附020.Nginx-ingress部署及使用

一 手动部署-官网版

1.1 获取资源

  1 [root@master01 ~]# mkdir ingress
  2 [root@master01 ~]# cd ingress/
  3 [root@master01 ingress]# git clone https://github.com/nginxinc/kubernetes-ingress/
  4 [root@master01 ingress]# cd kubernetes-ingress/deployments
  5 [root@master01 ingress]# git checkout v1.7.0

1.2 安装RBAC

  1 [root@master01 deployments]# kubectl apply -f common/ns-and-sa.yaml #部署namespace及ServiceAccount
  2 [root@master01 deployments]# kubectl apply -f rbac/rbac.yaml #部署RBAC角色及权限等

1.3 安装基础资源

  1 [root@master01 deployments]# kubectl apply -f common/default-server-secret.yaml

说明:

创建TLS证书和NGINX中默认服务器的secret。默认服务器返回Not Found页面,其中包含404状态代码,用于未定义的所有访问规则请求的返回值。默认包含了一个自签名的证书和生成的密钥。

  1 [root@master01 deployments]# kubectl apply -f common/nginx-config.yaml
  2 [root@master01 deployments]# kubectl apply -f common/vs-definition.yaml
  3 [root@master01 deployments]# kubectl apply -f common/vsr-definition.yaml
  4 [root@master01 deployments]# kubectl apply -f common/ts-definition.yaml #创建虚拟主机
  5 [root@master01 deployments]# kubectl apply -f common/gc-definition.yaml
  6 [root@master01 deployments]# kubectl apply -f common/global-configuration.yaml

1.4 安装ingress controllers

  1 [root@master01 deployments]# vi daemon-set/nginx-ingress.yaml
  1 ……
  2           - -global-configuration=$(POD_NAMESPACE)/nginx-configuration
  3 ……
  1 [root@master01 deployments]# kubectl apply -f daemon-set/nginx-ingress.yaml
  2 [root@master01 deployments]# kubectl get pods --namespace=nginx-ingress
  3 NAME READY STATUS RESTARTS AGE
  4 
  5 nginx-ingress-cqv2m 1/1 Running 0 43s
  6 nginx-ingress-fpmbv 1/1 Running 0 43s
  7 nginx-ingress-kdl9p 1/1 Running 0 43s
  8 nginx-ingress-lggw9 1/1 Running 0 43s
  9 nginx-ingress-lnw28 1/1 Running 0 43s
 10 nginx-ingress-z8rn8 1/1 Running 0 43s

1.5 创建ingress controllers service

[root@master01 deployments]# vi service/nodeport.yaml

  1 apiVersion: v1
  2 kind: Service
  3 metadata:
  4   name: nginx-ingress
  5   namespace: nginx-ingress
  6 spec:
  7   type: NodePort
  8   ports:
  9   - port: 80
 10     targetPort: 80
 11     protocol: TCP
 12     name: http
 13     nodePort: 30011
 14   - port: 443
 15     targetPort: 443
 16     protocol: TCP
 17     name: https
 18     nodePort: 30012
 19   selector:
 20     app: nginx-ingress
  1 [root@master01 deployments]# kubectl create -f service/nodeport.yaml
  2 [root@master01 deployments]# kubectl get svc nginx-ingress --namespace=nginx-ingress
  3 [root@master01 deployments]# kubectl describe svc nginx-ingress --namespace=nginx-ingress

clipboard

参考文档:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/。

二 手动部署-github社区版(推荐)

2.1 获取资源

  1 [root@master01 ~]# mkdir ingress
  2 [root@master01 ~]# cd ingress/
  3 [root@master01 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml
  4 [root@master01 ingress]# vi deploy.yaml

  1 ……
  2 apiVersion: apps/v1
  3 kind: Deployment
  4 ……
  5 spec:
  6   replicas: 3
  7 ……
  8             - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
  9 ……
 10 apiVersion: v1
 11 kind: Service
 12 ……
 13   name: ingress-nginx-controller
 14 ……
 15 spec:
 16   type: NodePort
 17   externalTrafficPolicy: Local
 18   ports:
 19     - name: http
 20       port: 80
 21       protocol: TCP
 22       targetPort: http
 23       nodePort: 80
 24     - name: https
 25       port: 443
 26       protocol: TCP
 27       targetPort: https
 28       nodePort: 443
 29 ……

[root@master01 ingress]# kubectl create -f deploy.yaml

提示:添加默认backend需要等待default-backend创建完成controllers才能成功部署。

2.2 创建default backend

[root@master01 ingress]# vi default-backend.yaml

  1 ---
  2 apiVersion: apps/v1
  3 kind: Deployment
  4 metadata:
  5   name: default-http-backend
  6   labels:
  7     app.kubernetes.io/name: default-http-backend
  8     app.kubernetes.io/part-of: ingress-nginx
  9   namespace: ingress-nginx
 10 spec:
 11   replicas: 1
 12   selector:
 13     matchLabels:
 14       app.kubernetes.io/name: default-http-backend
 15       app.kubernetes.io/part-of: ingress-nginx
 16   template:
 17     metadata:
 18       labels:
 19         app.kubernetes.io/name: default-http-backend
 20         app.kubernetes.io/part-of: ingress-nginx
 21     spec:
 22       terminationGracePeriodSeconds: 60
 23       containers:
 24         - name: default-http-backend
 25           # Any image is permissible as long as:
 26           # 1. It serves a 404 page at /
 27           # 2. It serves 200 on a /healthz endpoint
 28           image: k8s.gcr.io/defaultbackend-amd64:1.5
 29           livenessProbe:
 30             httpGet:
 31               path: /healthz
 32               port: 8080
 33               scheme: HTTP
 34             initialDelaySeconds: 30
 35             timeoutSeconds: 5
 36           ports:
 37             - containerPort: 8080
 38           resources:
 39             limits:
 40               cpu: 10m
 41               memory: 20Mi
 42             requests:
 43               cpu: 10m
 44               memory: 20Mi
 45 
 46 ---
 47 apiVersion: v1
 48 kind: Service
 49 metadata:
 50   name: default-http-backend
 51   namespace: ingress-nginx
 52   labels:
 53     app.kubernetes.io/name: default-http-backend
 54     app.kubernetes.io/part-of: ingress-nginx
 55 spec:
 56   ports:
 57     - port: 80
 58       targetPort: 8080
 59   selector:
 60     app.kubernetes.io/name: default-http-backend
 61     app.kubernetes.io/part-of: ingress-nginx
 62 ---
  1 [root@master01 ingress]# kubectl create -f default-backend.yaml

2.3 确认验证

  1 [root@master01 ingress]# kubectl get pods -n ingress-nginx
  2 [root@master01 ingress]# kubectl get svc -n ingress-nginx

clipboard

参考文档:https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md。

三 ingress使用

3.1 创建demo环境

  1 [root@master01 ingress]# vi deploy-demo01.yaml #创建第一个用于测试的svc和pod
  1 apiVersion: v1
  2 kind: Service
  3 metadata:
  4   name: mydemo01svc
  5   namespace: default
  6 spec:
  7   selector:
  8     app: mydemo01
  9   ports:
 10   - name: http
 11     port: 80
 12     targetPort: 80
 13 ---
 14 apiVersion: apps/v1
 15 kind: Deployment
 16 metadata:
 17   name: mydemo01pod
 18 spec:
 19   replicas: 3
 20   selector:
 21     matchLabels:
 22       app: mydemo01
 23   template:
 24     metadata:
 25       labels:
 26         app: mydemo01
 27     spec:
 28       containers:
 29       - name: myapp
 30         image: ikubernetes/myapp:v2
 31         ports:
 32         - name: httpd
 33           containerPort: 80
  1 [root@master01 ingress]# echo '<h1>Hello world!</h1>' > index.html #创建Tomcat测试页面
  2 [root@master01 ingress]# scp index.html root@worker01:/etc/kubernetes/
  3 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/
  4 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/
  5 [root@master01 ingress]# vi deploy-demo02.yaml #创建第二个用于测试的svc和pod

  1 apiVersion: v1
  2 kind: Service
  3 metadata:
  4   name: mydemo02svc
  5   namespace: default
  6 spec:
  7   selector:
  8     app: mydemo02
  9   ports:
 10   - name: httpd
 11     port: 8080
 12     targetPort: 8080
 13 
 14 ---
 15 apiVersion: apps/v1
 16 kind: Deployment
 17 metadata:
 18   name: mydemo02pod
 19 spec:
 20   replicas: 3
 21   selector:
 22     matchLabels:
 23       app: mydemo02
 24   template:
 25     metadata:
 26       labels:
 27         app: mydemo02
 28     spec:
 29       containers:
 30       - name: mytomcat
 31         image: tomcat:9
 32         ports:
 33         - name: httpd
 34           containerPort: 8080
 35         volumeMounts:
 36         - mountPath: "/usr/local/tomcat/webapps/ROOT/index.html"
 37           name: sample-volume
 38           readOnly: true
 39       volumes:
 40       - name: sample-volume
 41         hostPath:
 42           type: File
 43           path: /etc/kubernetes/index.html
  1 [root@master01 ingress]# kubectl apply -f deploy-demo01.yaml
  2 [root@master01 ingress]# kubectl apply -f deploy-demo02.yaml
  3 [root@master01 ingress]# kubectl get pods -o wide
  4 [root@master01 ingress]# kubectl get svc -o wide

clipboard

3.2 创建ingress策略

  1 [root@master01 ingress]# vi deploy-demo-ingress-http.yaml
  1 apiVersion: networking.k8s.io/v1beta1
  2 kind: Ingress
  3 metadata:
  4   name: ingress-mydemo
  5   namespace: default
  6   annotations:
  7     kubernetes.io/ingress.class: "nginx"
  8 spec:
  9   rules:
 10   - host: demo01.odocker.com
 11     http:
 12       paths:
 13       - path:
 14         backend:
 15           serviceName: mydemo01svc
 16           servicePort: 80
 17   - host: demo02.linuxsb.com
 18     http:
 19       paths:
 20       - path:
 21         backend:
 22           serviceName: mydemo02svc
 23           servicePort: 8080
  1 [root@master01 ingress]# kubectl apply -f deploy-demo-ingress-http.yaml
  2 [root@master01 ingress]# kubectl get pods -o wide
  3 [root@master01 ingress]# kubectl get svc -o wide
  4 [root@master01 ingress]# kubectl get ingress -o wide

clipboard

3.3 确认验证

添加demo01.odocker.com和demo02.odocker.com的解析。分别访问两个地址:

clipboard

参考:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/

四 ingress https使用

4.1 创建证书

使用自签名证书,证书创建参考《附008.Kubernetes TLS证书介绍及创建》。

4.2 创建secret

  1 [root@master01 ingress]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo02.key -out demo02.crt -subj "/CN=demo02.odocker.com"
  2 [root@master01 ingress]# kubectl create secret generic demo02-tls --from-file=demo02.crt --from-file=demo02.key -n default
  3 [root@master01 ingress]# kubectl get secret demo02-tls 
  4 NAME TYPE DATA AGE
  5 
  6 demo02-tls Opaque 2 27s

4.3 创建TLS ingress策略

[root@master01 ingress]# vi deploy-demo-ingress-https.yaml

  1 apiVersion: networking.k8s.io/v1beta1
  2 kind: Ingress
  3 metadata:
  4   name: ingress-mydemo02-https
  5   namespace: default
  6   annotations:
  7     kubernets.io/ingress.class: "nginx"
  8 spec:
  9   tls:
 10   - hosts:
 11     - demo02.odocker.com
 12     secretName: demo02-tls
 13   rules:
 14   - host: demo02.odocker.com
 15     http:
 16       paths:
 17       - path:
 18         backend:
 19           serviceName: mydemo02svc
 20           servicePort: 8080

[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-https.yaml

4.4 确认验证

浏览器访问:https://demo02.odocker.com/

clipboard

posted @ 2020-06-02 13:47  木二  阅读(752)  评论(0编辑  收藏