1.4 Ingress简单使用
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
1.//列出当前命名空间下的所有 services并请求一个域名是否是通的
[root@k8s-master01 ~]# kubectl get svc
[root@k8s-master01 ~]# curl 10.104.33.36 (#IP以实际的nginx-svc为准)
//确定域名是可以使用的;
2.//编辑ingress.yaml文件内容
[root@k8s-master01 ~]# vim ingress.yaml
apiVersion: networking.k8s.io/v1beta1 # networking.k8s.io/v1 extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
name: example
spec:
rules: # 一个ingress可以配置多个rules
- host: foo.bar.com # 域名配置,可以不写,匹配*,可以写成正则表达式 *.bar.com
http:
paths: # 相当于nginx的location配置,同一个host可以配置多个path,可以配置/ 或/abc
- backend:
serviceName: nginx-svc
servicePort: 80
path: /
01.// rewrite写法的参考网页地址:
https://kubernetes.github.io/ingress-nginx/examples/rewrite/
02.// 网页模板内容通过复制:set paste 到yaml中待修改
03.// 配置中ingress.class: "nginx" 修改的根据是来自values.yaml文件中的名字
04.//查找/ingressClass:nginx
05.//显示根据官网模板修改的内容(前面第二步骤vim的内容)
3.//创建ingress.yaml文件
[root@k8s-master01 ~]# kubectl create -f ingress.yaml
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/example created
4.//列出创建的ingress
[root@k8s-master01 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
example <none> foo.bar.com 80 26s
5.//编辑/etc文件配置解析IP,因为没有域名解析,不能直接访问foo.bar.com
01.//解析到ingress所在的节点(此处node01)
02. //node01的对应的IP是192.168.0.204
6.//访问foo.bar.com (#成功)
7.//获取指定命名空间下的 pod的详细信息
[root@k8s-master01 ~]# kubectl get pod -n ingress-nginx
01.//#该命令-owide可以显示的更完整
[root@k8s-master01 ~]# kubectl get pod -n ingress-nginx -o wide
02.//进入容器中具体查看相关rewrite内容
[root@k8s-master01 ~]# kubectl exec -it ingress-nginx-controller-59zh2 -n ingress-nginx -- sh
/etc/nginx $ ls
fastcgi.conf koi-utf modsecurity owasp-modsecurity-crs uwsgi_params.default
fastcgi.conf.default koi-win modules scgi_params win-utf
fastcgi_params lua nginx.conf scgi_params.default
fastcgi_params.default mime.types nginx.conf.default template
geoip mime.types.default opentracing.json uwsgi_params
/etc/nginx $ grep "## start server foo.bar.com" nginx.conf -A 50 (#查看后五十行内容)
## start server foo.bar.com
server {
server_name foo.bar.com ;
listen 80 ;
listen [::]:80 ;
listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location / {
set $namespace "default";
set $ingress_name "example";
set $service_name "nginx-svc";
set $service_port "80";
set $location_path "/";
set $global_rate_limit_exceeding n;
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
force_no_ssl_redirect = false,
preserve_trailing_slash = false,
use_port_in_redirects = false,
global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } },
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
plugins.run()
}
03.//容器中查看后五十行内容
grep "## start server foo.bar.com" nginx.conf -A 50
04.//往下翻看到rewrite是使用lua标准写的
浙公网安备 33010602011771号