kubernetes ingress基本使用记录

kubernetes Ingress 是什么在这里就不在详细解释了,它是外部访问kubernetes集群服务的三种中的一种方式之一

接下来就直接讲解如何部署ingress到kubernetes集群中(nginx ingress)

下载部署文件
链接地址 https://github.com/kubernetes/ingress-nginx/tree/nginx-0.19.0/deploy

下载的文件列表

[root@master-47-35 nginx]# cat namespace.yaml 
---

apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx
[root@master-47-35 ingress]# ls -l 
total 28
-rw-r--r-- 1 root root  153 Oct 15 14:14 configmap.yaml
-rw-r--r-- 1 root root 1429 Oct 15 14:13 default-backend.yaml
-rw-r--r-- 1 root root  216 Oct 15 14:31 nginx-ingress.yaml
-rw-r--r-- 1 root root 2390 Oct 15 14:16 rbac.yaml
-rw-r--r-- 1 root root  191 Oct 15 14:15 tcp-services-configmap.yaml
-rw-r--r-- 1 root root  191 Oct 15 14:16 udp-services-configmap.yaml
-rw-r--r-- 1 root root 2527 Oct 15 15:22 with-rbac.yaml

修改with-rbac.yaml文件

# 上面 对 两个 node 打了 label 所以配置 replicas: 2
# 修改 yaml 文件 增加 rbac 认证 , hostNetwork  还有 nodeSelector, 第二个 spec 下 增加。

vi with-rbac.yaml



spec:
  replicas: 2
  ....
    spec:
      serviceAccountName: nginx-ingress-serviceaccount
      hostNetwork: true
      nodeSelector:
        ingress: proxy
    ....
          # 这里添加一个 other 端口做为后续tcp转发
          ports:
          - name: http
            containerPort: 80
          - name: https
            containerPort: 443
          - name: other
            containerPort: 8888
[root@master-47-35 nginx]# curl 10.39.47.33
default backend - 404[root@master-47-35 nginx]# 

修改之后 with-rbac.yaml的内容

---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
    spec:
      serviceAccountName: nginx-ingress-serviceaccount
      hostNetwork: true
      nodeSelector:
        ingress: proxy
      containers:
        - name: nginx-ingress-controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0
          args:
            - /nginx-ingress-controller
            - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
            - --annotations-prefix=nginx.ingress.kubernetes.io
          securityContext:
            capabilities:
                drop:
                - ALL
                add:
                - NET_BIND_SERVICE
            # www-data -> 33
            runAsUser: 33
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
          - name: http
            containerPort: 80
          - name: https
            containerPort: 443
          - name: other
            containerPort: 8888
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1

打node label

kubectl label nodes slave-47-12 ingress=proxy
kubectl label nodes slave-47-33 ingress=proxy

查看打label的结果
kubernetes ingress基本使用记录_第1张图片

部署ingress

[root@master-47-35 ingress]# pwd
/root/nginx/ingress
[root@master-47-35 ingress]# ls -l 
total 28
-rw-r--r-- 1 root root  153 Oct 15 14:14 configmap.yaml
-rw-r--r-- 1 root root 1429 Oct 15 14:13 default-backend.yaml
-rw-r--r-- 1 root root  216 Oct 15 14:31 nginx-ingress.yaml
-rw-r--r-- 1 root root 2390 Oct 15 14:16 rbac.yaml
-rw-r--r-- 1 root root  191 Oct 15 14:15 tcp-services-configmap.yaml
-rw-r--r-- 1 root root  191 Oct 15 14:16 udp-services-configmap.yaml
-rw-r--r-- 1 root root 2527 Oct 15 15:22 with-rbac.yaml

kubectl create -f namespace.yaml
kubectl apply -f /root/nginx/ingress/

查看ingress部署结果

[root@master-47-35 ingress]# kubectl get pods -n ingress-nginx 
NAME                                        READY     STATUS    RESTARTS   AGE
default-http-backend-6b8d8b4f45-56sdz       1/1       Running   0          1h
nginx-ingress-controller-7d874679bb-b4dfk   1/1       Running   0          27m
nginx-ingress-controller-7d874679bb-nmpxb   1/1       Running   0          27m

验证
把default空间下的nginx服务通过ingress暴露出去

[root@master-47-35 ingress]# kubectl get svc 
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.254.0.1              443/TCP   52d
nginx-svc    ClusterIP   10.254.24.157           80/TCP    50d

ingress文件

[root@master-47-35 nginx]# cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

没有部署ingress之前10.39.47.33

[root@master-47-35 nginx]# curl 10.39.47.33
default backend - 404[root@master-47-35 nginx]#

kubernetes ingress基本使用记录_第2张图片

部署之后

[root@master-47-35 nginx]# kubectl create -f ingress.yaml 
ingress.extensions/test-ingress created
[root@master-47-35 nginx]# kubectl get ingress 
NAME           HOSTS     ADDRESS   PORTS     AGE
test-ingress   *                   80        8s
[root@master-47-35 nginx]# kubectl get ingress test-ingress
NAME           HOSTS     ADDRESS   PORTS     AGE
test-ingress   *                   80        13s
[root@master-47-35 nginx]# kubectl get ingress test-ingress -oyaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  creationTimestamp: 2018-10-15T07:54:34Z
  generation: 1
  name: test-ingress
  namespace: default
  resourceVersion: "8324359"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/test-ingress
  uid: 8e70f29e-d04f-11e8-8b84-5254e98192ae
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: nginx-svc
          servicePort: 80
        path: /
status:
  loadBalancer: {}

kubernetes ingress基本使用记录_第3张图片

[root@master-47-35 nginx]# curl 10.39.47.33

308 Permanent Redirect

308 Permanent Redirect


nginx/1.15.3

因为重定向到

[root@master-47-35 nginx]# curl -i 10.39.47.12
HTTP/1.1 308 Permanent Redirect
Server: nginx/1.15.3
Date: Mon, 15 Oct 2018 07:56:48 GMT
Content-Type: text/html
Content-Length: 187
Connection: keep-alive
Location: https://10.39.47.12/


308 Permanent Redirect

308 Permanent Redirect


nginx/1.15.3

end
参考:
k8s官方说明
ingress官方中文翻译
nginx-0.19.0/deploy
nginx annotations官方文档

你可能感兴趣的:(kubetnetes)