Kubernetes组件Ingress
官方地址:https://kubernetes.github.io/ingress-nginx/deploy/
简介
将原来需要修改Nginx配置,如:哪个域名对应的后端哪一个服务,现将其抽象化转化为一个Ingress类型,可以通过yaml创建,每次不需要修改nginx.conf配置文件,只需applf Ingress即可,会根据定义的rules自动写入nginx配置文件,可以添加HTTPS,以及访问控制,url转发等Nginx多项功能。
部署Ingress-Container
# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/provider/cloud-generic.yaml
# 修改yaml文件中的image地址
# 配置服务发现
#vim mandatory.yaml
apiVersion: v1
kind: Namespace
metadata:name: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:name: nginx-configurationnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: tcp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: udp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: v1
kind: ServiceAccount
metadata:name: nginx-ingress-serviceaccountnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:name: nginx-ingress-clusterrolelabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- endpoints- nodes- pods- secretsverbs:- list- watch- apiGroups:- ""resources:- nodesverbs:- get- apiGroups:- ""resources:- servicesverbs:- get- list- watch- apiGroups:- ""resources:- eventsverbs:- create- patch- apiGroups:- "extensions"- "networking.k8s.io"resources:- ingressesverbs:- get- list- watch- apiGroups:- "extensions"- "networking.k8s.io"resources:- ingresses/statusverbs:- update---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:name: nginx-ingress-rolenamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- pods- secrets- namespacesverbs:- get- apiGroups:- ""resources:- configmapsresourceNames:# Defaults to "<election-id>-<ingress-class>"# Here: "<ingress-controller-leader>-<nginx>"# This has to be adapted if you change either parameter# when launching the nginx-ingress-controller.- "ingress-controller-leader-nginx"verbs:- get- update- apiGroups:- ""resources:- configmapsverbs:- create- apiGroups:- ""resources:- endpointsverbs:- get---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:name: nginx-ingress-role-nisa-bindingnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: nginx-ingress-role
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:name: nginx-ingress-clusterrole-nisa-bindinglabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: nginx-ingress-clusterrole
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionsterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linuxcontainers:- name: nginx-ingress-controllerimage: ntp.weijiayu.club/rhel7/nginx-ingress-controller:latestargs:- /nginx-ingress-controller- --configmap=$(POD_NAMESPACE)/nginx-configuration- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services- --udp-services-configmap=$(POD_NAMESPACE)/udp-services- --publish-service=$(POD_NAMESPACE)/ingress-nginx- --annotations-prefix=nginx.ingress.kubernetes.iosecurityContext:allowPrivilegeEscalation: truecapabilities:drop:- ALLadd:- NET_BIND_SERVICE# www-data -> 33runAsUser: 33env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespaceports:- name: httpcontainerPort: 80protocol: TCP- name: httpscontainerPort: 443protocol: TCPlivenessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 10readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPperiodSeconds: 10successThreshold: 1timeoutSeconds: 10lifecycle:preStop:exec:command:- /wait-shutdown---apiVersion: v1
kind: LimitRange
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:limits:- default:min:memory: 90Micpu: 100mtype: Container
# vim service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:type: NodePortports:- name: httpport: 80targetPort: 80nodePort: 30080protocol: TCP- name: httpsport: 443targetPort: 443protocol: TCPnodePort: 30443selector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
# kubectl apply -f service-nodeport.yaml
部署Nginx的Deploment以及Service
部署多个实例方便查看结果
# vim nginx1-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: nginx1namespace: nginx1labels:app: nginx1
spec:replicas: 2selector:matchLabels:app: nginx1template:metadata:name: nginx1namespace: nginx1labels:app: nginx1spec:containers:- name: nginximage: ntp.weij.club/myapp/nginx:v1ports:- containerPort: 80
# vim nginx1-service.yaml
apiVersion: v1
kind: Service
metadata:name: nginx1namespace: nginx1labels:app: nginx
spec:type: NodePortselector:app: nginx1ports:- name: nginx1port: 80targetPort: 80
部署Ingress域名访问
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: nginx1-webnamespace: nginx1
spec:rules:- host: www1.test.comhttp:paths:- path: /backend:serviceName: nginx1servicePort: 80
验证:修改Client的hosts文件,浏览器访问www1.test.com:30080
部署Ingress-https访问
https证书认证访问,这里采用自己创建的证书
生成证书
# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
将证书添加到kubernetes资源中
# kubectl create secret tls tls-www1 --key tls.key --cert tls.crt
创建Ingress资源
# vim nginx1-ingress-https.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: nginx1namespace: nginx1
spec:tls:- hosts:- www1.test.comsecretName: tls-www1rules:- host: www1.test.comhttp:paths:- path: /backend:serviceName: nginx1servicePort: 80
浏览器访问:https://www1.test.com:30443
部署Ingress-BasicAuth认证
生成账号密码文件
需要htpasswd命令
# yum -y install httpd
# htpasswd -c auth wei
将test文件添加kubernetes资源中
# kubectl create secret generic basic-auth --from-file=auth
配置Ingress关联
# vim nginx2-ingress-passwd.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: nginx2namespace: nginx2annotations:nginx.ingress.kubernetes.io/auth-type: basicnginx.ingress.kubernetes.io/auth-secret: basic-authnginx.ingress.kubernetes.io/auth-realm: "Authentication Required - wei"
spec:rules:- host: www2.test.comhttp:paths:- path: /backend:serviceName: nginx2servicePort: 80
部署Ingress重定向
名称 | 描述 | 值 |
nginx.ingress.kubernetes.io/rewrite-target | 必须重定向流量的目标URL | 字符串 |
nginx.ingress.kubernetes.io/ssl-redirect | 指示位置部分是否仅可访问SSL包含时默认True | 布尔值 |
nginx.ingress.kubernetes.io/force-ssl-redirect | 即使Ingress未启用TLS,也强制重定向到HTTPS | 布尔值 |
nginx.ingress.kubernetes.io/app-root | 定义Countroller必须重定向的应用程序根 | 字符串 |
nginx.ingress.kubernetes.io/use-regex | 指示Ingress上定义的路径是否使用正则表达式 | 布尔值 |
# vim nginx3-ingress-url.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: nginx2namespace: nginx2annotations:nginx.ingress.kubernetes.io/rewrite-target: http://www3.test.com:30080/index.html
spec:rules:- host: www2.test.comhttp:paths:- path: /backend:serviceName: nginx2servicePort: 80
Kubernetes组件Ingress相关推荐
- Kubernetes Nginx Ingress教程
最近发现好多人问Ingress,同时一直也没去用Nginx的Ingress,索性捣鼓一把,发现跟原来确实有了点变化,在这里写篇文章记录一下 一.Ingress介绍 Kubernetes暴露服务的方式目 ...
- Kubernetes 使用 ingress 配置 https 集群(十五)
目录 一.背景 1.1 需求 1.2 Ingress 1.3 环境介绍 二.安装部署 2.1.创建后端 Pod 应用 2.2 创建后端 Pod Service 2.3.创建 ingress 资源 2. ...
- kubernetes的ingress:Ingress controller,traefik
文章目录 Ingress介绍 nginx ingress controller ingress URL Rewrite Basic Auth 灰度发布等各种发布方式 HTTPS CertManager ...
- kubernetes组件
kubernetes组件 @(马克飞象)[k8s] 组件 kubernetes除了必备的dns和网络组件外,官方推出大量的cluster-monitoring,dashboard,fluentd-el ...
- Kubernetes Nginx Ingress 安装与使用
2019独角兽企业重金招聘Python工程师标准>>> Kubernetes Nginx Ingress 安装与使用 博客分类: Kubernetes 目录 (Table of Co ...
- 干货分享:如何使用Kubernetes的Ingress API
导语 以Kubernetes的Kong为例,聊聊当前流行的开源且与云无关的Ingress控制器. 正文 您可以通过使用诸如Kong for Kubernetes的Ingress控制器(使用自定义资源定 ...
- Kubernetes 部署 Ingress 控制器 Traefik v1.7.4
标签: kubernetes ingress traefik nginx haproxy kong 介绍 Traefik Ingress 对象 上节课我们学习了在Kubernete ...
- 容器编排技术 -- Kubernetes 组件
容器编排技术 -- Kubernetes 组件 1 Master 组件 1.1 kube-apiserver 1.2 ETCD 1.3 kube-controller-manager 1.4 clou ...
- Kubernetes组件与架构
转载请标明出处: http://blog.csdn.net/forezp/article/details/82832980 本文出自方志朋的博客 个人博客纯净版:https://www.fangzhi ...
最新文章
- Job for docker.service failed because the control process exited with error code. See systemctl sta
- Debug时含有的子元素,在代码里获取不到的问题
- 浏览是不是计算机网络功能,什么是因特网——计算机网络是怎么为你服务的?...
- Python3访问纯真IP数据库的代码
- 用户管理界面开源代码_商城系统开源代码对于企业有利还是有弊?
- service不是内部或者外部命令
- SQL中及Access的空值
- 【信息安全111班暑期学习工作任务】
- 哈工大计算机学院历史,历史沿革
- canvas需要gpu_提高HTML5 canvas性能的几种方法(转)
- Golang快速入门
- Atitit 微信小程序的部署流程文档 目录 1.1. 设置https 参照 Atitit tomcat linux 常用命令	1 1.2. 增加证书 腾讯云和阿里云都可申请免费证书,但要一天
- SPSS AMOS常用统计软件及科研神器安装包资源【SPSS 006期】
- xp 极限编程_极限编程(XP)简介
- Windows中的工作组(Work Group)、域(Domain)、域控(DC)、活动目录(AD)介绍
- 软件测试人员必备的7种思维方式
- IDEA debug或启动报错:maven-resources-production:XXX:java.lang.NegativeArraySizeException
- DataV构建大屏(全屏)数据展示页面
- 静坐常思己过 闲谈莫论人非
- IDA pro与x64dbg地址对齐