k8s之ingress
1、前期准备
1.1mandatory.yaml准备
使用mandatory.yaml安装。mandatory.yaml是ingress所有资源yml文件的集合,其中包configmap.yaml、namespace.yaml、rbac.yaml、service-nodeport.yaml、with-rbac.yaml
官网下载链接:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
若官网无法下载可以使用下列文件:
apiVersion: v1
kind: Namespace
metadata:name: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:name: nginx-configurationnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: tcp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: udp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: v1
kind: ServiceAccount
metadata:name: nginx-ingress-serviceaccountnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: nginx-ingress-clusterrolelabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- endpoints- nodes- pods- secretsverbs:- list- watch- apiGroups:- ""resources:- nodesverbs:- get- apiGroups:- ""resources:- servicesverbs:- get- list- watch- apiGroups:- ""resources:- eventsverbs:- create- patch- apiGroups:- "extensions"- "networking.k8s.io"resources:- ingressesverbs:- get- list- watch- apiGroups:- "extensions"- "networking.k8s.io"resources:- ingresses/statusverbs:- update---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:name: nginx-ingress-rolenamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- pods- secrets- namespacesverbs:- get- apiGroups:- ""resources:- configmapsresourceNames:# Defaults to "<election-id>-<ingress-class>"# Here: "<ingress-controller-leader>-<nginx>"# This has to be adapted if you change either parameter# when launching the nginx-ingress-controller.- "ingress-controller-leader-nginx"verbs:- get- update- apiGroups:- ""resources:- configmapsverbs:- create- apiGroups:- ""resources:- endpointsverbs:- get---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: nginx-ingress-role-nisa-bindingnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: nginx-ingress-role
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: nginx-ingress-clusterrole-nisa-bindinglabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: nginx-ingress-clusterrole
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionsterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linuxcontainers:- name: nginx-ingress-controllerimage: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0args:- /nginx-ingress-controller- --configmap=$(POD_NAMESPACE)/nginx-configuration- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services- --udp-services-configmap=$(POD_NAMESPACE)/udp-services- --publish-service=$(POD_NAMESPACE)/ingress-nginx- --annotations-prefix=nginx.ingress.kubernetes.iosecurityContext:allowPrivilegeEscalation: truecapabilities:drop:- ALLadd:- NET_BIND_SERVICE# www-data -> 101runAsUser: 101env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespaceports:- name: httpcontainerPort: 80protocol: TCP- name: httpscontainerPort: 443protocol: TCPlivenessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 10readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPperiodSeconds: 10successThreshold: 1timeoutSeconds: 10lifecycle:preStop:exec:command:- /wait-shutdown---apiVersion: v1
kind: LimitRange
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:limits:- min:memory: 90Micpu: 100mtype: Container
1.2service-nodeport.yaml准备
service-nodeport.yaml为ingress通过nodeport对外提供服务,nodeport随机暴露对外访问端口,可以编辑该文件自定义端口,但是端口必须是30000以上的端口。
service-nodeport.yaml官网下载地址:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
若官网无法下载可以使用下列文件:
apiVersion: v1
kind: Service
metadata:name: ingress-nginxnamespace: ingress-nginx
spec:type: NodePortports:- name: httpport: 80targetPort: 80protocol: TCP- name: httpsport: 443targetPort: 443protocol: TCPexternalTrafficPolicy: Clusterselector:app.kubernetes.io/name: ingress-nginx
2、安装
2.1 mandatory安装和资源查看
2.1.1 安装mandatory
kubectl apply -f mandatory.yaml
或
kubectl create -f mandatory.yaml
2.1.2 查看资源
查看namespace:kubectl get namespace
查看pod:kubectl get pods -n ingress-nginx
2.2 service-nodeport安装和查看资源测试
2.2.1 安装service-nodeport
kubectl apply -f service-nodeport.yaml
或
kubectl create -f service-nodeport.yaml
2.2.2 查看资源
kubectl get svc -n ingress-nginx
3、测试验证
3.1 创建svc和deployment及查看资源
3.1.1 创建svc和deployment
kubectl create -f nginx.yaml
由于只是用来测试的,文件比较简单,nginx.yaml文件具体如下:
apiVersion: v1
kind: Service
metadata:name: nginxtest-svcnamespace: default
spec:selector:app: nginxtestenv: testports:- name: httpport: 80targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata: name: nginxtest-test
spec:replicas: 2selector: matchLabels:app: nginxtestenv: testtemplate:metadata:labels:app: nginxtestenv: testspec:containers:- name: nginxtestimage: 10.10.10.89:5000/nginx:1.15-alpine ports:- name: httpdcontainerPort: 80
ps:10.10.10.89:5000/nginx:1.15-alpine 此地址为私人仓库的地址,需要更改成自己的或者网上的。
3.1.2 查看资源测试联通性
查看deployment:kubectl get pods -o wide
测试联通性:curl 10.244.2.46
查看svc:kubectl get svc nginxtest-svc -o wide
测试联通性:curl 10.97.242.65
3.2 创建ingress规则和查看资源测试
3.2.1 创建ingress规则
kubectl create -f test-ingress-nginxtest.yaml
3.2.2 查看资源测试
查看ingress:kubectl get ingress -o wide
测试连通性:curl -H “Host: www.azrael.com” 10.99.239.176
4、网页验证
在同一局域网内的主机上测试:
windows在C:\Windows\System32\drivers\etc内增加:
10.10.10.90 www.azrael.com
linux在/etc/hosts内增加:
10.10.10.90 www.azrael.com
10.10.10.90为k8s节点ip
网页访问地址:http://www.azrael.com:31905/
出现如下界面则正常:
参考链接:参考链接1
k8s之ingress相关推荐
- k8s!Ingress服务
文章目录 一 ingress 1.1ingress 介绍 1.2 ingress 的优势 1.3 Ingress-nginx工作原理 二.实验 2.1 创建ns 2.2 创建deploy.servic ...
- 企业入门实战--k8s之Ingress加密、认证以及地址重写
企业入门实战--k8s之Ingress加密.认证以及地址重写 一.Ingress 加密 二.Ingress 认证 三.Ingress 地址重定向 一.Ingress 加密 加密访问80默认重定向443 ...
- k8s部署ingress:使用heptio-contour部署ingress controller(通过sealos安装,非nginx-ingress类型)
详解 代码 概览 [root@m-1 ingress]# tree . ├── deploy-svc.sh ├── deploy.yaml ├── example-ingress.yaml ├── i ...
- k8s的ingress使用
ingress 可以配置一个入口来提供k8s上service从外部来访问的url.负载平衡流量.终止SSL和提供基于名称的虚拟主机. 配置ingress的yaml: 要求域名解析无误 要求servic ...
- k8s 安装ingress nginx controller 并部署.net core ingress服务
192.168.28.132 k8smaster 192.168.28.133 k8snode1 192.168.28.134 k8snode2 192.168.28.135 k8snode3 192 ...
- k8s 配置 ingress
目录 报错 部署 测试 备份 报错 如果 K8S 集群没有部署 ingress,那么创建 ingress 时会报错 Default backend: default-http-backend:80 ( ...
- k8s nginx ingress原理解读
阅读本文需要以下知识为前提 了解k8s基本架构,k8s基本资源清单 用自己的k8s实验环境 首先了解ingress解决了什么问题 k8s内部项目暴露外部访问,只用一个固定端口,暴露多个服务.相对于:L ...
- k8s(九)ingress
k8s Ingress介绍 Http代理 Https代理 Ingress介绍 我们已经知道,Service对集群之外暴露服务的主要方式有两种:NodePort和LoadBalancer,但是这两种方式 ...
- k8s的ingress treafik部署使用
简介 Kubernetes集群搭建完后需要一个外部边缘网关,也就是ingress,因为不可能所有的服务都提过service的nodepod暴露,如果服务多了,后面集群的端口可能会不够用,而且也没有像n ...
最新文章
- u-boot启动过程
- Linux查看端口号是否使用
- 必看!Spark 进阶之路之「SparkSQL」入门概述 | 博文精选
- c#给定二维数组按升序排序_在数组中按升序对数字进行排序| 8086微处理器
- thinkphp5 memcached 安装、调用、链接
- html中%3csvg%3e标签的使用,微信小程序:使用svg
- 【Java】 大话数据结构(5) 线性表之双向链表
- 电线电缆行业MES解决方案
- 大数据导入Excel
- python端口绑定错误怎么解决,python的 port binding error 请问怎么解决
- 【Oracle】Oracle错误 ora-12514 检查以及解决方法
- 神奇代码岛BOX获500万美元天使轮融资 构建编程少年元宇宙
- 微信H5页面分享案例模版
- 单片机实验:矩阵式键盘输入识别
- java 建立临时文件夹
- 用户行为分析(如何用数据驱动增长)-读书笔记1
- 个人能力--认知能力
- python中表达式4**0.5的值为_int(4**0.5)
- 目标检测算法实战综述
- java版农业银行_农行网上支付平台_商户接口编程指南-java_edition-v103.pdf
热门文章
- 杰里之AC696 系列外插 MIC 做混响或扩音设计注意【篇】
- 索尼前CEO平井一夫宣布6月退休 卸任董事长并退出董事会
- java rsa 公钥格式_JAVA,NET RSA密钥格式转换
- 2019国网二批计算机类分数线,最新数据分析:2019国网第一批次公示名单这些学校最吃香!...
- 开拓者探地雷达BS-M
- Apache Shiro RememberMe 1.2.4 反序列化过程命令执行漏洞【原理扫描】
- 【muduo库】server端流程图
- 小米化!?凡客还有多少故事可讲?
- Threadx tx_thread_create创建线程
- 个人站——关于我页面设计