一、什么是Ingress?
通俗来讲,ingress和之前提到的Service、Deployment,也是一个k8s的资源类型,ingress用于实现用域名的方式访问k8s内部应用
管理对集群中的服务(通常是HTTP)的外部访问的API对象。Ingress可以提供负载平衡、SSL终端和基于名称的虚拟主机
二、Ingress安装
2.1、首先安装helm管理工具
# 1、下载
[root@k8s-master01 ~]# wget https://get.helm.sh/helm-v3.4.2-linux-amd64.tar.gz
# 2、安装
[root@k8s-master01 ~]# tar -zxvf helm-v3.4.2-linux-amd64.tar.gz
[root@k8s-master01 ~]# mv linux-amd64/helm /usr/local/bin/helm
2.2、使用helm安装ingress
# 1、添加ingress的helm仓库
[root@k8s-master01 ~]# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
# 2、下载ingress的helm包至本地
[root@k8s-master01 ~]# mkdir /helm_images && cd /helm_images
[root@k8s-master01 helm_images]# helm pull ingress-nginx/ingress-nginx
# 3、更改对应的配置
[root@k8s-master01 helm_images]# tar -zxvf ingress-nginx-3.17.0.tgz && cd ingress-nginx
# 4、需要修改的位置
a) Controller和admissionWebhook的镜像地址,需要将公网镜像同步至公司内网镜像仓库
b) hostNetwork设置为true
c) dnsPolicy设置为 ClusterFirstWithHostNet
d) NodeSelector添加ingress: "true"部署至指定节点
e) 类型更改为kind: DaemonSet
f) 镜像仓库地址需要改2处
修改完成后的文件:
controller:
name: controller
image:
repository: registry.cn-beijing.aliyuncs.com/dotbalo/controller
tag: "v0.42.0"
pullPolicy: IfNotPresent
runAsUser: 101
allowPrivilegeEscalation: true
containerPort:
http: 80
https: 443
config: {}
configAnnotations: {}
proxySetHeaders: {}
addHeaders: {}
dnsConfig: {}
dnsPolicy: ClusterFirstWithHostNet
reportNodeInternalIp: false
hostNetwork: true
hostPort:
enabled: false
ports:
http: 80
https: 443
electionID: ingress-controller-leader
ingressClass: nginx
podLabels: {}
podSecurityContext: {}
sysctls: {}
publishService:
enabled: true
pathOverride: ""
scope:
enabled: false
tcp:
annotations: {}
udp:
annotations: {}
maxmindLicenseKey: ""
extraArgs: {}
extraEnvs: []
kind: DaemonSet
annotations: {}
labels: {}
updateStrategy: {}
minReadySeconds: 0
tolerations: []
affinity: {}
topologySpreadConstraints: []
terminationGracePeriodSeconds: 300
nodeSelector:
kubernetes.io/os: linux
ingress: "true"
livenessProbe:
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
port: 10254
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
port: 10254
healthCheckPath: "/healthz"
podAnnotations: {}
replicaCount: 1
minAvailable: 1
resources:
requests:
cpu: 100m
memory: 90Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 11
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
autoscalingTemplate: []
keda:
apiVersion: "keda.sh/v1alpha1"
enabled: false
minReplicas: 1
maxReplicas: 11
pollingInterval: 30
cooldownPeriod: 300
restoreToOriginalReplicaCount: false
triggers: []
behavior: {}
enableMimalloc: true
customTemplate:
configMapName: ""
configMapKey: ""
service:
enabled: true
annotations: {}
labels: {}
externalIPs: []
loadBalancerSourceRanges: []
enableHttp: true
enableHttps: true
ports:
http: 80
https: 443
targetPorts:
http: http
https: https
type: ClusterIP
nodePorts:
http: ""
https: ""
tcp: {}
udp: {}
internal:
enabled: false
annotations: {}
loadBalancerSourceRanges: []
extraContainers: []
extraVolumeMounts: []
extraVolumes: []
extraInitContainers: []
admissionWebhooks:
annotations: {}
enabled: true
failurePolicy: Fail
port: 8443
certificate: "/usr/local/certificates/cert"
key: "/usr/local/certificates/key"
namespaceSelector: {}
objectSelector: {}
service:
annotations: {}
externalIPs: []
loadBalancerSourceRanges: []
servicePort: 443
type: ClusterIP
patch:
enabled: true
image:
repository: registry.cn-beijing.aliyuncs.com/dotbalo/kube-webhook-certgen
tag: v1.5.0
pullPolicy: IfNotPresent
priorityClassName: ""
podAnnotations: {}
nodeSelector: {}
tolerations: []
runAsUser: 2000
metrics:
port: 10254
enabled: false
service:
annotations: {}
externalIPs: []
loadBalancerSourceRanges: []
servicePort: 9913
type: ClusterIP
serviceMonitor:
enabled: false
additionalLabels: {}
namespace: ""
namespaceSelector: {}
scrapeInterval: 30s
targetLabels: []
metricRelabelings: []
prometheusRule:
enabled: false
additionalLabels: {}
rules: []
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
priorityClassName: ""
revisionHistoryLimit: 10
defaultBackend:
enabled: false
name: defaultbackend
image:
repository: k8s.gcr.io/defaultbackend-amd64
tag: "1.5"
pullPolicy: IfNotPresent
runAsUser: 65534
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
extraArgs: {}
serviceAccount:
create: true
name:
extraEnvs: []
port: 8080
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 0
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
tolerations: []
affinity: {}
podSecurityContext: {}
podLabels: {}
nodeSelector: {}
podAnnotations: {}
replicaCount: 1
minAvailable: 1
resources: {}
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
service:
annotations: {}
externalIPs: []
loadBalancerSourceRanges: []
servicePort: 80
type: ClusterIP
priorityClassName: ""
rbac:
create: true
scope: false
podSecurityPolicy:
enabled: false
serviceAccount:
create: true
name:
imagePullSecrets: []
tcp: {}
udp: {}
# 5、部署ingress,给需要部署ingress的节点上打标签,这样就能指定要部署的节点了
[root@k8s-master01 ~]# kubectl label node k8s-master03 ingress=true
node/k8s-master03 labeled
# 创建一个ns
[root@k8s-master01 ~]# kubectl create ns ingress-nginx
namespace/ingress-nginx created
# 部署ingress
[root@k8s-master01 ingress-nginx]# helm install ingress-nginx -n ingress-nginx .
# 查看刚刚构建的ingress
[root@k8s-master01 ingress-nginx]# kubectl get pod -n ingress-nginx
# ingress扩容与缩容,只需要给想要扩容的节点加标签就行,缩容就把节点标签去除即可
[root@k8s-master01 ~]# kubectl label node k8s-master02 ingress=true
node/k8s-master02 labeled
[root@k8s-master01 ~]# kubectl label node k8s-master03 ingress-
node/k8s-master03 labeled
2.3、Ingress入门使用
# 创建一个ingress
cat > ingress.yaml << EFO
apiVersion: networking.k8s.io/v1beta1 # networking.k8s.io/v1 / extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
name: example
spec:
rules: # 一个Ingress可以配置多个rules
- host: foo.bar.com # 域名配置,可以不写,匹配*, *.bar.com
http:
paths: # 相当于nginx的location配合,同一个host可以配置多个path / /abc
- backend:
serviceName: nginx-svc
servicePort: 80
path: /
EFO
# 创建
[root@k8s-master01 ~]# kubectl create -f ingress.yaml
# 创建一个多域名ingress
cat ingress-mulDomain.yaml
apiVersion: networking.k8s.io/v1beta1 # networking.k8s.io/v1 / extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
name: example
spec:
rules: # 一个Ingress可以配置多个rules
- host: foo.bar.com # 域名配置,可以不写,匹配*, *.bar.com
http:
paths: # 相当于nginx的location配合,同一个host可以配置多个path / /abc
- backend:
serviceName: nginx-svc
servicePort: 80
path: /
- host: foo2.bar.com # 域名配置,可以不写,匹配*, *.bar.com
http:
paths: # 相当于nginx的location配合,同一个host可以配置多个path / /abc
- backend:
serviceName: nginx-svc-external
servicePort: 80
path: /