kubernetes ingress基本使用记录
kubernetes Ingress 是什么在这里就不在详细解释了,它是外部访问kubernetes集群服务的三种中的一种方式之一
接下来就直接讲解如何部署ingress到kubernetes集群中(nginx ingress)
下载部署文件
链接地址 https://github.com/kubernetes/ingress-nginx/tree/nginx-0.19.0/deploy
下载的文件列表
[root@master-47-35 nginx]# cat namespace.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
[root@master-47-35 ingress]# ls -l
total 28
-rw-r--r-- 1 root root 153 Oct 15 14:14 configmap.yaml
-rw-r--r-- 1 root root 1429 Oct 15 14:13 default-backend.yaml
-rw-r--r-- 1 root root 216 Oct 15 14:31 nginx-ingress.yaml
-rw-r--r-- 1 root root 2390 Oct 15 14:16 rbac.yaml
-rw-r--r-- 1 root root 191 Oct 15 14:15 tcp-services-configmap.yaml
-rw-r--r-- 1 root root 191 Oct 15 14:16 udp-services-configmap.yaml
-rw-r--r-- 1 root root 2527 Oct 15 15:22 with-rbac.yaml
修改with-rbac.yaml文件
# 上面 对 两个 node 打了 label 所以配置 replicas: 2
# 修改 yaml 文件 增加 rbac 认证 , hostNetwork 还有 nodeSelector, 第二个 spec 下 增加。
vi with-rbac.yaml
spec:
replicas: 2
....
spec:
serviceAccountName: nginx-ingress-serviceaccount
hostNetwork: true
nodeSelector:
ingress: proxy
....
# 这里添加一个 other 端口做为后续tcp转发
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: other
containerPort: 8888
[root@master-47-35 nginx]# curl 10.39.47.33
default backend - 404[root@master-47-35 nginx]#
修改之后 with-rbac.yaml的内容
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
spec:
serviceAccountName: nginx-ingress-serviceaccount
hostNetwork: true
nodeSelector:
ingress: proxy
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: other
containerPort: 8888
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
打node label
kubectl label nodes slave-47-12 ingress=proxy
kubectl label nodes slave-47-33 ingress=proxy
查看打label的结果
部署ingress
[root@master-47-35 ingress]# pwd
/root/nginx/ingress
[root@master-47-35 ingress]# ls -l
total 28
-rw-r--r-- 1 root root 153 Oct 15 14:14 configmap.yaml
-rw-r--r-- 1 root root 1429 Oct 15 14:13 default-backend.yaml
-rw-r--r-- 1 root root 216 Oct 15 14:31 nginx-ingress.yaml
-rw-r--r-- 1 root root 2390 Oct 15 14:16 rbac.yaml
-rw-r--r-- 1 root root 191 Oct 15 14:15 tcp-services-configmap.yaml
-rw-r--r-- 1 root root 191 Oct 15 14:16 udp-services-configmap.yaml
-rw-r--r-- 1 root root 2527 Oct 15 15:22 with-rbac.yaml
kubectl create -f namespace.yaml
kubectl apply -f /root/nginx/ingress/
查看ingress部署结果
[root@master-47-35 ingress]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
default-http-backend-6b8d8b4f45-56sdz 1/1 Running 0 1h
nginx-ingress-controller-7d874679bb-b4dfk 1/1 Running 0 27m
nginx-ingress-controller-7d874679bb-nmpxb 1/1 Running 0 27m
验证
把default空间下的nginx服务通过ingress暴露出去
[root@master-47-35 ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.254.0.1 443/TCP 52d
nginx-svc ClusterIP 10.254.24.157 80/TCP 50d
ingress文件
[root@master-47-35 nginx]# cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
没有部署ingress之前10.39.47.33
[root@master-47-35 nginx]# curl 10.39.47.33
default backend - 404[root@master-47-35 nginx]#
部署之后
[root@master-47-35 nginx]# kubectl create -f ingress.yaml
ingress.extensions/test-ingress created
[root@master-47-35 nginx]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
test-ingress * 80 8s
[root@master-47-35 nginx]# kubectl get ingress test-ingress
NAME HOSTS ADDRESS PORTS AGE
test-ingress * 80 13s
[root@master-47-35 nginx]# kubectl get ingress test-ingress -oyaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
creationTimestamp: 2018-10-15T07:54:34Z
generation: 1
name: test-ingress
namespace: default
resourceVersion: "8324359"
selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/test-ingress
uid: 8e70f29e-d04f-11e8-8b84-5254e98192ae
spec:
rules:
- http:
paths:
- backend:
serviceName: nginx-svc
servicePort: 80
path: /
status:
loadBalancer: {}
[root@master-47-35 nginx]# curl 10.39.47.33
308 Permanent Redirect
308 Permanent Redirect
nginx/1.15.3
因为重定向到
[root@master-47-35 nginx]# curl -i 10.39.47.12
HTTP/1.1 308 Permanent Redirect
Server: nginx/1.15.3
Date: Mon, 15 Oct 2018 07:56:48 GMT
Content-Type: text/html
Content-Length: 187
Connection: keep-alive
Location: https://10.39.47.12/
308 Permanent Redirect
308 Permanent Redirect
nginx/1.15.3
end
参考:
k8s官方说明
ingress官方中文翻译
nginx-0.19.0/deploy
nginx annotations官方文档