,可以使用nodeport、proxy、loadbalacer以及ingress等方式,由于service的IP集群外不能访问,就是使用ingress方式再代理一次,即ingress代理service,service代理pod.
Ingress基本原理图如下:
部署nginx-ingress-controller
github地址
https://github.com/kubernetes/ingress-nginx
https://kubernetes.github.io/ingress-nginx/
下载nginx-ingress-controller配置文件
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.21.0/deploy/mandatory.yaml
修改镜像路径
#替换镜像路径
[centos@k8s-master ~]$ vim mandatory.yaml
......
#image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
image: willdockerhub/nginx-ingress-controller:0.21.0
......
#执行yaml文件部署
[centos@k8s-master ~]$
[centos@k8s-master ~]$ kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.extensions/nginx-ingress-controller created
[centos@k8s-master ~]$
nodeport方式对外提供服务:
通过ingress-controller对外提供服务,现在还需要手动给ingress-controller建立一个servcie,接收集群外部流量。
service-nodeport配置文件:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
执行yaml
[centos@k8s-master ~]$ kubectl apply -f service-nodeport.yaml
service/ingress-nginx created
[centos@k8s-master ~]$
查看ingress-nginx组件状态
[centos@k8s-master ~]$ kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-6bdcbbdfdc-wd2bn 1/1 Running 0 24s
[centos@k8s-master ~]$ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.104.138.113 <none> 80:30737/TCP,443:31952/TCP 13s
[centos@k8s-master ~]$
查看创建的ingress service暴露的端口:
[centos@k8s-master ~]$ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.102.214.165 <none> 80:32211/TCP,443:32294/TCP 13m
创建ingress-nginx后端服务
1.创建一个Service及后端Deployment(以nginx为例)
[centos@k8s-master ~]$ vim deploy-demon.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp
release: canary
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
spec:
replicas: 2
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: httpd
containerPort: 80
创建相关服务及检查状态是否就绪
[centos@k8s-master ~]$ kubectl apply -f deploy-demon.yaml
service/myapp unchanged
deployment.apps/myapp-deploy configured
[centos@k8s-master ~]$
[centos@k8s-master ~]$ kubectl get pods
NAME READY STATUS RESTARTS AGE
myapp-deploy-5cc79fc966-2228d 1/1 Running 0 62s
myapp-deploy-5cc79fc966-42w2d 1/1 Running 0 62s
创建myapp的ingress规则
[centos@k8s-master ~]$ vim ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.magedu.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80
查看创建的ingress规则
[centos@k8s-master ~]$ kubectl apply -f ingress-myapp.yaml
ingress.extensions/ingress-myapp created
[centos@k8s-master ~]$ kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
ingress-myapp myapp.magedu.com 80 11s
[centos@k8s-master ~]$
查看ingress-default-backend的详细信息:
[centos@k8s-master ~]$ kubectl exec -n ingress-nginx -ti nginx-ingress-controller-6bdcbbdfdc-wd2bn -- /bin/sh
$ cat nginx.conf
......
## start server myapp.magedu.com
server {
server_name myapp.magedu.com ;
listen 80;
set $proxy_upstream_name "-";
location / {
set $namespace "default";
set $ingress_name "ingress-myapp";
set $service_name "myapp";
set $service_port "80";
set $location_path "/";
......
配置集群外域名解析,当前测试环境我们使用windows hosts文件进行解析
92.168.92.56 myapp.magedu.com
92.168.92.57 myapp.magedu.com
92.168.92.58 myapp.magedu.com
使用域名进行访问:
