下载所需:https://github.com/kubernetes/ingress-nginx/tree/nginx-0.17.1
创建一个目录
mkdir -p /data [root@master ~]# tar xf ingress-nginx-nginx-0.17.1.tar.gz -C /data/ [root@master deploy]# cd /data/ingress-nginx-nginx-0.17.1/deploy
修改mandatory.yaml与with-rbac.yaml
apiVersion: apps/v1 #把 extensions/v1beta1修改成apps/v1;两个文件一样操作 kind: Deployment
创建名称空间资源
[root@master deploy]# kubectl apply -f namespace.yaml namespace/ingress-nginx created
把剩下的yaml文件全部创建出来
[root@master deploy]# kubectl apply -f ./ configmap/nginx-configuration created service/default-http-backend created namespace/ingress-nginx unchanged deployment.apps/default-http-backend created service/default-http-backend unchanged configmap/nginx-configuration unchanged configmap/tcp-services created configmap/udp-services created serviceaccount/nginx-ingress-serviceaccount created clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created role.rbac.authorization.k8s.io/nginx-ingress-role created rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created namespace/ingress-nginx unchanged serviceaccount/nginx-ingress-serviceaccount unchanged clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole unchanged role.rbac.authorization.k8s.io/nginx-ingress-role unchanged rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding unchanged clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding unchanged configmap/tcp-services unchanged configmap/udp-services unchanged deployment.apps/nginx-ingress-controller created unable to recognize "default-backend.yaml": no matches for kind "Deployment" in version "extensions/v1beta1" unable to recognize "mandatory.yaml": no matches for kind "Deployment" in version "extensions/v1beta1"
查看创建的pod
[root@master deploy]# kubectl get -n ingress-nginx pods NAME READY STATUS RESTARTS AGE default-http-backend-75b5c88cd6-5z8kg 1/1 Running 0 7m22s nginx-ingress-controller-7c457c5b84-zbr9n 1/1 Running 0 7m21s
创建后端应用pod
[root@master data]# vim depl-server-web.yaml apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: selector: app: myapp-cx cx: cx ports: - name: http targetPort: 80 port: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: myapp-dp namespace: default spec: replicas: 2 revisionHistoryLimit: 5 selector: matchLabels: app: myapp-cx cx: cx strategy: rollingUpdate: maxSurge: 3 type: RollingUpdate template: metadata: labels: app: myapp-cx cx: cx name: myapp-dp namespace: default spec: containers: - name: myapp-f image: ikubernetes/myapp:v2 ports: - name: httpd containerPort: 80 livenessProbe: tcpSocket: port: 80
启动创建
[root@master data]# kubectl apply -f depl-server-web.yaml service/myapp created deployment.apps/myapp-dp created [root@master data]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1443/TCP 114d myapp ClusterIP 10.96.177.23 80/TCP 13s mysql ClusterIP 10.96.177.112 3306/TCP 93d [root@master data]# kubectl get pods NAME READY STATUS RESTARTS AGE myapp-dp-75889b7b8c-kcddh 1/1 Running 0 50s myapp-dp-75889b7b8c-p9cfk 1/1 Running 0 50s
编写ingress-nginx与podserver建立的配置文件
[root@master baremetal]# cd /data/ingress-nginx-nginx-0.17.1/deploy/provider/baremetal/ [root@master baremetal]# vim service-nodeport.yaml 修改这个文件 apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP nodePort: 30080 添加节点监听的端口 - name: https port: 443 targetPort: 443 protocol: TCP nodePort: 30443 添加节点监听的端口 selector: app: ingress-nginx [root@master baremetal]# kubectl apply -f service-nodeport.yaml service/ingress-nginx created [root@master baremetal]# kubectl get -n ingress-nginx svc 查看创建的svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default-http-backend ClusterIP 10.96.24.10080/TCP 51m ingress-nginx NodePort 10.96.234.141 80:30080/TCP,443:30443/TCP 45s
浏览器访问NodeIP加端口号测试
[root@master baremetal]# curl http://192.168.10.21:30080/ default backend - 404 [root@master baremetal]# curl http://192.168.10.21:30443/400 The plain HTTP request was sent to HTTPS port 400 Bad Request
The plain HTTP request was sent to HTTPS port nginx/1.13.12
创建于后端建立关系的ingress的资源
[root@master baremetal]# cat ingress-nginx.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress namespace: default annotations: kubernetes.io/ingress.class: "nginx" spec: rules: - host: www.chenxi.com 监听的主机名server_name http: paths: - path: 不写表示跟路径 backend: serviceName: myapp 引用到那个service上 servicePort: 80 servervice 监听的端口
创建并测试
[root@master baremetal]# kubectl apply -f ingress-nginx.yaml ingress.extensions/ingress created [root@master baremetal]# kubectl describe ingress 查看相关资源 Name: ingress Namespace: default Address: Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- www.chenxi.com myapp:80 (10.244.1.56:80,10.244.2.46:80) Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/i ngress.class":"nginx"},"name":"ingress","namespace":"default"},"spec":{"rules":[{"host":"www.chenxi.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":null}]}}]}} kubernetes.io/ingress.class: nginx Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CREATE 11m nginx-ingress-controller Ingress default/ingress [root@master baremetal]# vim /etc/hosts 主机名解析 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.20 master 192.168.10.21 node01 www.chenxi.com 192.168.10.22 node02 [root@master baremetal]# curl http://www.chenxi.com:30080 Hello MyApp | Version: v2 | Pod Name
进入pod内部
[root@master ~]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-7c457c5b84-zbr9n -- /bin/sh $ ls
创建HTTPS会话卸载代理至tomcat创建tomcat pod以及server
[root@master data]# cat depl-tomcat.yaml apiVersion: v1 kind: Service metadata: name: tomcat namespace: default spec: selector: app: tomcat cx: tomcat-cx ports: - name: http targetPort: 8080 port: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: name: tomcat namespace: default spec: replicas: 3 revisionHistoryLimit: 5 selector: matchLabels: app: tomcat cx: tomcat-cx strategy: rollingUpdate: maxSurge: 3 type: RollingUpdate template: metadata: labels: app: tomcat cx: tomcat-cx name: tomcat namespace: default spec: containers: - name: myapp-f image: tomcat ports: - name: httpd containerPort: 8080 livenessProbe: tcpSocket: port: 8080
创建
[root@master baremetal]# kubectl apply -f ingress-tomcat.yaml
编写ingress资源;service-nodeport.yaml文件里如果不写默认是映射80端口的那个端口
[root@master baremetal]# cat ingress-tomcat.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-tomcat namespace: default annotations: kubernetes.io/ingress.class: "nginx" spec: rules: - host: www.cx.com http: paths: - path: backend: serviceName: tomcat servicePort: 8080
启动
[root@master baremetal]# kubectl apply -f ingress-tomcat.yaml ingress.extensions/ingress configured [root@master baremetal]# kubectl describe ingress ingress-tomcat Name: ingress-tomcat Namespace: default Address: Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- www.cx.com tomcat:8080 (10.244.1.57:8080,10.244.2.47:8080,10.244.2.48:8080) Annotations: kubernetes.io/ingress.class: nginx kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/i ngress.class":"nginx"},"name":"ingress-tomcat","namespace":"default"},"spec":{"rules":[{"host":"www.cx.com","http":{"paths":[{"backend":{"serviceName":"tomcat","servicePort":8080},"path":null}]}}]}} Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CREATE 23s nginx-ingress-controller Ingress default/ingress-tomcat
测试
[root@master baremetal]# curl http://www.cx.com:30080HTTP Status 404 – Not Found HTTP Status 404 – Not Found
Type Status Report
Message Not found
Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
Apache Tomcat/8.5.54
实现https创建证书文件
[root@master baremetal]# openssl genrsa -out tls.key 2048 [root@master baremetal]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/o=DevOps/CN=www.cx.com [root@master baremetal]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key secret/tomcat-ingress-secret created
修改ingress-tomcat.yaml 文件
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-tomcat namespace: default annotations: kubernetes.io/ingress.class: "nginx" spec: tls: 添加tls - hosts: 主机名 - www.cx.com secretName: tomcat-ingress-secret 哪里读取文件 rules: - host: www.cx.com http: paths: - path: backend: serviceName: tomcat servicePort: 8080
更新测试
[root@master baremetal]# kubectl apply -f ingress-tomcat.yaml ingress.extensions/ingress-tomcat configured
测试https://www.cx.com:30443/