文章目录
Ingress 介绍+重定向语法案例
一、ingress种类
-
ingress主要是为服务提供外网入口
-
种类:
- Nginx Ingress
- treafik
- 服务网格:istio
二、配置安装Ingress
1.安装Ingress
# 下载Ingress Nginx配置清单
[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml
# 修改镜像
[root@k8s-master1 ~]# sed -i 's#k8s.gcr.io/ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a#registry.cn-hangzhou.aliyuncs.com/k8sos/ingress-controller:v0.44.0#g' deploy.yaml
# 开始部署
[root@k8s-master1 ~]# kubectl apply -f deploy.yaml
# 检查
[root@k8s-master1 ~]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-g9brk 0/1 Completed 0 3d22h
ingress-nginx-admission-patch-tzlgf 0/1 Completed 0 3d22h
ingress-nginx-controller-8494fd5b55-wpf9g 1/1 Running 0 3d22h
2.测试http
- 部署服务(Deployment + Service)
- 编写ingress配置清单(见下文)
- 命名空间、域名不同,需重新部署证书
三、案例
1.配置清单wordpress
1)编写配置清单
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: wordpress
namespace: wordpress
spec:
rules:
- host: www.wordpress.local
http:
paths:
- path: /
backend:
serviceName: wordpress
servicePort: 80
2)测试部署https
1、创建证书
[root@k8s-master1 ~]# openssl genrsa -out tls.key 2048
[root@k8s-master1 ~]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.wordpress.local
2、部署证书
[root@k8s-master1 ~]# kubectl -n wordpress create secret tls ingress-tls --cert=tls.crt --key=tls.key
3、编写ingress配置清单(见下文)
4、部署并测试
[root@k8s-master1 ~]# curl -k https://www.wordpress.local:44490/
2.配置清单wordpress-nginx
- 以下测试,均是采用本配置清的基础之上来添加配置
1)编写配置清单源文件
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-ingress-nginx-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- www.test-nginx.com
secretName: ingress-tls
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: wordpress-nginx
servicePort: 80
2)测试部署https
1、创建证书
[root@k8s-master1 ~]# openssl genrsa -out tls.key 2048
[root@k8s-master1 ~]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.test-nginx.com
2、部署证书
[root@k8s-master1 ~]# kubectl -n default create secret tls ingress-tls --cert=tls.crt --key=tls.key
3、编写ingress配置清单(见下文)
4、部署并测试
[root@k8s-master1 ~]# curl -k https://www.test-nginx.com:44350/
3.nginx ingress常用语法
-
注:
- 配置完成后,在宿主机的 hosts 添加ip与域名进行解析
- 重定向后,重定向以下的代码即已无用
-
k8s官网参考用法:
https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#service-upstream
1)域名重定向(不能重定向 / )
- 今天加此一行即可
- nginx.ingress.kubernetes.io/rewrite-target: https:https://www.baidu.com/s?wd=hello
cat > cdx.yaml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nignx-tls
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com
spec:
rules:
- host: cdx.com
http:
paths:
- path: /
backend:
serviceName: wordpress-nginx
servicePort: 80
EOF
2)设置ingress白名单
- 只能给集群外部使用,集群内用不了
- 加入以下配置即可:
- nginx.ingress.kubernetes.io/permanent-redirect: https://www.baidu.com
cat > test-bmd.yaml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nignx-tls
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/permanent-redirect: https://www.baidu.com
spec:
rules:
- host: www.bmd.com
http:
paths:
- path: /
backend:
serviceName: wordpress-nginx
servicePort: 80
EOF
3)域名重定向
- 加入以下配置即可:
- nginx.ingress.kubernetes.io/permanent-redirect: https://www.baidu.com
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress-nginx-tls
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/permanent-redirect: https://www.baidu.com
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: wordpress-nginx
servicePort: 80
4)使用正则的方式匹配(支持的正则比较少)
- 加入以下配置即可:
- nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=$1
- path: /(.+)
cat > zhengze.yaml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress-nginx-tls
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=$1
spec:
rules:
- host: zhengze.com
http:
paths:
- path: /(.+)
backend:
serviceName: wordpress-nginx
servicePort: 80
EOF
5)nginx登录
- 加入以下配置即可:
- nginx.ingress.kubernetes.io/auth-type: basic
- nginx.ingress.kubernetes.io/auth-secret: basic-auth
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress-nginx-tls
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: wordpress-nginx
servicePort: 80
4.设置nginx常用用法的时候
- 有两种方式:
- 注解:当前ingress生效
- configMap:全局ingress生效