• k8s之部署ingress-nginx


    k8s之部署ingress-nginx

    1. 提供文件网址

    # 获取ingress-nginx,本次案例使用的是1.31版本
    # 修改deploy.yaml文件中的仓库
    # 修改quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
    # 为dyrnq/ingress-nginx-controller:v1.3.1 
    [root@k8s-master ingress-controller]# grep image deploy.yaml 
            image: dyrnq/ingress-nginx-controller:v1.3.1 
            imagePullPolicy: IfNotPresent
            image: dyrnq/kube-webhook-certgen:v1.3.0 
            imagePullPolicy: IfNotPresent
            image: dyrnq/kube-webhook-certgen:v1.3.0 
            imagePullPolicy: IfNotPresent
    [root@k8s-master ingress-controller]# 
    
    加个主机网络:
    400 spec:
    401   minReadySeconds: 0
    402   revisionHistoryLimit: 10
    403   selector:
    404     matchLabels:
    405       app.kubernetes.io/component: controller
    406       app.kubernetes.io/instance: ingress-nginx
    407       app.kubernetes.io/name: ingress-nginx
    408   template:
    409     metadata:
    410       labels:
    411         app.kubernetes.io/component: controller
    412         app.kubernetes.io/instance: ingress-nginx
    413         app.kubernetes.io/name: ingress-nginx
    414     spec:
    415       hostNetwork: true
    
    • 简介:cloud,云,cloud实在云厂商上部署,阿里云主机,腾讯云主机,云厂商里面有负载均衡器,借其可以实现负载均衡

    • 自己搭建的是位于裸机,裸金属

    • baremetal面向裸机

    1.1 文件如下
    [root@k8s-master ingress-controller]# cat deploy.yaml 
    apiVersion: v1
    kind: Namespace
    metadata:
      labels:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
      name: ingress-nginx
    ---
    apiVersion: v1
    automountServiceAccountToken: true
    kind: ServiceAccount
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
      namespace: ingress-nginx
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
      namespace: ingress-nginx
    rules:
    - apiGroups:
      - ""
      resources:
      - namespaces
      verbs:
      - get
    - apiGroups:
      - ""
      resources:
      - configmaps
      - pods
      - secrets
      - endpoints
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - services
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses/status
      verbs:
      - update
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingressclasses
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      resourceNames:
      - ingress-controller-leader
      resources:
      - configmaps
      verbs:
      - get
      - update
    - apiGroups:
      - ""
      resources:
      - configmaps
      verbs:
      - create
    - apiGroups:
      - coordination.k8s.io
      resourceNames:
      - ingress-controller-leader
      resources:
      - leases
      verbs:
      - get
      - update
    - apiGroups:
      - coordination.k8s.io
      resources:
      - leases
      verbs:
      - create
    - apiGroups:
      - ""
      resources:
      - events
      verbs:
      - create
      - patch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
      namespace: ingress-nginx
    rules:
    - apiGroups:
      - ""
      resources:
      - secrets
      verbs:
      - get
      - create
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
    rules:
    - apiGroups:
      - ""
      resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
      - namespaces
      verbs:
      - list
      - watch
    - apiGroups:
      - coordination.k8s.io
      resources:
      - leases
      verbs:
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - nodes
      verbs:
      - get
    - apiGroups:
      - ""
      resources:
      - services
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - events
      verbs:
      - create
      - patch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses/status
      verbs:
      - update
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingressclasses
      verbs:
      - get
      - list
      - watch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
    rules:
    - apiGroups:
      - admissionregistration.k8s.io
      resources:
      - validatingwebhookconfigurations
      verbs:
      - get
      - update
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
      namespace: ingress-nginx
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: ingress-nginx
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
      namespace: ingress-nginx
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: ingress-nginx-admission
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx-admission
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      labels:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: ingress-nginx
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: ingress-nginx-admission
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx-admission
      namespace: ingress-nginx
    ---
    apiVersion: v1
    data:
      allow-snippet-annotations: "true"
    kind: ConfigMap
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller
      namespace: ingress-nginx
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller
      namespace: ingress-nginx
    spec:
      ipFamilies:
      - IPv4
      ipFamilyPolicy: SingleStack
      ports:
      - appProtocol: http
        name: http
        port: 80
        protocol: TCP
        targetPort: http
      - appProtocol: https
        name: https
        port: 443
        protocol: TCP
        targetPort: https
      selector:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
      type: NodePort
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller-admission
      namespace: ingress-nginx
    spec:
      ports:
      - appProtocol: https
        name: https-webhook
        port: 443
        targetPort: webhook
      selector:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
      type: ClusterIP
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller
      namespace: ingress-nginx
    spec:
      minReadySeconds: 0
      revisionHistoryLimit: 10
      selector:
        matchLabels:
          app.kubernetes.io/component: controller
          app.kubernetes.io/instance: ingress-nginx
          app.kubernetes.io/name: ingress-nginx
      template:
        metadata:
          labels:
            app.kubernetes.io/component: controller
            app.kubernetes.io/instance: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
        spec:
          hostNetwork: true
          containers:
          - args:
            - /nginx-ingress-controller
            - --election-id=ingress-controller-leader
            - --controller-class=k8s.io/ingress-nginx
            - --ingress-class=nginx
            - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
            - --validating-webhook=:8443
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: LD_PRELOAD
              value: /usr/local/lib/libmimalloc.so
            image: dyrnq/ingress-nginx-controller:v1.3.1
            imagePullPolicy: IfNotPresent
            lifecycle:
              preStop:
                exec:
                  command:
                  - /wait-shutdown
            livenessProbe:
              failureThreshold: 5
              httpGet:
                path: /healthz
                port: 10254
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
            name: controller
            ports:
            - containerPort: 80
              name: http
              protocol: TCP
            - containerPort: 443
              name: https
              protocol: TCP
            - containerPort: 8443
              name: webhook
              protocol: TCP
            readinessProbe:
              failureThreshold: 3
              httpGet:
                path: /healthz
                port: 10254
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
            resources:
              requests:
                cpu: 100m
                memory: 90Mi
            securityContext:
              allowPrivilegeEscalation: true
              capabilities:
                add:
                - NET_BIND_SERVICE
                drop:
                - ALL
              runAsUser: 101
            volumeMounts:
            - mountPath: /usr/local/certificates/
              name: webhook-cert
              readOnly: true
          dnsPolicy: ClusterFirst
          nodeSelector:
            kubernetes.io/os: linux
          serviceAccountName: ingress-nginx
          terminationGracePeriodSeconds: 300
          volumes:
          - name: webhook-cert
            secret:
              secretName: ingress-nginx-admission
    ---
    apiVersion: batch/v1
    kind: Job
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission-create
      namespace: ingress-nginx
    spec:
      template:
        metadata:
          labels:
            app.kubernetes.io/component: admission-webhook
            app.kubernetes.io/instance: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
            app.kubernetes.io/part-of: ingress-nginx
            app.kubernetes.io/version: 1.3.1
          name: ingress-nginx-admission-create
        spec:
          containers:
          - args:
            - create
            - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
            - --namespace=$(POD_NAMESPACE)
            - --secret-name=ingress-nginx-admission
            env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            image: dyrnq/kube-webhook-certgen:v1.3.0
            imagePullPolicy: IfNotPresent
            name: create
            securityContext:
              allowPrivilegeEscalation: false
          nodeSelector:
            kubernetes.io/os: linux
          restartPolicy: OnFailure
          securityContext:
            fsGroup: 2000
            runAsNonRoot: true
            runAsUser: 2000
          serviceAccountName: ingress-nginx-admission
    ---
    apiVersion: batch/v1
    kind: Job
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission-patch
      namespace: ingress-nginx
    spec:
      template:
        metadata:
          labels:
            app.kubernetes.io/component: admission-webhook
            app.kubernetes.io/instance: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
            app.kubernetes.io/part-of: ingress-nginx
            app.kubernetes.io/version: 1.3.1
          name: ingress-nginx-admission-patch
        spec:
          containers:
          - args:
            - patch
            - --webhook-name=ingress-nginx-admission
            - --namespace=$(POD_NAMESPACE)
            - --patch-mutating=false
            - --secret-name=ingress-nginx-admission
            - --patch-failure-policy=Fail
            env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            image: dyrnq/kube-webhook-certgen:v1.3.0 
            imagePullPolicy: IfNotPresent
            name: patch
            securityContext:
              allowPrivilegeEscalation: false
          nodeSelector:
            kubernetes.io/os: linux
          restartPolicy: OnFailure
          securityContext:
            fsGroup: 2000
            runAsNonRoot: true
            runAsUser: 2000
          serviceAccountName: ingress-nginx-admission
    ---
    apiVersion: networking.k8s.io/v1
    kind: IngressClass
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: nginx
    spec:
      controller: k8s.io/ingress-nginx
    ---
    apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
    webhooks:
    - admissionReviewVersions:
      - v1
      clientConfig:
        service:
          name: ingress-nginx-controller-admission
          namespace: ingress-nginx
          path: /networking/v1/ingresses
      failurePolicy: Fail
      matchPolicy: Equivalent
      name: validate.nginx.ingress.kubernetes.io
      rules:
      - apiGroups:
        - networking.k8s.io
        apiVersions:
        - v1
        operations:
        - CREATE
        - UPDATE
        resources:
        - ingresses
      sideEffects: None
    [root@k8s-master ingress-controller]# 
    
    1.2 查看资源
    [root@k8s-master ~]# kubectl get ns
    NAME                   STATUS   AGE
    default                Active   14d
    dev                    Active   11d
    ingress-nginx          Active   87s
    kube-flannel           Active   14d
    kube-node-lease        Active   14d
    kube-public            Active   14d
    kube-system            Active   14d
    kubernetes-dashboard   Active   24h
    [root@k8s-master ~]# 
    
    # 查看ingress-nginx
    [root@k8s-master ~]# kubectl get pods -n ingress-nginx
    NAME                                        READY   STATUS      RESTARTS   AGE
    ingress-nginx-admission-create-wxqkp        0/1     Completed   0          2m44s
    ingress-nginx-admission-patch-lljzk         0/1     Completed   0          2m44s
    ingress-nginx-controller-6957f849bc-4jcwv   1/1     Running     0          2m44s
    [root@k8s-master ~]# 
    
      
    # 查看service 
    [root@k8s-master ~]# kubectl get svc -n ingress-nginx
    NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
    ingress-nginx-controller             NodePort    10.108.204.139   <none>        80:32082/TCP,443:31102/TCP   3m17s
    ingress-nginx-controller-admission   ClusterIP   10.97.184.96     <none>        443/TCP                      3m17s
    [root@k8s-master ~]# 
    
    1.3 准备service和pod
    • 创建tomcat-nginx.yaml
    [root@k8s-master ingress-controller]# cat tomcat-nginx.yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx-deployment
      namespace: dev
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: nginx-pod
      template:
        metadata:
          labels:
            app: nginx-pod
        spec:
          containers:
          - name: nginx
            image: nginx:1.17.1
            ports:
            - containerPort: 80
    
    ---
    
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: tomcat-deployment
      namespace: dev
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: tomcat-pod
      template:
        metadata:
          labels:
            app: tomcat-pod
        spec:
          containers:
          - name: tomcat
            image: tomcat:8.5-jre10-slim
            ports:
            - containerPort: 8080
    
    ---
    
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-service
      namespace: dev
    spec:
      selector:
        app: nginx-pod
      clusterIP: None
      type: ClusterIP
      ports:
      - port: 80
        targetPort: 80
    
    ---
    
    apiVersion: v1
    kind: Service
    metadata:
      name: tomcat-service
      namespace: dev
    spec:
      selector:
        app: tomcat-pod
      clusterIP: None
      type: ClusterIP
      ports:
      - port: 8080
        targetPort: 8080
    [root@k8s-master ingress-controller]# 
    
    • 运行
    [root@k8s-master ingress-controller]# kubectl apply -f tomcat-nginx.yaml
    deployment.apps/nginx-deployment created
    deployment.apps/tomcat-deployment created
    service/nginx-service created
    service/tomcat-service created
    [root@k8s-master ingress-controller]# 
    
    查看
    [root@k8s-master ingress-controller]# kubectl get pods -n dev
    NAME                                 READY   STATUS    RESTARTS   AGE
    nginx-deployment-66d5c85c96-5vdvf    1/1     Running   0          28s
    nginx-deployment-66d5c85c96-9bmf8    1/1     Running   0          28s
    nginx-deployment-66d5c85c96-nh7jg    1/1     Running   0          28s
    tomcat-deployment-75888dc5d8-5x8xh   1/1     Running   0          28s
    tomcat-deployment-75888dc5d8-pqs9l   1/1     Running   0          28s
    tomcat-deployment-75888dc5d8-zxghg   1/1     Running   0          28s
    [root@k8s-master ingress-controller]#
      
    [root@k8s-master ingress-controller]# kubectl get pods -n dev -o wide
    NAME                                 READY   STATUS    RESTARTS   AGE   IP             NODE        NOMINATED NODE   READINESS GATES
    nginx-deployment-66d5c85c96-5vdvf    1/1     Running   0          79s   10.244.1.150   k8s-node1   <none>           <none>
    nginx-deployment-66d5c85c96-9bmf8    1/1     Running   0          79s   10.244.2.170   k8s-node2   <none>           <none>
    nginx-deployment-66d5c85c96-nh7jg    1/1     Running   0          79s   10.244.2.171   k8s-node2   <none>           <none>
    tomcat-deployment-75888dc5d8-5x8xh   1/1     Running   0          79s   10.244.2.172   k8s-node2   <none>           <none>
    tomcat-deployment-75888dc5d8-pqs9l   1/1     Running   0          79s   10.244.1.148   k8s-node1   <none>           <none>
    tomcat-deployment-75888dc5d8-zxghg   1/1     Running   0          79s   10.244.1.149   k8s-node1   <none>           <none>
    [root@k8s-master ingress-controller]# 
    
    • 运行一个pod
    [root@k8s-master ~]# kubectl run centos2 --image centos -n dev -- /bin/sleep 9000
    pod/centos1 created
    [root@k8s-master ~]# kubectl get pods -n dev 
    NAME                                 READY   STATUS        RESTARTS   AGE
    centos1                              0/1     Terminating   0          9m17s
    centos2                              1/1     Running       0          2m28s
    nginx-deployment-66d5c85c96-5vdvf    1/1     Running       0          126m
    nginx-deployment-66d5c85c96-9bmf8    1/1     Running       0          126m
    nginx-deployment-66d5c85c96-nh7jg    1/1     Running       0          126m
    tomcat-deployment-75888dc5d8-5x8xh   1/1     Running       0          126m
    tomcat-deployment-75888dc5d8-pqs9l   1/1     Running       0          126m
    tomcat-deployment-75888dc5d8-zxghg   1/1     Running       0          126m
    [root@k8s-master ~]#
     
    通过svc来访问资源
    [root@k8s-master ingress-controller]# kubectl get svc -n dev
    NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
    nginx-service    ClusterIP   None         <none>        80/TCP     129m
    tomcat-service   ClusterIP   None         <none>        8080/TCP   129m
    [root@k8s-master ingress-controller]# 
      
    进入镜像
    [root@k8s-master ~]# kubectl exec -itn dev centos2 -- /bin/bash
    [root@centos2 /]# curl nginx-service
    <!DOCTYPE html>
    <html>
    <head>
    <title>Welcome to nginx!
    <style>
        body {
            width: 35em;
            margin: 0 auto;
            font-family: Tahoma, Verdana, Arial, sans-serif;
        }
    </style>
    </head>
    <body>
    <h1>Welcome to nginx!
    <p>If you see this page, the nginx web server is successfully installed and
    working. Further configuration is required.</p>
    
    <p>For online documentation and support please refer to
    <a href="http://nginx.org/">nginx.org</a>.<br/>
    Commercial support is available at
    <a href="http://nginx.com/">nginx.com</a>.</p>
    
    <p><em>Thank you for using nginx.</em></p>
    </body>
    </html>
    [root@centos2 /]# 
          
    创建的svc是有效的,在后端可以访问,下面做转发
    
    1.4 Http代理—制作转发
    • 创建ingress-http.yaml
    [root@k8s-master ingress-controller]# vim ingress-http.yaml 
    [root@k8s-master ingress-controller]# cat ingress-http.yaml 
    apiVersion: networking.k8s.io/v1 
    kind: Ingress
    metadata:
      name: ingress-http
      namespace: dev
    spec:
      ingressClassName: nginx
      rules:
      - host: nginx.mushuang.com
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-service
                port: 
                  number: 80
      - host: tomcat.mushuang.com
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: tomcat-service 
                port:
                  number: 8080
    [root@k8s-master ingress-controller]# 
    
    
    
    ingressClassName 可以指定选择的 Ingress Controller,使用名称选择,一般有多个控制器的时候使用。
    部署 Nginx Ingress Controller 的名称是 nginx。
    
    • 创建
    [root@k8s-master ingress-controller]# kubectl apply -f ingress-http.yaml 
    ingress.networking.k8s.io/ingress-http created
    [root@k8s-master ingress-controller]# kubectl get -f ingress-http.yaml 
    NAME           CLASS   HOSTS                                    ADDRESS           PORTS   AGE
    ingress-http   nginx   nginx.mushuang.com,tomcat.mushuang.com   192.168.232.132   80      7m47s
    [root@k8s-master ingress-controller]# kubectl get svc -n ingress-nginx
    NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
    ingress-nginx-controller             NodePort    10.108.204.139   <none>        80:32082/TCP,443:31102/TCP   176m
    ingress-nginx-controller-admission   ClusterIP   10.97.184.96     <none>        443/TCP                      176m
    
    • 访问nginx:http://nginx.mushuang.com:32082/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-IK1BnUls-1663690357740)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920212943226.png)]

    • 修改hosts文件,使其可以不加端口号访问

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-J2vEJXX9-1663690357742)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920214210253.png)]

    • http://nginx.mushuang.com/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-sDf9UlQz-1663690357743)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920214226740.png)]

    • 解析到ingress运行的位置(配置dns)

    • ingress是代理后端svc所指向的pod

    • 访问tomcat:http://tomcat.mushuang.com/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-lW5LrR4V-1663690357744)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920215015961.png)]

    2. 控制器在多个节点上部署

    • 将之前创建的删除
    [root@k8s-master ~]# kubectl get pods -n ingress-nginx
    No resources found in ingress-nginx namespace.
    [root@k8s-master ~]# kubectl get pods -n dev
    NAME      READY   STATUS    RESTARTS   AGE
    centos2   1/1     Running   0          70m
    [root@k8s-master ~]# 
        
    [root@k8s-master ingress-controller]# cp deploy.yaml deploy.yaml-bak
    [root@k8s-master ingress-controller]# ls
    deploy.yaml  deploy.yaml-bak  ingress-http.yaml  tomcat-nginx.yaml
    [root@k8s-master ingress-controller]#
    [root@k8s-master ingress-controller]# vim deploy.yaml
        
    将类型改成kind: DaemonSet,在所有节点都有一个控制器,有几个节点就有几个控制器
        
    ---
    apiVersion: apps/v1
    kind: DaemonSet   ##修改
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller
      namespace: ingress-nginx
    
    • 运行
    [root@k8s-master ingress-controller]# kubectl apply -f deploy.yaml
    [root@k8s-master ingress-controller]# kubectl get ns
    NAME                   STATUS   AGE
    default                Active   14d
    dev                    Active   11d
    ingress-nginx          Active   30s
    kube-flannel           Active   14d
    kube-node-lease        Active   14d
    kube-public            Active   14d
    kube-system            Active   14d
    kubernetes-dashboard   Active   27h
    [root@k8s-master ingress-controller]# kubectl get pods -n ingress-nginx
    NAME                                   READY   STATUS      RESTARTS   AGE
    ingress-nginx-admission-create-zw7nh   0/1     Completed   0          57s
    ingress-nginx-admission-patch-f6tnr    0/1     Completed   0          57s
    ingress-nginx-controller-cgcwz         1/1     Running     0          57s
    ingress-nginx-controller-vbgc4         1/1     Running     0          57s
    [root@k8s-master ingress-controller]# 
    
    [root@k8s-master ingress-controller]# kubectl get pods -n ingress-nginx -o wide
    NAME                                   READY   STATUS      RESTARTS   AGE   IP                NODE        NOMINATED NODE   READINESS GATES
    ingress-nginx-admission-create-zw7nh   0/1     Completed   0          82s   10.244.2.175      k8s-node2   <none>           <none>
    ingress-nginx-admission-patch-f6tnr    0/1     Completed   0          82s   10.244.1.152      k8s-node1   <none>           <none>
    ingress-nginx-controller-cgcwz         1/1     Running     0          82s   192.168.232.134   k8s-node2   <none>           <none>
    ingress-nginx-controller-vbgc4         1/1     Running     0          82s   192.168.232.132   k8s-node1   <none>           <none>
    [root@k8s-master ingress-controller]# 
    
    2.1 确保有两个控制器,加标签
    493       nodeSelector:
    494         kubernetes.io/os: linux
    495         app: ingress-controller###添加
    496       serviceAccountName: ingress-nginx
    497       terminationGracePeriodSeconds: 300
    498       volumes:
    499       - name: webhook-cert
    500         secret:
    501           secretName: ingress-nginx-admission
    502 ---
    503 apiVersion: batch/v1
    
    • 文件如下
    [root@k8s-master ~]# cat ingress-controller/deploy.yaml
    apiVersion: v1
    kind: Namespace
    metadata:
      labels:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
      name: ingress-nginx
    ---
    apiVersion: v1
    automountServiceAccountToken: true
    kind: ServiceAccount
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
      namespace: ingress-nginx
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
      namespace: ingress-nginx
    rules:
    - apiGroups:
      - ""
      resources:
      - namespaces
      verbs:
      - get
    - apiGroups:
      - ""
      resources:
      - configmaps
      - pods
      - secrets
      - endpoints
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - services
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses/status
      verbs:
      - update
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingressclasses
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      resourceNames:
      - ingress-controller-leader
      resources:
      - configmaps
      verbs:
      - get
      - update
    - apiGroups:
      - ""
      resources:
      - configmaps
      verbs:
      - create
    - apiGroups:
      - coordination.k8s.io
      resourceNames:
      - ingress-controller-leader
      resources:
      - leases
      verbs:
      - get
      - update
    - apiGroups:
      - coordination.k8s.io
      resources:
      - leases
      verbs:
      - create
    - apiGroups:
      - ""
      resources:
      - events
      verbs:
      - create
      - patch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
      namespace: ingress-nginx
    rules:
    - apiGroups:
      - ""
      resources:
      - secrets
      verbs:
      - get
      - create
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
    rules:
    - apiGroups:
      - ""
      resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
      - namespaces
      verbs:
      - list
      - watch
    - apiGroups:
      - coordination.k8s.io
      resources:
      - leases
      verbs:
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - nodes
      verbs:
      - get
    - apiGroups:
      - ""
      resources:
      - services
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - events
      verbs:
      - create
      - patch
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses/status
      verbs:
      - update
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingressclasses
      verbs:
      - get
      - list
      - watch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
    rules:
    - apiGroups:
      - admissionregistration.k8s.io
      resources:
      - validatingwebhookconfigurations
      verbs:
      - get
      - update
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
      namespace: ingress-nginx
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: ingress-nginx
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
      namespace: ingress-nginx
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: ingress-nginx-admission
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx-admission
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      labels:
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: ingress-nginx
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx
      namespace: ingress-nginx
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: ingress-nginx-admission
    subjects:
    - kind: ServiceAccount
      name: ingress-nginx-admission
      namespace: ingress-nginx
    ---
    apiVersion: v1
    data:
      allow-snippet-annotations: "true"
    kind: ConfigMap
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller
      namespace: ingress-nginx
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller
      namespace: ingress-nginx
    spec:
      ipFamilies:
      - IPv4
      ipFamilyPolicy: SingleStack
      ports:
      - appProtocol: http
        name: http
        port: 80
        protocol: TCP
        targetPort: http
      - appProtocol: https
        name: https
        port: 443
        protocol: TCP
        targetPort: https
      selector:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
      type: NodePort
    ---
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller-admission
      namespace: ingress-nginx
    spec:
      ports:
      - appProtocol: https
        name: https-webhook
        port: 443
        targetPort: webhook
      selector:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
      type: ClusterIP
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-controller
      namespace: ingress-nginx
    spec:
      replicas: 2
      minReadySeconds: 0
      revisionHistoryLimit: 10
      selector:
        matchLabels:
          app.kubernetes.io/component: controller
          app.kubernetes.io/instance: ingress-nginx
          app.kubernetes.io/name: ingress-nginx
      template:
        metadata:
          labels:
            app.kubernetes.io/component: controller
            app.kubernetes.io/instance: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
        spec:
          hostNetwork: true
          containers:
          - args:
            - /nginx-ingress-controller
            - --election-id=ingress-controller-leader
            - --controller-class=k8s.io/ingress-nginx
            - --ingress-class=nginx
            - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
            - --validating-webhook=:8443
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: LD_PRELOAD
              value: /usr/local/lib/libmimalloc.so
            image: dyrnq/ingress-nginx-controller:v1.3.1
            imagePullPolicy: IfNotPresent
            lifecycle:
              preStop:
                exec:
                  command:
                  - /wait-shutdown
            livenessProbe:
              failureThreshold: 5
              httpGet:
                path: /healthz
                port: 10254
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
            name: controller
            ports:
            - containerPort: 80
              name: http
              protocol: TCP
            - containerPort: 443
              name: https
              protocol: TCP
            - containerPort: 8443
              name: webhook
              protocol: TCP
            readinessProbe:
              failureThreshold: 3
              httpGet:
                path: /healthz
                port: 10254
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
            resources:
              requests:
                cpu: 100m
                memory: 90Mi
            securityContext:
              allowPrivilegeEscalation: true
              capabilities:
                add:
                - NET_BIND_SERVICE
                drop:
                - ALL
              runAsUser: 101
            volumeMounts:
            - mountPath: /usr/local/certificates/
              name: webhook-cert
              readOnly: true
          dnsPolicy: ClusterFirst
          nodeSelector:
            kubernetes.io/os: linux
            app: ingress-controller
          serviceAccountName: ingress-nginx
          terminationGracePeriodSeconds: 300
          volumes:
          - name: webhook-cert
            secret:
              secretName: ingress-nginx-admission
    ---
    apiVersion: batch/v1
    kind: Job
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission-create
      namespace: ingress-nginx
    spec:
      template:
        metadata:
          labels:
            app.kubernetes.io/component: admission-webhook
            app.kubernetes.io/instance: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
            app.kubernetes.io/part-of: ingress-nginx
            app.kubernetes.io/version: 1.3.1
          name: ingress-nginx-admission-create
        spec:
          containers:
          - args:
            - create
            - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
            - --namespace=$(POD_NAMESPACE)
            - --secret-name=ingress-nginx-admission
            env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            image: dyrnq/kube-webhook-certgen:v1.3.0
            imagePullPolicy: IfNotPresent
            name: create
            securityContext:
              allowPrivilegeEscalation: false
          nodeSelector:
            kubernetes.io/os: linux
          restartPolicy: OnFailure
          securityContext:
            fsGroup: 2000
            runAsNonRoot: true
            runAsUser: 2000
          serviceAccountName: ingress-nginx-admission
    ---
    apiVersion: batch/v1
    kind: Job
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission-patch
      namespace: ingress-nginx
    spec:
      template:
        metadata:
          labels:
            app.kubernetes.io/component: admission-webhook
            app.kubernetes.io/instance: ingress-nginx
            app.kubernetes.io/name: ingress-nginx
            app.kubernetes.io/part-of: ingress-nginx
            app.kubernetes.io/version: 1.3.1
          name: ingress-nginx-admission-patch
        spec:
          containers:
          - args:
            - patch
            - --webhook-name=ingress-nginx-admission
            - --namespace=$(POD_NAMESPACE)
            - --patch-mutating=false
            - --secret-name=ingress-nginx-admission
            - --patch-failure-policy=Fail
            env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            image: dyrnq/kube-webhook-certgen:v1.3.0 
            imagePullPolicy: IfNotPresent
            name: patch
            securityContext:
              allowPrivilegeEscalation: false
          nodeSelector:
            kubernetes.io/os: linux
          restartPolicy: OnFailure
          securityContext:
            fsGroup: 2000
            runAsNonRoot: true
            runAsUser: 2000
          serviceAccountName: ingress-nginx-admission
    ---
    apiVersion: networking.k8s.io/v1
    kind: IngressClass
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: nginx
    spec:
      controller: k8s.io/ingress-nginx
    ---
    apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission
    webhooks:
    - admissionReviewVersions:
      - v1
      clientConfig:
        service:
          name: ingress-nginx-controller-admission
          namespace: ingress-nginx
          path: /networking/v1/ingresses
      failurePolicy: Fail
      matchPolicy: Equivalent
      name: validate.nginx.ingress.kubernetes.io
      rules:
      - apiGroups:
        - networking.k8s.io
        apiVersions:
        - v1
        operations:
        - CREATE
        - UPDATE
        resources:
        - ingresses
      sideEffects: None
    [root@k8s-master ~]# 
    
    • 运行并查看
    [root@k8s-master ingress-controller]# kubectl apply -f deploy.yaml
    
    [root@k8s-master ingress-controller]# kubectl get pods -n ingress-nginx
    NAME                                        READY   STATUS      RESTARTS     AGE
    ingress-nginx-admission-create-2wr6s        0/1     Completed   0            3s
    ingress-nginx-admission-patch-sj4s7         0/1     Completed   1 (1s ago)   3s
    ingress-nginx-controller-778c74d66b-ff4t9   0/1     Pending     0            3s
    ingress-nginx-controller-778c74d66b-qxfmx   0/1     Pending     0            3s
    [root@k8s-master ingress-controller]# 
    
    处于pending,没有满足标签选择器所定义的标签,给节点添加标签之后可以运行
    
    • 给节点加标签
    给node1打标签,可以看到节点1运行起来了
    [root@k8s-master ~]# kubectl label node k8s-node1 app=ingress-controller
    node/k8s-node1 labeled
    
    [root@k8s-master ingress-controller]# kubectl get pods -n ingress-nginx
    NAME                                        READY   STATUS      RESTARTS   AGE
    ingress-nginx-admission-create-2wr6s        0/1     Completed   0          6m2s
    ingress-nginx-admission-patch-sj4s7         0/1     Completed   1          6m2s
    ingress-nginx-controller-778c74d66b-ff4t9   1/1     Running     0          6m2s
    ingress-nginx-controller-778c74d66b-qxfmx   0/1     Pending     0          6m2s
    [root@k8s-master ingress-controller]# 
      
    [root@k8s-master ~]# kubectl label node k8s-node2 app=ingress-controller
    node/k8s-node2 labeled
    [root@k8s-master ingress-controller]# kubectl get pods -n ingress-nginx
    NAME                                        READY   STATUS      RESTARTS   AGE
    ingress-nginx-admission-create-2wr6s        0/1     Completed   0          6m34s
    ingress-nginx-admission-patch-sj4s7         0/1     Completed   1          6m34s
    ingress-nginx-controller-778c74d66b-ff4t9   1/1     Running     0          6m34s
    ingress-nginx-controller-778c74d66b-qxfmx   1/1     Running     0          6m34s
    [root@k8s-master ingress-controller]#
    
    • 运行:pod tomcat-nginx.yaml
    [root@k8s-master ingress-controller]# cat tomcat-nginx.yaml 
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx-deployment
      namespace: dev
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: nginx-pod
      template:
        metadata:
          labels:
            app: nginx-pod
        spec:
          containers:
          - name: nginx
            image: nginx:1.17.1
            ports:
            - containerPort: 80
    
    ---
    
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: tomcat-deployment
      namespace: dev
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: tomcat-pod
      template:
        metadata:
          labels:
            app: tomcat-pod
        spec:
          containers:
          - name: tomcat
            image: tomcat:8.5-jre10-slim
            ports:
            - containerPort: 8080
    
    ---
    
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-service
      namespace: dev
    spec:
      selector:
        app: nginx-pod
      clusterIP: None
      type: ClusterIP
      ports:
      - port: 80
        targetPort: 80
    
    ---
    
    apiVersion: v1
    kind: Service
    metadata:
      name: tomcat-service
      namespace: dev
    spec:
      selector:
        app: tomcat-pod
      clusterIP: None
      type: ClusterIP
      ports:
      - port: 8080
        targetPort: 8080
    [root@k8s-master ingress-controller]#
    
    [root@k8s-master ingress-controller]# kubectl apply -f tomcat-nginx.yaml
    deployment.apps/nginx-deployment created
    deployment.apps/tomcat-deployment created
    service/nginx-service created
    service/tomcat-service created
    [root@k8s-master ingress-controller]# kubectl get pods -n dev
    NAME                                 READY   STATUS    RESTARTS   AGE
    centos2                              1/1     Running   0          118m
    nginx-deployment-66d5c85c96-fmh2b    1/1     Running   0          18s
    nginx-deployment-66d5c85c96-ll7pt    1/1     Running   0          18s
    nginx-deployment-66d5c85c96-nszjr    1/1     Running   0          18s
    tomcat-deployment-75888dc5d8-5gn5d   1/1     Running   0          18s
    tomcat-deployment-75888dc5d8-764xp   1/1     Running   0          18s
    tomcat-deployment-75888dc5d8-ndmhk   1/1     Running   0          18s
    [root@k8s-master ingress-controller]# 
    
    • 运行控制器
    [root@k8s-master ingress-controller]# cat ingress-http.yaml 
    apiVersion: networking.k8s.io/v1 
    kind: Ingress
    metadata:
      name: ingress-http
      namespace: dev
    spec:
      ingressClassName: nginx
      rules:
      - host: nginx.mushuang.com
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-service
                port: 
                  number: 80
      - host: tomcat.mushuang.com
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: tomcat-service 
                port:
                  number: 8080
    [root@k8s-master ingress-controller]# 
    
    [root@k8s-master ingress-controller]# kubectl apply -f ingress-http.yaml 
    ingress.networking.k8s.io/ingress-http created
    
    [root@k8s-master ingress-controller]# kubectl get -f ingress-http.yaml 
    NAME           CLASS   HOSTS                                    ADDRESS                           PORTS   AGE
    ingress-http   nginx   nginx.mushuang.com,tomcat.mushuang.com   192.168.232.132,192.168.232.134   80      33s
    [root@k8s-master ingress-controller]# 
    
    • 修改hosts文件

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-I6ciIpzX-1663690357745)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920231357617.png)]

    [root@k8s-master ~]# kubectl get svc -n ingress-nginx
    NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
    ingress-nginx-controller             NodePort    10.96.41.129     <none>        80:30821/TCP,443:31351/TCP   38m
    ingress-nginx-controller-admission   ClusterIP   10.108.188.249   <none>        443/TCP                      38m
    [root@k8s-master ~]# 
    
    • 访问:http://nginx.mushuang.com:30821/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZfHgVtlN-1663690357745)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920231646077.png)]

    2.2 固定ip
    • 在deploy.yaml中service中添加两个ip
    [root@k8s-master ingress-controller]# vim deploy.yaml
    345 spec:
    346   ipFamilies:
    347   - IPv4
    348   ipFamilyPolicy: SingleStack
    349   ports:
    350   - appProtocol: http
    351     name: http
    352     port: 80
    353     nodePort: 30080###添加
    354     protocol: TCP
    355     targetPort: http
    356   - appProtocol: https
    357     name: https
    358     port: 443
    359     nodePort: 30443###添加
    360     protocol: TCP
    361     targetPort: https
    362   selector:
    
    声明:
    [root@k8s-master ingress-controller]# kubectl apply -f deploy.yaml
    
    [root@k8s-master ingress-controller]# kubectl get svc -n ingress-nginx
    NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
    ingress-nginx-controller             NodePort    10.96.41.129     <none>        80:30080/TCP,443:30443/TCP   46m
    ingress-nginx-controller-admission   ClusterIP   10.108.188.249   <none>        443/TCP                      46m
    [root@k8s-master ingress-controller]# 
    
    • 访问nginx:http://nginx.mushuang.com:30080/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EY8UFb29-1663690357746)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920232359875.png)]

    • 访问tomcat:http://tomcat.mushuang.com:30080/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-MDBKe3YV-1663690357746)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220920232507974.png)]

    2.3 查看控制器信息
    [root@k8s-master ~]# kubectl describe svc -n ingress-nginx ingress-nginx-controller
    Name:                     ingress-nginx-controller
    Namespace:                ingress-nginx
    Labels:                   app.kubernetes.io/component=controller
                              app.kubernetes.io/instance=ingress-nginx
                              app.kubernetes.io/name=ingress-nginx
                              app.kubernetes.io/part-of=ingress-nginx
                              app.kubernetes.io/version=1.3.1
    Annotations:              <none>
    Selector:                 app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
    Type:                     NodePort
    IP Family Policy:         SingleStack
    IP Families:              IPv4
    IP:                       10.96.41.129
    IPs:                      10.96.41.129
    Port:                     http  80/TCP
    TargetPort:               http/TCP
    NodePort:                 http  30080/TCP
    Endpoints:                192.168.232.132:80,192.168.232.134:80
    Port:                     https  443/TCP
    TargetPort:               https/TCP
    NodePort:                 https  30443/TCP
    Endpoints:                192.168.232.132:443,192.168.232.134:443
    Session Affinity:         None
    External Traffic Policy:  Cluster
    Events:                   <none>
    [root@k8s-master ~]# 
    

    3. Https代理

    3.1 创建证书
    [root@k8s-master ~]# cd crt/
    [root@k8s-master crt]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=HB/L=WH/O=nginx/CN=mushuang.com"
    Generating a RSA private key
    ....+++++
    .........................+++++
    writing new private key to 'tls.key'
    -----
    [root@k8s-master crt]# ls
    tls.crt  tls.key
    [root@k8s-master crt]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt
    error: failed to create secret secrets "tls-secret" already exists
    [root@k8s-master crt]# kubectl get secret
    NAME         TYPE                DATA   AGE
    tls-secret   kubernetes.io/tls   2      4d3h
    [root@k8s-master crt]# 
    
    • 创建ingress-https.yaml
    [root@k8s-master ingress-controller]# cat ingress-https.yaml 
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: ingress-https
      namespace: dev
    spec:
      ingressClassName: nginx
      tls:
      - hosts:
        - nginx.mushuang.com
        - tomcat.mushuang.com
        secretName: tls-secret # 指定秘钥
      rules:
      - host: nginx.mushuang.com
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-service
                port: 
                  number: 80
      - host: tomcat.mushuang.com
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: tomcat-service
                port: 
                  number: 8080
    [root@k8s-master ingress-controller]#
    
    • 运行
    将之前的http的删除,在创建
    [root@k8s-master ingress-controller]# kubectl apply -f ingress-https.yaml 
    ingress.networking.k8s.io/ingress-https created
    
    [root@k8s-master ingress-controller]# kubectl get ingress -n dev
    NAME            CLASS   HOSTS                                    ADDRESS                           PORTS     AGE
    ingress-https   nginx   nginx.mushuang.com,tomcat.mushuang.com   192.168.232.132,192.168.232.134   80, 443   57s
    [root@k8s-master ingress-controller]#
    
    • 查看详情
    [root@k8s-master ~]# kubectl describe ingress -n dev ingress-https
    Name:             ingress-https
    Labels:           <none>
    Namespace:        dev
    Address:          192.168.232.132,192.168.232.134
    Ingress Class:    nginx
    Default backend:  <default>
    TLS:
      tls-secret terminates nginx.mushuang.com,tomcat.mushuang.com
    Rules:
      Host                 Path  Backends
      ----                 ----  --------
      nginx.mushuang.com   
                           /   nginx-service:80 (10.244.1.155:80,10.244.1.156:80,10.244.2.177:80)
      tomcat.mushuang.com  
                           /   tomcat-service:8080 (10.244.1.157:8080,10.244.2.178:8080,10.244.2.179:8080)
    Annotations:           <none>
    Events:
      Type    Reason  Age                    From                      Message
      ----    ------  ----                   ----                      -------
      Normal  Sync    2m17s (x2 over 2m40s)  nginx-ingress-controller  Scheduled for sync
      Normal  Sync    2m16s (x2 over 2m39s)  nginx-ingress-controller  Scheduled for sync
    [root@k8s-master ~]# 
      
      
    [root@k8s-master ~]# kubectl get svc -n ingress-nginx
    NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
    ingress-nginx-controller             NodePort    10.96.41.129     <none>        80:30080/TCP,443:30443/TCP   89m
    ingress-nginx-controller-admission   ClusterIP   10.108.188.249   <none>        443/TCP                      89m
    [root@k8s-master ~]#
    
    3.2 访问
    • 访问nginx:https://nginx.mushuang.com:30443/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-S0CXVOLM-1663690357747)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220921000741312.png)]

    • 访问tomcat:https://tomcat.mushuang.com:30443/

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-LeT0tbot-1663690357748)(C:/Users/Administrator/AppData/Roaming/Typora/typora-user-images/image-20220921000839538.png)]

  • 相关阅读:
    【Vue】生命周期一文详解
    大数据技术主要包含哪些技术
    JVM-5
    Gerrrit 管理员常用命令
    2023年7月京东平板电脑行业品牌销售排行榜(京东销售数据分析)
    Angular知识整合一:Angular中的组件和一些基本概念
    [附源码]java毕业设计水库水面漂浮物WEB系统
    使用tailwindcss轻松实现移动端rem适配
    什么是反向代理(Reverse Proxy)?解释反向代理的作用和常见应用。
    Regular Expression
  • 原文地址:https://blog.csdn.net/mushuangpanny/article/details/126964281