-
k8s--基础--29.2--ingress--安装Ingress Controller和配置Ingress
k8s–基础–29.2–ingress–安装Ingress Controller和配置Ingress
1、使用Ingress功能的步骤
1. 安装部署ingress controller Pod 2. 部署Ingress-controller的service,以实现接入集群外部流量 3. 测试代理 后端服务 1. 部署后端服务,并通过service进行暴露 1. 我这里的案例是 myapp 2. 部署ingress,进行定义规则,使Ingress-controller和后端服务的Pod组进行关联- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
2、安装Ingress Controller
- master1节点操作
- 脚本位置
2.1、创建名称空间
2.1.1、脚本
vi /root/ingress/namespace.yaml- 1
内容
apiVersion: v1 kind: Namespace metadata: name: ingress-nginx- 1
- 2
- 3
- 4
- 5
- 6
2.1.2、执行脚本
# 执行 kubectl apply -f /root/ingress/namespace.yaml # 查看你 kubectl get namespace- 1
- 2
- 3
- 4
- 5
2.2、创建配置文件 configmap.yaml
2.2.1、脚本
vi /root/ingress/configmap.yaml- 1
内容
kind: ConfigMap apiVersion: v1 metadata: # ConfigMap的名称 name: nginx-configuration # 名称空间是ingress-nginx namespace: ingress-nginx # ConfigMap的标签 labels: app: ingress-nginx- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
2.2.2、执行脚本
# 执行 kubectl apply -f /root/ingress/configmap.yaml # 查看 kubectl get ConfigMap -n ingress-nginx- 1
- 2
- 3
- 4
- 5
2.3、创建配置文件 tcp-services-configmap.yaml
2.3.1、脚本
vi /root/ingress/tcp-services-configmap.yaml- 1
内容
kind: ConfigMap apiVersion: v1 metadata: # ConfigMap的名称 name: tcp-services # 名称空间是ingress-nginx namespace: ingress-nginx- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
2.3.2、执行脚本
# 执行 kubectl apply -f /root/ingress/tcp-services-configmap.yaml # 查看 kubectl get ConfigMap -n ingress-nginx- 1
- 2
- 3
- 4
- 5
2.4、创建配置文件 udp-services-configmap.yaml
2.4.1、脚本
vi /root/ingress/udp-services-configmap.yaml- 1
内容
kind: ConfigMap apiVersion: v1 metadata: # ConfigMap的名称 name: udp-services # 名称空间是ingress-nginx namespace: ingress-nginx- 1
- 2
- 3
- 4
- 5
- 6
- 7
2.4.2、执行脚本
# 执行 kubectl apply -f /root/ingress/udp-services-configmap.yaml # 查看 kubectl get ConfigMap -n ingress-nginx- 1
- 2
- 3
- 4
- 5
2.5、rbac授权
2.5.1、脚本
vi /root/ingress/rbac.yaml- 1
内容
--- # 创建sa账号 apiVersion: v1 kind: ServiceAccount metadata: # sa账号:nginx-ingress-serviceaccount name: nginx-ingress-serviceaccount # 名称空间:ingress-nginx namespace: ingress-nginx --- # rbac 授权 apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: # 定义集群角色名称为:nginx-ingress-clusterrole name: nginx-ingress-clusterrole # 定义集群权限 rules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - "" resources: - services verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "extensions" resources: - ingresses/status verbs: - update --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: # 定义角色名称为nginx-ingress-role name: nginx-ingress-role # 定义名称空间 namespace: ingress-nginx # 定义角色权限 rules: - apiGroups: - "" resources: - configmaps - pods - secrets - namespaces verbs: - get - apiGroups: - "" resources: - configmaps resourceNames: # Defaults to "- " # Here: " - " # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - "ingress-controller-leader-nginx" verbs: - get - update - apiGroups: - "" resources: - configmaps verbs: - create - apiGroups: - "" resources: - endpoints verbs: - get --- # 角色绑定 apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: # 角色绑定名称:nginx-ingress-role-nisa-binding name: nginx-ingress-role-nisa-binding namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-ingress-role subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx --- # 集群角色绑定 apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: # 集群角色绑定名称:nginx-ingress-clusterrole-nisa-binding name: nginx-ingress-clusterrole-nisa-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-ingress-clusterrole subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
2.5.2、执行脚本
# 执行 kubectl apply -f /root/ingress/rbac.yaml # 查看账号 kubectl get sa -n ingress-nginx # 查看集群角色 kubectl get ClusterRole -n ingress-nginx | grep nginx # 查看角色 kubectl get Role -n ingress-nginx | grep nginx # 查看绑定角色 kubectl get RoleBinding -n ingress-nginx | grep nginx # 查看集群绑定角色 kubectl get ClusterRoleBinding -n ingress-nginx | grep nginx- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
2.6、创建默认的后端服务
2.6.1、脚本
vi /root/ingress/default-backend.yaml- 1
内容
--- apiVersion: v1 kind: Service metadata: # 创建一个名称为default-http-backend的Service name: default-http-backend # 名称空间 namespace: ingress-nginx # Service的标签 labels: app: default-http-backend spec: # 定义端口 ports: # Service端口 - port: 80 # 目标pod端口 targetPort: 8080 # 对应pod的标签 selector: app: default-http-backend --- apiVersion: apps/v1 kind: Deployment metadata: # 定义Deployment的名称 name: default-http-backend # 定义Deployment的标签 labels: app: default-http-backend # 定义名称空间 namespace: ingress-nginx spec: # 副本数量 replicas: 1 # 通过标签选择对应的template selector: matchLabels: app: default-http-backend template: metadata: labels: app: default-http-backend spec: # 60秒后才终止服务 terminationGracePeriodSeconds: 60 # 定义容器 containers: - name: default-http-backend # Any image is permissible as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint # 镜像地址 image: whychoice/defaultbackend:1.4 # 镜像拉取策略,本地有则使用本地镜像,不拉取 imagePullPolicy: IfNotPresent # 端口 ports: - containerPort: 8080 # 资源设置 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi # 容器存活探针,判断容器是否存活 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP # 容器启动30秒后才开始探测 initialDelaySeconds: 30 # 探测5秒后,就认为探测超时 timeoutSeconds: 5- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
2.6.2、执行脚本
# 执行 kubectl apply -f /root/ingress/default-backend.yaml # 查看 kubectl get svc -n ingress-nginx kubectl get Deployment -n ingress-nginx kubectl get pods -n ingress-nginx- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
2.7、部署 ingress-controller
这里本质还是启动一个nginx的pod
2.7.1、脚本
vi /root/ingress/with-rbac.yaml- 1
内容
apiVersion: apps/v1 kind: Deployment metadata: # 定义Deployment的名称 name: nginx-ingress-controller # 名称空间 namespace: ingress-nginx spec: # 定义副本数量 replicas: 1 # 定义使用哪个标签的模板 selector: matchLabels: app: ingress-nginx # 定义模板 template: metadata: # 定义模板的标签 labels: app: ingress-nginx # 给prometheus使用的配置 annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' spec: # 使用的账号 serviceAccountName: nginx-ingress-serviceaccount # 定义容器 containers: # 容器的名称 - name: nginx-ingress-controller # 镜像,该镜像本质是nginx image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1 # 启动镜像的参数,这里有引用前面配置的configmap args: - /nginx-ingress-controller # 定义默认的后端服务 - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 # 定义环境变量 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # 定义http和https的短句 ports: - name: http containerPort: 80 - name: https containerPort: 443 # 容器存活探针,判断容器是否存活 livenessProbe: # 表示探测失败次数,探测3次失败,才认为是真失败了 failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP # 容器启动10秒后才开始探测. initialDelaySeconds: 10 # 10s探测一次. periodSeconds: 10 # 探测1次成功,才认为是真成功了; successThreshold: 1 # 探测1秒后,就认为探测超时 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
2.7.2、执行脚本
# 执行 kubectl apply -f /root/ingress/with-rbac.yaml # 查看 kubectl get Deployment -n ingress-nginx kubectl get pods -n ingress-nginx- 1
- 2
- 3
- 4
- 5
- 6
2.7.3、进入容器,查看nginx配置
这里就是验证 ingress-controller 本质 是一个nginx
kubectl -n ingress-nginx exec -it nginx-ingress-controller-7c7d57b55d-4b9lw -- /bin/bash- 1
3、部署 ingress-controller service
通过ingress-controller对外提供服务,现在还需要手动给ingress-controller建立一个service,接收集群外部流量。
3.1、脚本
vi /root/ingress/service-nodeport.yaml- 1
- 2
内容
apiVersion: v1 kind: Service metadata: # Service名称 name: ingress-nginx # 名称空间 namespace: ingress-nginx # Service 的标签 labels: app: ingress-nginx spec: # NodePort类型,提供对外访问能力 type: NodePort # 定义端口 ports: - name: http # service端口 port: 80 # 目标端口 targetPort: 80 # 协议 protocol: TCP # 节点端口 nodePort: 30080 - name: https port: 443 targetPort: 443 protocol: TCP nodePort: 30443 # 定义pod的标签,也就是 2.7、部署的ingress-controller selector: app: ingress-nginx- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
3.2、执行
kubectl apply -f /root/ingress/service-nodeport.yaml # 查看 kubectl get svc -n ingress-nginx- 1
- 2
- 3
- 4
- 5
3.3、浏览器访问ingress-controller的service
http://192.168.187.154:30080/- 1
这里调度器是正常工作的,因为虽然我们没有配置后端服务,所以这里显示的是默认的后端服务
4、测试代理–后端服务
这里才是真正的 服务路由转发配置
4.1、部署后端服务
4.1.1、脚本
vi /root/ingress/myapp/deploy-demo.yaml- 1
内容
apiVersion: v1 kind: Service metadata: # 定义Service名称 name: myapp # 名称空间 namespace: default spec: # 定义pod的标签 selector: app: myapp release: canary # 定义Service端口 ports: - name: http-port # 定义目标端口 targetPort: 80 port: 80 --- apiVersion: apps/v1 kind: Deployment metadata: # 定义Service名称 name: myapp-backend-pod # 名称空间 namespace: default spec: # 副本数量3 replicas: 3 # 定义选择哪个template selector: matchLabels: app: myapp release: canary # 定义模板标签 template: metadata: labels: app: myapp release: canary # 定义容器 spec: containers: - name: myapp image: ikubernetes/myapp:v2 # 镜像拉取策略,本地有则使用本地镜像,不拉取 imagePullPolicy: IfNotPresent ports: - name: http-port containerPort: 80- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
4.1.2、执行
kubectl apply -f /root/ingress/myapp/deploy-demo.yaml # 查看 kubectl get svc kubectl get pods- 1
- 2
- 3
- 4
- 5
4.2、部署ingress
4.2.1、脚本
vi /root/ingress/myapp/ingress-myapp.yaml- 1
内容
# api版本 apiVersion: extensions/v1beta1 # 清单类型 kind: Ingress # 元数据 metadata: # ingress的名称 name: ingress-myapp # 所属名称空间 namespace: default # 注解信息,这里配置的是nginx类型的ingress annotations: kubernetes.io/ingress.class: "nginx" # 规格 spec: # 定义后端转发的规则 rules: # 通过域名进行转发 - host: myapp.zhoufei.com http: paths: # 配置访问路径,如果通过url进行转发,需要修改;空默认为访问的路径为"/" - path: # 配置后端服务 backend: # 请求myapp.zhoufei.com,路由转发到myapp的servicce serviceName: myapp servicePort: 80- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
4.2.2、执行
kubectl apply -f /root/ingress/myapp/ingress-myapp.yaml # 查看 kubectl describe ingress ingress-myapp- 1
- 2
- 3
- 4
- 5
4.2.3、修改本地host文件
下面的ip是k8s的master节点ip
192.168.187.154 myapp.zhoufei.com- 1
- 2
4.2.4、浏览器访问
http://myapp.zhoufei.com:30080/- 1
4.2.5、查看nginx配置
kubectl -n ingress-nginx exec -it nginx-ingress-controller-7c7d57b55d-4b9lw -- /bin/bash- 1
从上面可以看出 我们已经把 ingress-myapp.yaml文件里面的配置,同步到 ingress-controller中,也就是nginx的配置文件中。
-
相关阅读:
前端面试宝典
C语言 do while循环练习 上
git学习笔记-发现问题如何恢复
半导体即国家,日本做了啥?最大的 AI 模型并不十分透明;特斯拉安全数据报告缺失近一年丨 RTE 开发者日报 Vol.70
Windows安装MySQL
计算机系统(10)----- 进程通信
Redis主从部署
“华为杯”第十六届中国研究生数学建模竞赛-C题:视觉情报信息分析
Elasticsearch:多语言语义搜索
【会议分享】2022年第四届数学与人工智能国际会议(CFMAI 2022)
- 原文地址:https://blog.csdn.net/zhou920786312/article/details/126246557
