|
前言k8s集群服务部署好之后,需要对外提域名访问,这时候就需要ingress-nginx了,今天来给大家分享一下
一、部署配置Ingress1、获取配置文件 #文件已下载到本地https://github.com/kubernetes/ingress-nginx/tree/nginx-0.20.0/deploy 2、准备镜像 unzip ingress-nginx-nginx-0.20.0.zipcd ingress-nginx-nginx-0.20.0/deploy/vim mandatory.yaml #其他文件的集合#编辑mandatory.yaml文件,将defaultbackend镜像地址改成阿里云的镜像地址(如下图)image: registry.cn-hangzhou.aliyuncs.com/allinpay/defaultbackend-amd64:v1.5 
3、安装 kubectl apply -f mandatory.yaml 
#稍等片刻,使用下列命令查询kubectl get namespacekubectl get pods -n ingress-nginx 
4、创建后端pod和service (pod-B、service-B) vim deploy-demo.yamlapiVersion: v1kind: Servicemetadata: name: myapp namespace: defaultspec: selector: app: myapp release: canary ports: - name: http targetPort: 80 port: 80--- apiVersion: apps/v1kind: Deploymentmetadata: name: myapp-deploy namespace: defaultspec: replicas: 3 selector: matchLabels: app: myapp release: canary template: metadata: labels: app: myapp release: canary spec: containers: - name: myapp image: ikubernetes/myapp:v2 ports: - name: http containerPort: 80#应用配置kubectl apply -f deploy-demo.yaml#查看kubectl get pods 
5、创建service-A vim service-nodeport.yamlapiVersion: v1kind: Servicemetadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginxspec: type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP nodePort: 30080 - name: https port: 443 targetPort: 443 protocol: TCP nodePort: 30443 selector: app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx#应用配置kubectl apply -f service-nodeport.yaml#查看kubectl get svc -n ingress-nginx 
在外部浏览器中中访问:ip:30080
此时报错的原因是因为没有生成ingress-controller关联到service-B的ingress规则;
6、定义ingress规则 定义ingress规则,此间规则会自动注入到ingress-controller(pod)的nginx.conf中;
ingress-controller是直接关联到service-B的,但是中间由ingress来生成各种规则;
vim ingress-myapp.yamlapiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-myapp namespace: default annotations: kubernetes.io/ingress.class: "nginx"spec: rules: - host: myapp.magedu.com http: paths: - path: backend: serviceName: myapp servicePort: 80 此时ingress-controller的nginx.conf中会自动生成一个server段的配置,也就是一个nginx的虚拟主机的字段,还包括upstream配置等;
upstream自动代理到后端pod(pod-B),这些都是自动生成,所以就实现了自动生成配置,自动更改配置等;
只需要改此yaml文件即可;
#应用配置kubectl apply -f ingress-myapp.yaml 
在外部主机上配置好host文件
然后在浏览器中再访问,发现已经可以访问到后端pod了
二、使用https1、创建k8s证书(要注意和后端的pod使用相同的namespace) kubectl -n default create secret tls ingress-test --key /home/centos/cert/cash432.key --cert /home/centos/cert/cash432.crt 2、创建ingress规则 注意namespace的相同性,要不然证书无法生效
vim ingress-myapp-cash432.yamlapiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-myapp namespace: default annotations: kubernetes.io/ingress.class: "nginx" kubernetes.io/secure-backends: "true" kubernetes.io/ssl-passthrough: "true"spec: tls: - hosts: - myapp.cash432.xyz secretName: ingress-test rules: - host: myapp.cash432.xyz http: paths: - path: backend: serviceName: myapp servicePort: 80#应用配置kubectl apply -f ingress-myapp-cash432.yaml 浏览器访问
下载地址:
linux中的软连接和硬连接详解
Docker Consul概述以及集群环境搭建步骤(图文详解) |
