k8s-Ingress
https://kubernetes.github.io/ingress-nginx/deploy/ 官网部署指南
介绍:管理对集群中的服务(通常是HTTP)的外部访问的API对象。Ingress可以提供负载平衡、SSL终端和基于名称的虚拟主机。
1 第一种情况,访问域名需要加端口
一 部署安装
## 必须执行 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml ## 下面这个是nodeip类型的() kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml
在安装ingress之前,需要先编辑mandatory.yaml文件,把里面的kind类型更改为demoset,然后在吧replicas注释掉,如图:以保证每个node节点运行ingress
然后查看是ingress否启动成功
kubectl get pod -n ingress-nginx
然后在查看svc
二创建deployment和svc,ingress
2.1 创建deployment(pod)和svc
kubectl apply -f deployment.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-dm spec: replicas: 2 template: metadata: labels: name: nginx spec: containers: - name: nginx image: huningfei/nginx:v1 imagePullPolicy: IfNotPresent #如果本地有,就不拉取 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: nginx-svc spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx
2.2创建ingress
kubectl apply -f ingress.yaml
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-test spec: rules: - host: www.hu.com http: paths: - path: / backend: serviceName: nginx-svc #这里的名字要和svc名字一致 servicePort: 80 #端口也要和上面一致
2.3 查看ingress
kubectl get svc -n ingress-nginx #查看对外暴露的端口
先编辑host文件
浏览器访问:不停的刷新会发现会在两个pod直接交替访问
2 第二种情况,直接用域名访问
一 下载 mandatory.yaml文件
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
二 编辑mandatory文件
1 镜像地址修改:image: lizhenliang/nginx-ingress-controller:0.20.0
2 使用宿主机网络 hostNetwork: true #212行下面 这个参数是保证用域名访问的前提
3 副本,可改可不改,默认是1 replicas: 1 #194行
4 更改 类型 kind: DaemonSet #191行,保证每个node节点运行ingress
然后 kubectl apply -f mandatory.yaml,查看ingress
三创建deployment和svc,ingress
3.1 创建deployment和svc
[root@k8s-master01 ingress]# cat nginx.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.15.4 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: nginx-service labels: app: nginx spec: type: NodePort #可以不加 ports: - port: 80 targetPort: 80 selector: app: nginx --- #也可以用无头服务 apiVersion: v1 kind: Service metadata: name: nginx-service labels: app: nginx spec: selector: app: nginx clusterIP: "None" ports: - port: 80 targetPort: 80
3.2 创建ingress
[root@k8s-master01 ingress]# cat ingress-nginx.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-example annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: foo.bar.com http: paths: - path: / backend: serviceName: nginx-service servicePort: 80
3.3 查看ingress
浏览器访问:
3 ingress-https
一 创建证书,以及 cert 存储方式
# 生成证书 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc" # 创建密钥 kubectl create secret tls tls-secret --key tls.key --cert tls.crt
查看 secret
二 创建ingress-https
其中的pod和svc使用的是上面第1种情况中的
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-test spec: tls: - hosts: - foo.bar.com secretName: tls-secret #跟上面的secret名字一致 rules: - host: foo.bar.com http: paths: - path: / backend: serviceName: nginx-svc servicePort: 80
三 浏览器访问
4 Nginx 进行 BasicAuth(认证访问)
一 安装 http
yum -y install httpd htpasswd -c auth foo #设置密码 kubectl create secret generic basic-auth --from-file=auth
查看证书
二 创建auth-ingress
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-with-auth annotations: nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/auth-secret: basic-auth nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo' spec: rules: - host: foo2.bar.com http: paths: - path: / backend: serviceName: nginx-svc servicePort: 80
三 浏览器访问
输入用户名和密码访问
foo 密码 123456
5 nginx重写功能
演示:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-test annotations: nginx.ingress.kubernetes.io/rewrite-target: http://www1.atguigu.com spec: rules: - host: foo3.bar.com http: paths: - path: / backend: serviceName: nginx-svc servicePort: 80
浏览器访问效果,访问foo3.bar.com会跳转到http://www1.atguigu.com/