文章目录
Ingress
Ingress部署
官网下载yaml文件
官网地址:
https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
将镜像上传至集群使用的harbor仓库,并修改yaml文件中image:
地址
应用这个yaml文件
kubectl apply -f deploy.yaml
kubectl -n ingress-nginx edit svc ingress-nginx-controller
将type改成LoadBalancer
查看创建出的ns
kubectl get ns
查看这个ns的全部信息
kubectl -n ingress-nginx get all
如果svc里面没有出现ingress-nginx-controller 的EXTERNAL-IP 则参考此连接文章的LoadBalancer 将这个类型部署一个ConfigMap
https://blog.csdn.net/Puuwuuchao/article/details/119172011#t5
Ingress-nginx+域名解析
创建pod:nginx myapp
vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: myapp:v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deployment
labels:
app: myapp
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:v2
应用yaml文件,创建pod
kubectl apply -f deployment.yaml
查看创建的pod
创建服务
vim svc.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: nginx
---
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
应用yaml文件,创建服务
kubectl apply -f svc.yaml
查看服务信息
kubectl get svc
kubectl describe svc nginx-svc
kubectl describe svc myapp-svc
ingress.yaml下赋予域名匹配,用于匹配service
vim ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
spec:
rules:
- host: www1.westos.org
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
spec:
rules:
- host: www2.westos.org
http:
paths:
- path: /
backend:
serviceName: myapp-svc
servicePort: 80
kubectl get ingress
查看ingress
在真机中加入地址解析
vim /etc/hosts
172.25.21.10 www1.westos.org www2.westos.org
[root@server1 ingress]# curl www2.westos.org
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@server1 ingress]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
可以看一下这些ingress的详细信息
kubectl describe ingress ingress-nginx
kubectl describe ingress ingress-myapp
Ingress TLS 配置
首先创建crt和key,然后生成secret
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt
加入TLS配置
vim ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
spec:
tls:
- hosts:
- www1.westos.org
secretName: tls-secret
rules:
- host: www1.westos.org
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
应用yaml文件
kubectl apply -f ingress.yaml
查看创建的secret
kubectl get secrets
查看创建的ingress
kubectl get ingress
查看这个ingress的具体信息,可以看到已经配置了TLS
kubectl describe ingress
测试 curl www1.westos.org -I
可以看到跳转到了 https://www1.westos.org
测试curl https://www1.westos.org -k
Ingress 认证配置
首先下载httpd-tools 创建一个用户,并生成secret
yum install -y httpd-tools
htpasswd -c auth pwc
kubectl create secret generic basic-auth --from-file=auth
编辑yaml文件,加入认证
vim ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - pwc'
spec:
tls:
- hosts:
- www1.westos.org
secretName: tls-secret
rules:
- host: www1.westos.org
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
kubectl apply -f ingress.yaml
应用yaml文件后,查看ingress信息,可以看到已经加入了认证信息
kubectl describe ingress
网页测试:www1.westos.org
Ingress 地址重写
vim ingress-rewrite.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - pwc'
nginx.ingress.kubernetes.io/app-root: /hostname.html
spec:
tls:
- hosts:
- www1.westos.org
secretName: tls-secret
rules:
- host: www1.westos.org
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
加入下面这条后,你访问www1.westos.org后,最终会被转发到https://www1.westos.org/hostname.htmlnginx.ingress.kubernetes.io/app-root: /hostname.html
重新应用这个yaml文件
查看ingress信息,可以看到地址重写已经加入
kubectl describe ingress
在浏览器测试,输入www1.westos.org
地址重写生效