helm部署ingress-nginx(ClusterIP)


Ingress 其实就是从 Kuberenets 集群外部访问集群的一个入口,将外部的请求转发到集群内不同的 Service 上,其实就相当于 nginx、haproxy 等负载均衡代理服务器,可能你会觉得我们直接使用 nginx 就实现了,但是只使用 nginx 这种方式有很大缺陷,每次有新服务加入的时候怎么改 Nginx 配置?不可能让我们去手动更改或者滚动更新前端的 Nginx Pod 吧?那我们再加上一个服务发现的工具比如 consul 如何?貌似是可以,对吧?Ingress 实际上就是这样实现的,只是服务发现的功能自己实现了,不需要使用第三方的服务了,然后再加上一个域名规则定义,路由信息的刷新依靠 Ingress Controller 来提供。

Ingress Controller 可以理解为一个监听器,通过不断地监听 kube-apiserver,实时的感知后端 Service、Pod 的变化,当得到这些信息变化后,Ingress Controller 再结合 Ingress 的配置,更新反向代理负载均衡器,达到服务发现的作用。其实这点和服务发现工具 consul、 consul-template 非常类似。

helm部署ingress-nginx(ClusterIP)_第1张图片
image.png

NGINX Ingress Controller 是使用 Kubernetes Ingress 资源对象构建的,用 ConfigMap 来存储 Nginx 配置的一种 Ingress Controller 实现。
要使用 Ingress 对外暴露服务,就需要提前安装一个 Ingress Controller,我们这里就先来安装 NGINX Ingress Controller,由于 nginx-ingress 所在的节点需要能够访问外网,这样域名可以解析到这些节点上直接使用,所以需要让 nginx-ingress 绑定节点的 80 和 443 端口,所以可以使用 hostPort 来进行访问,当然对于线上环境来说为了保证高可用,一般是需要运行多个 nginx-ingress 实例的,然后可以用一个 nginx/haproxy 作为入口,通过 keepalived 来访问边缘节点的 vip 地址。

➜ 下载资源清单
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm fetch ingress-nginx/ingress-nginx
tar -xvf ingress-nginx-3.15.2.tgz
#指定k8s-node-1节点部署 具体看自己指定k8s-master-1都可以
kubectl label nodes k8s-node-1 Ingress=nginx
kubectl get nodes k8s-node-1 --show-labels
➜ 修改内容
# values.yaml
controller:
  name: controller
  image:
    repository: cnych/ingress-nginx #修改此处
    tag: "v0.41.2"
    digest: #修改此处

  dnsPolicy: ClusterFirstWithHostNet #修改此处
  hostNetwork: true #新增此处

  publishService:  # hostNetwork 模式下设置为false,通过节点IP地址上报ingress status数据
    enabled: false #修改此处

  kind: DaemonSet #修改此处

  nodeSelector: 
    role: lb # 这里要注意:如果是生产可以lb模式 如果是测试的话填写: Ingress: nginx 即可 #修改此处

  service:  # HostNetwork 模式不需要创建service
    enabled: false #修改此处

defaultBackend:
  enabled: true #修改此处
  name: defaultbackend
  image:
    repository: cnych/ingress-nginx-defaultbackend #修改此处
    tag: "1.5"

➜ 
kubectl create ns ingress-nginx
helm install --namespace ingress-nginx ingress-nginx ./ingress-nginx -f ./ingress-nginx/values.yaml
NAME: ingress-nginx
LAST DEPLOYED: Fri Apr  2 15:54:49 2021
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller'

An example Ingress that makes use of the controller:

  apiVersion: networking.k8s.io/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: 
    tls.key: 
  type: kubernetes.io/tls

➜ 注: ingress-nginx 部署成功。
POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -n ingress-nginx -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -n ingress-nginx -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       v0.41.2
  Build:         d8a93551e6e5798fc4af3eb910cef62ecddc8938
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.19.4

-------------------------------------------------------------------------------

kubectl get pod,service,ingress
➜ 创建一个 nginx 应用创建一个 Ingress 资源试试。
[17:13:35root@k8s-master-1 ~/test]#cat ngdemo.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  replicas: 5
  selector:
    matchLabels:
      app: my-nginx
  template:
    metadata:
      labels:
        app: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: nginx
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    app: my-nginx
spec:
  ports:
  - port: 80
    protocol: TCP
    name: http
  selector:
    app: my-nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-nginx
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: ngdemo.qikqiak.com  # 将域名映射到 my-nginx 服务
    http:
      paths:
      - path: /
        backend:
          serviceName: my-nginx  # 将所有请求发送到 my-nginx 服务的 80 端口
          servicePort: 80     # 不过需要注意大部分Ingress controller都不是直接转发到Service
                            # 而是只是通过Service来获取后端的Endpoints列表,直接转发到Pod,这样可以减少网络跳转,提高性能
注意:我们在 Ingress 资源对象中添加了一个 annotations:kubernetes.io/ingress.class: "nginx",这就是指定让这个 Ingress 通过 nginx-ingress 来处理。

kubectl get pod,service,ingress -o wide -A
kubectl get ingress -o wide --all-namespaces

➜ 验证域名
echo "192.168.73.136 ngdemo.qikqiak.com" >> /etc/hosts
helm部署ingress-nginx(ClusterIP)_第2张图片
image.png
后端api-demo部署
[root@k8s-master-1 demo]# cat demo-deploy-service-ingress.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: k8s-demo
  namespace: spring-test-demo-api
  labels:
    name: k8s-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      name: k8s-demo
  template:
    metadata:
      labels:
        name: k8s-demo
    spec:
      containers:
      - name: k8s-demo
        image: jackylovelk/demo:v2.0
        ports:
        - containerPort: 8080
        imagePullPolicy: Always

---
kind: Service
apiVersion: v1
metadata:
  name: k8s-demo
  namespace: spring-test-demo-api
spec:
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
  selector:
    name: k8s-demo

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: k8s-demo
  namespace: spring-test-demo-api
spec:
  rules:
  - host: ngdemo-api.qikqiak.com
    http:
      paths:
      - path: /
        backend:
          serviceName: k8s-demo
          servicePort: 8080

helm部署ingress-nginx(ClusterIP)_第3张图片
image.png

本文参考原创作者:https://blog.51cto.com/15077560/2584012

你可能感兴趣的:(helm部署ingress-nginx(ClusterIP))