部署前将之前部署的ingress-nginx删除:
[kubeadm@server1 ~]$ kubectl delete namespaces ingress-nginx //清除之前的部署
namespace "ingress-nginx" deleted
[kubeadm@server1 ~]$ kubectl get ingress
No resources found in default namespace.
[kubeadm@server1 ~]$
拉取并解压部署文件:
[kubeadm@server1 ~]$ helm search repo nginx-ingress
NAME CHART VERSION APP VERSION DESCRIPTION
stable/nginx-ingress 1.36.3 0.30.0 An nginx Ingress controller that uses ConfigMap...
stable/nginx-lego 0.3.1 Chart for nginx-ingress-controller and kube-lego
[kubeadm@server1 ~]$
[kubeadm@server1 ~]$ cd helm
[kubeadm@server1 helm]$ helm pull stable/nginx-ingress
[kubeadm@server1 helm]$ tar zxf nginx-ingress-1.36.3.tgz
[kubeadm@server1 helm]$ cd nginx-ingress/
[kubeadm@server1 nginx-ingress]$ ls
Chart.yaml ci OWNERS README.md templates values.yaml
更改变量文件 values.yaml
[kubeadm@server1 nginx-ingress]$ vim values.yaml
镜像及标签:
使用主机网络且daemoSet使用主机端口打开:
更改控制器类型为DaemoSet:
指定节点选择规则:
由于我们使用的是hostnetwork的方式,因此不创建service
定义deafultBackend:
修改完成。
创建独立的namespace
[kubeadm@server1 nginx-ingress]$ kubectl create namespace nginx-ingress
namespace/nginx-ingress created
[kubeadm@server1 nginx-ingress]$
安装部署
[kubeadm@server1 nginx-ingress]$ ls
Chart.yaml ci OWNERS README.md templates values.yaml
[kubeadm@server1 nginx-ingress]$ helm -n nginx-ingress install nginx-ingress .
NAME: nginx-ingress
LAST DEPLOYED: Fri May 15 14:06:04 2020
NAMESPACE: nginx-ingress
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
......
查看:
[kubeadm@server1 nginx-ingress]$ helm -n nginx-ingress list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
nginx-ingress nginx-ingress 1 2020-05-15 14:06:04.084109462 +0800 CSTdeployed nginx-ingress-1.36.3 0.30.0
[kubeadm@server1 nginx-ingress]$
部署完成
(1)定义deployment控制器 维护pod
apiVersion: apps/v1
kind: Deployment //Deployment
metadata:
name: deployment-nginx
labels:
app: nginx
spec:
replicas: 2 //2个pod
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx //标签
spec:
containers:
- name: nginx
image: k8s/myapp:v1
ports:
- containerPort: 80
[kubeadm@server1 nginx-ingress]$ vim deployment.yaml
[kubeadm@server1 nginx-ingress]$ kubectl apply -f deployment.yaml
deployment.apps/deployment-nginx created
[kubeadm@server1 nginx-ingress]$ kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
deployment-nginx-77d4c6fc75-dzqh7 1/1 Running 0 18s app=nginx,pod-template-hash=77d4c6fc75
deployment-nginx-77d4c6fc75-k6qpz 1/1 Running 0 18s app=nginx,pod-template-hash=77d4c6fc75
nfs-client-provisioner-6bf974db79-kd987 1/1 Running 1 18h app=nfs-client-provisioner,pod-template-hash=6bf974db79
[kubeadm@server1 nginx-ingress]$
(2)创建名为myservice
的service 关联后端的pod
apiVersion: v1
kind: Service
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: nginx //标签匹配 app=nginx
type: ClusterIP
[kubeadm@server1 nginx-ingress]$ kubectl apply -f service.yaml
service/myservice created
[kubeadm@server1 nginx-ingress]$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23d
myservice ClusterIP 10.103.188.143 <none> 80/TCP 4s
[kubeadm@server1 nginx-ingress]$
[kubeadm@server1 nginx-ingress]$ kubectl describe svc myservice
Name: myservice
Namespace: default
Labels: <none>
Annotations: Selector: app=nginx
Type: ClusterIP
IP: 10.103.188.143
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.161:80,10.244.2.93:80 //两个后端
Session Affinity: None
Events: <none>
[kubeadm@server1 nginx-ingress]$
(3)创建ingress (控制关联service)
[kubeadm@server1 nginx-ingress]$ cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
# namespace:
spec:
rules:
- host: www1.westos.org //网址
http:
paths:
- backend:
serviceName: myservice //匹配服务:myservice
servicePort: 80
path: /
[kubeadm@server1 nginx-ingress]$ kubectl apply -f ingress.yaml
ingress.extensions/example created
查看创建的ingress的详细信息
在外部访问(需要做www1.westos.org的解析):
[root@foundation8 kiosk]# cat /etc/hosts // server3上要有www1.westos.org的解析
172.25.0.3 www1.westos.org www2.westos.org www3.westos.org
[root@foundation8 Downloads]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]#
[root@foundation8 kiosk]# curl www1.westos.org/hostname.html // 可以负载均衡
nginx-deployment-5c58fb7c46-qmmms
[root@foundation8 kiosk]# curl www1.westos.org/hostname.html
nginx-deployment-5c58fb7c46-57z8g
(1)生成tls密钥和证书
[kubeadm@server1 nginx-ingress]$ cd certs/
[kubeadm@server1 certs]$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
Generating a 2048 bit RSA private key
.................................................................................................................+++
..................................................................................................................................................+++
writing new private key to 'tls.key'
-----
[kubeadm@server1 certs]$ ls
tls.crt tls.key
[kubeadm@server1 certs]$
(2)将生成的证书和key保存到secret里面:
[kubeadm@server1 certs]$ kubectl create secret tls tls-secret --key tls.key --cert tls.crt
secret/tls-secret created
[kubeadm@server1 certs]$ kubectl get secrets
NAME TYPE DATA AGE
default-token-jhnhn kubernetes.io/service-account-token 3 23d
myregistry kubernetes.io/dockerconfigjson 1 17d
nfs-client-provisioner-token-lq8b9 kubernetes.io/service-account-token 3 18h
test-token-pbr8q kubernetes.io/service-account-token 3 10d
tls-secret kubernetes.io/tls 2 8s
[kubeadm@server1 certs]$
(3)修改ingress文件:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
# namespace:
spec:
rules:
- host: www1.westos.org
http:
paths:
- backend:
serviceName: myservice
servicePort: 80
path: /
tls: //打开tls
- hosts:
- www1.westos.org
secretName: tls-secret
[kubeadm@server1 nginx-ingress]$ kubectl apply -f ingress1.yaml
ingress.extensions/example created
[kubeadm@server1 nginx-ingress]$
(4)在浏览器访问https://www1.westos.org
[root@foundation8 Downloads]# curl https://www1.westos.org -k
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl https://www1.westos.org -k
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl https://www1.westos.org -k
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]#