企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

文章目录

Ingress

Ingress部署

官网下载yaml文件
官网地址:
https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml

将镜像上传至集群使用的harbor仓库,并修改yaml文件中image:地址

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
应用这个yaml文件

kubectl apply -f deploy.yaml

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

kubectl  -n ingress-nginx  edit svc ingress-nginx-controller

将type改成LoadBalancer

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

查看创建出的ns

kubectl  get ns

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
查看这个ns的全部信息

kubectl  -n ingress-nginx  get all

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
如果svc里面没有出现ingress-nginx-controller 的EXTERNAL-IP 则参考此连接文章的LoadBalancer 将这个类型部署一个ConfigMap
https://blog.csdn.net/Puuwuuchao/article/details/119172011#t5

Ingress-nginx+域名解析

创建pod:nginx myapp
vim deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: myapp:v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deployment
  labels:
    app: myapp
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp
        image: myapp:v2

应用yaml文件,创建pod

kubectl apply -f deployment.yaml

查看创建的pod
企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

创建服务

vim svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: myapp-svc
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app: myapp

应用yaml文件,创建服务

kubectl apply -f svc.yaml

查看服务信息

kubectl  get svc

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

kubectl  describe svc nginx-svc
kubectl  describe svc myapp-svc

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
ingress.yaml下赋予域名匹配,用于匹配service
vim ingress.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx
spec:
  rules:
  - host: www1.westos.org
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
spec:
  rules:
  - host: www2.westos.org
    http:
      paths:
      - path: /
        backend:
          serviceName: myapp-svc
          servicePort: 80
kubectl  get ingress

查看ingress

在真机中加入地址解析

vim /etc/hosts
172.25.21.10 www1.westos.org www2.westos.org
[root@server1 ingress]# curl  www2.westos.org
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@server1 ingress]# curl  www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

可以看一下这些ingress的详细信息

 kubectl  describe  ingress ingress-nginx
 kubectl  describe  ingress ingress-myapp

Ingress TLS 配置

首先创建crt和key,然后生成secret

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt

加入TLS配置
vim ingress.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx
spec:
  tls:
  - hosts:
    - www1.westos.org
    secretName: tls-secret
  rules:
  - host: www1.westos.org
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

应用yaml文件

kubectl apply -f ingress.yaml

查看创建的secret

kubectl get secrets 

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
查看创建的ingress

kubectl get ingress

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
查看这个ingress的具体信息,可以看到已经配置了TLS

kubectl  describe ingress

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路测试 curl www1.westos.org -I
可以看到跳转到了 https://www1.westos.org
企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
测试curl https://www1.westos.org -k
企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

Ingress 认证配置

首先下载httpd-tools 创建一个用户,并生成secret

yum install -y httpd-tools
htpasswd -c auth pwc
kubectl create secret generic basic-auth --from-file=auth

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路编辑yaml文件,加入认证

vim ingress.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - pwc'
spec:
  tls:
  - hosts:
    - www1.westos.org
    secretName: tls-secret
  rules:
  - host: www1.westos.org
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80
kubectl apply -f ingress.yaml

应用yaml文件后,查看ingress信息,可以看到已经加入了认证信息

kubectl  describe ingress

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路网页测试:www1.westos.org
企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

Ingress 地址重写

vim ingress-rewrite.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-nginx
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - pwc'
    nginx.ingress.kubernetes.io/app-root: /hostname.html
spec:
  tls:
  - hosts:
    - www1.westos.org
    secretName: tls-secret
  rules:
  - host: www1.westos.org
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

加入下面这条后,你访问www1.westos.org后,最终会被转发到https://www1.westos.org/hostname.html
nginx.ingress.kubernetes.io/app-root: /hostname.html

重新应用这个yaml文件
企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路查看ingress信息,可以看到地址重写已经加入

kubectl  describe ingress

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路
在浏览器测试,输入www1.westos.org
企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路地址重写生效

企业运维实战之k8s(Ingress-nginx)初学者必看,点赞关注后期不迷路

上一篇:ECS 7天实践训练营进阶路线-第一天


下一篇:智能客服为什么会“抢答”了?