k8s Ingress-nginx ingress服务
文章目录
- 一、Ingress部署
- 二、Ingress-nginx+域名解析
- 三、Ingress TLS 配置
- Ingress 认证配置
一、Ingress部署
从官网获取文件
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
然后上传到集群harbor仓库
然后应用文件
kubectl apply -f deploy.yaml
然后修改
kubectl -n ingress-nginx edit svc ingress-nginx-controller
将type改成LoadBalancer
然后查看ns
查看完整内容
如果svc里面没有出现ingress-nginx-controller 的EXTERNAL-IP 则参考此连接文章的LoadBalancer 将这个类型部署一个ConfigMap
vim configmap.yaml
二、Ingress-nginx+域名解析
vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: myapp:v1
kubectl apply -f deployment.yaml
创建服务
vim svc.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: nginx
---
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
应用
kubectl apply -f svc.yaml
查看 kubectl get svc
kubectl describe svc nginx-svc
ingress.yaml下赋予域名匹配,用于匹配service
vim ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
annotations:
nginx.ingress.kubernetes.io/app-root: /westos
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - cyl'
spec:
tls:
- hosts:
- www1.westos.org
secretName: tls-secret
rules:
- host: www1.westos.org
http:
paths:
- path: /westos(/|$(.*))
backend:
serviceName: nginx-svc
servicePort: 80
kubectl get ingress
然后应用
kubecyl applf -f ingress.yaml
在真机里面
curl www1.westos.org
记得写解析
三、Ingress TLS 配置
首先创建crt和key,然后生成secret
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt
然后把写的加入配置文件
然后应用
kubectl apply -f ingress.yaml
查看创建的secret
kubectl get secrets
然后查看创建的ingress
查看这个ingress的具体信息,可以看到已经配置了TLS
测试 curl www1.westos.org -I
可以看到跳转到了 https://www1.westos.org
Ingress 认证配置
yum install -y httpd-tools
htpasswd -c auth cyl
kubectl create secret generic basic-auth --from-file=auth
然后编辑文件
加入认证
kubectl apply -f ingress.yaml
kubectl describe ingress
然后就访问需要认证