4.2.k8s.Ingress-Nginx

Ingress-Nginx

ingress-nginx为7层代理,通过配置域名访问后端服务
ingress-nginx容器和kubernetes api交互,动态生成nginx配置
ingress服务定义域名规则,最终更新到ingress容器
官网
https://kubernetes.github.io/ingress-nginx/deploy/
https://github.com/kubernetes/ingress-nginx

#部署ingress-nginx

#下载ingress-nginx yaml文件
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

#查看image
grep image mandatory.yaml
#更改镜像源(hub.docker.com官网找镜像)
sed -i 's@quay.io/kubernetes-ingress-controller@siriuszg@' mandatory.yaml
#下载镜像
docker pull $(awk '/image/{print $2}' mandatory.yaml)

#部署Pod
kubectl apply -f mandatory.yaml

#查看
kubectl get pod -n ingress-nginx

#下载NodePort yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

#NodePort默认为随机端口,固定添加端口30080 30443
sed  -i '/targetPort: 80/a\ \ \ \ \ \ nodePort: 30080' service-nodeport.yaml
sed  -i '/targetPort: 443/a\ \ \ \ \ \ nodePort: 30443' service-nodeport.yaml

#部署
kubectl apply -f service-nodeport.yaml

#查看
kubectl get svc -n ingress-nginx

#部署后端web demo

#ingress-nginx-demo.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
 name: nginx-dm
spec:
 replicas: 2
 template:
   metadata:
     labels:
       name: nginx
   spec:
     containers:
     - name: myapp
       image: alivv/nginx:node
       imagePullPolicy: IfNotPresent
       ports:
       - name: http
         containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
 name: nginx-svc
spec:
 selector:
   name: nginx
 ports:
   - port: 80
     targetPort: 80
     protocol: TCP

#ingress 使用域名代理

#ingress-nginx-http.yaml

#Ingress HTTP代理 http://abc1.tt.dev
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: ingress-nginx-http-demo
spec:
 rules:
   - host: abc1.tt.dev
     http:
       paths:
       - path: /
         backend:
           serviceName: nginx-svc
           servicePort: 80

---
#Ingress HTTPS代理 https://abc2.tt.dev
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: ingress-nginx-https-demo
spec:
 tls:
   - hosts:
     - abc2.tt.dev
     secretName: tls-secret
 rules:
   - host: abc2.tt.dev
     http:
       paths:
       - path: /
         backend:
           serviceName: nginx-svc
           servicePort: 80
#创建域名证书,https用
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/O=DevOps/CN=abc2.tt.dev"
#创建cert存储
kubectl create secret tls tls-secret --key tls.key --cert tls.crt

#部署
kubectl apply -f ingress-nginx-demo.yaml
kubectl apply -f ingress-nginx-http.yaml

#查看
kubectl  get pod
kubectl  get deployment
kubectl  get svc -A
kubectl  get ingress

#查看ingress-nginx容器Nginx配置
pod_ingress=$(kubectl get pod -n ingress-nginx |awk '/nginx-ingress/{print $1}')
kubectl exec -it -n ingress-nginx $pod_ingress -- cat /etc/nginx/nginx.conf

#访问测试
#host解析tt.dev
echo "127.0.0.1    abc1.tt.dev abc2.tt.dev" >>/etc/hosts
#curl访问域名
curl  http://abc1.tt.dev:30080
curl  https://abc2.tt.dev:30443 -k

#Ingress-Nginx BasicAuth 密码验证

#ingress-with-auth.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: ingress-with-auth
 annotations:
   nginx.ingress.kubernetes.io/auth-type: basic
   nginx.ingress.kubernetes.io/auth-secret: basic-auth
   nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
 rules:
 - host: auth.tt.dev
   http:
     paths:
     - path: /
       backend:
         serviceName: nginx-svc
         servicePort: 80
#创建密码文件auth 用户foo 密码pswd
#yum install httpd-tools
#htpasswd -bc auth  foo pswd
docker run -it --rm -v $(pwd):/data -w /data jess/htpasswd   -bc auth  foo pswd 
cat auth
kubectl create secret generic basic-auth --from-file=auth
kubectl get secret basic-auth -o yaml

#创建
kubectl apply -f ingress-with-auth.yaml

#master节点host解析abc.tt.dev
echo "127.0.0.1    auth.tt.dev" >>/etc/hosts
#curl访问测试
curl http://auth.tt.dev:30080  #无认证用户,访问失败
curl http://auth.tt.dev:30080 -u 'foo:pswd'

#删除测试项

#删除
kubectl delete -f ingress-with-auth.yaml
kubectl delete -f ingress-nginx-http.yaml
kubectl delete -f ingress-nginx-demo.yaml
kubectl delete -f service-nodeport.yaml
kubectl delete -f mandatory.yaml
kubectl delete secret tls-secret
kubectl delete secret basic-auth
sed -i '/tt.dev/d' /etc/hosts

Blog地址 https://www.cnblogs.com/elvi/p/11755780.html
本文git地址 https://gitee.com/alivv/k8s/tree/master/notes

posted @ 2019-10-28 22:21  Elvin-vip  阅读(547)  评论(0编辑  收藏  举报
https://rpc.cnblogs.com/metaweblog/elvi