Nginx-ingress部署及使用

一手动部署-官网版
- 1.1 获取资源
- 1.2 安装RBAC
- 1.3 安装基础资源
- 1.4 安装ingress controllers
- 1.5 创建ingress controllers service
二手动部署-github社区版(推荐）
- 2.1 获取资源
- 2.2 创建default backend
2.3 确认验证
三 ingress使用
- 3.1 创建demo环境
- 3.2 创建ingress策略
- 3.3 确认验证
四 ingress https使用
4.1 创建证书
- 4.2 创建secret
- 4.3 创建TLS ingress策略
- 4.4 确认验证

一手动部署-官网版

1.1 获取资源

  1 [root@master01 ~]# mkdir ingress2 [root@master01 ~]# cd ingress/3 [root@master01 ingress]# git clone https://github.com/nginxinc/kubernetes-ingress/4 [root@master01 ingress]# cd kubernetes-ingress/deployments5 [root@master01 ingress]# git checkout v1.7.0

1.2 安装RBAC

  1 [root@master01 deployments]# kubectl apply -f common/ns-and-sa.yaml #部署namespace及ServiceAccount2 [root@master01 deployments]# kubectl apply -f rbac/rbac.yaml #部署RBAC角色及权限等

1.3 安装基础资源

  1 [root@master01 deployments]# kubectl apply -f common/default-server-secret.yaml

说明：

创建TLS证书和NGINX中默认服务器的secret。默认服务器返回Not Found页面，其中包含404状态代码，用于未定义的所有访问规则请求的返回值。默认包含了一个自签名的证书和生成的密钥。

  1 [root@master01 deployments]# kubectl apply -f common/nginx-config.yaml2 [root@master01 deployments]# kubectl apply -f common/vs-definition.yaml3 [root@master01 deployments]# kubectl apply -f common/vsr-definition.yaml4 [root@master01 deployments]# kubectl apply -f common/ts-definition.yaml #创建虚拟主机5 [root@master01 deployments]# kubectl apply -f common/gc-definition.yaml6 [root@master01 deployments]# kubectl apply -f common/global-configuration.yaml

1.4 安装ingress controllers

  1 [root@master01 deployments]# vi daemon-set/nginx-ingress.yaml

  1 ……2           - -global-configuration=$(POD_NAMESPACE)/nginx-configuration3 ……

  1 [root@master01 deployments]# kubectl apply -f daemon-set/nginx-ingress.yaml2 [root@master01 deployments]# kubectl get pods --namespace=nginx-ingress3 NAME READY STATUS RESTARTS AGE4 5 nginx-ingress-cqv2m 1/1 Running 0 43s6 nginx-ingress-fpmbv 1/1 Running 0 43s7 nginx-ingress-kdl9p 1/1 Running 0 43s8 nginx-ingress-lggw9 1/1 Running 0 43s9 nginx-ingress-lnw28 1/1 Running 0 43s10 nginx-ingress-z8rn8 1/1 Running 0 43s

1.5 创建ingress controllers service

[root@master01 deployments]# vi service/nodeport.yaml

复制代码

  1 apiVersion: v12 kind: Service3 metadata:4   name: nginx-ingress5   namespace: nginx-ingress6 spec:7   type: NodePort8   ports:9   - port: 8010     targetPort: 8011     protocol: TCP12     name: http13     nodePort: 3001114   - port: 44315     targetPort: 44316     protocol: TCP17     name: https18     nodePort: 3001219   selector:20     app: nginx-ingress

  1 [root@master01 deployments]# kubectl create -f service/nodeport.yaml2 [root@master01 deployments]# kubectl get svc nginx-ingress --namespace=nginx-ingress3 [root@master01 deployments]# kubectl describe svc nginx-ingress --namespace=nginx-ingress

clipboard

参考文档：https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/。

二手动部署-github社区版(推荐）

2.1 获取资源

  1 [root@master01 ~]# mkdir ingress2 [root@master01 ~]# cd ingress/3 [root@master01 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml4 [root@master01 ingress]# vi deploy.yaml

  1 ……2 apiVersion: apps/v13 kind: Deployment4 ……5 spec:6   replicas: 37 ……8             - --default-backend-service=$(POD_NAMESPACE)/default-http-backend9 ……10 apiVersion: v111 kind: Service12 ……13   name: ingress-nginx-controller14 ……15 spec:16   type: NodePort17   externalTrafficPolicy: Local18   ports:19     - name: http20       port: 8021       protocol: TCP22       targetPort: http23       nodePort: 8024     - name: https25       port: 44326       protocol: TCP27       targetPort: https28       nodePort: 44329 ……

[root@master01 ingress]# kubectl create -f deploy.yaml

提示：添加默认backend需要等待default-backend创建完成controllers才能成功部署。

2.2 创建default backend

[root@master01 ingress]# vi default-backend.yaml

  1 ---2 apiVersion: apps/v13 kind: Deployment4 metadata:5   name: default-http-backend6   labels:7     app.kubernetes.io/name: default-http-backend8     app.kubernetes.io/part-of: ingress-nginx9   namespace: ingress-nginx10 spec:11   replicas: 112   selector:13     matchLabels:14       app.kubernetes.io/name: default-http-backend15       app.kubernetes.io/part-of: ingress-nginx16   template:17     metadata:18       labels:19         app.kubernetes.io/name: default-http-backend20         app.kubernetes.io/part-of: ingress-nginx21     spec:22       terminationGracePeriodSeconds: 6023       containers:24         - name: default-http-backend25           # Any image is permissible as long as:26           # 1. It serves a 404 page at /27           # 2. It serves 200 on a /healthz endpoint28           image: k8s.gcr.io/defaultbackend-amd64:1.529           livenessProbe:30             httpGet:31               path: /healthz32               port: 808033               scheme: HTTP34             initialDelaySeconds: 3035             timeoutSeconds: 536           ports:37             - containerPort: 808038           resources:39             limits:40               cpu: 10m41               memory: 20Mi42             requests:43               cpu: 10m44               memory: 20Mi45 46 ---47 apiVersion: v148 kind: Service49 metadata:50   name: default-http-backend51   namespace: ingress-nginx52   labels:53     app.kubernetes.io/name: default-http-backend54     app.kubernetes.io/part-of: ingress-nginx55 spec:56   ports:57     - port: 8058       targetPort: 808059   selector:60     app.kubernetes.io/name: default-http-backend61     app.kubernetes.io/part-of: ingress-nginx62 ---

  1 [root@master01 ingress]# kubectl create -f default-backend.yaml

2.3 确认验证

  1 [root@master01 ingress]# kubectl get pods -n ingress-nginx2 [root@master01 ingress]# kubectl get svc -n ingress-nginx

clipboard

参考文档：https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md

三 ingress使用

3.1 创建demo环境

  1 [root@master01 ingress]# vi deploy-demo01.yaml #创建第一个用于测试的svc和pod

  1 apiVersion: v12 kind: Service3 metadata:4   name: mydemo01svc5   namespace: default6 spec:7   selector:8     app: mydemo019   ports:10   - name: http11     port: 8012     targetPort: 8013 ---14 apiVersion: apps/v115 kind: Deployment16 metadata:17   name: mydemo01pod18 spec:19   replicas: 320   selector:21     matchLabels:22       app: mydemo0123   template:24     metadata:25       labels:26         app: mydemo0127     spec:28       containers:29       - name: myapp30         image: ikubernetes/myapp:v231         ports:32         - name: httpd33           containerPort: 80

  1 [root@master01 ingress]# echo '<h1>Hello world!</h1>' > index.html #创建Tomcat测试页面2 [root@master01 ingress]# scp index.html root@worker01:/etc/kubernetes/3 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/4 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/5 [root@master01 ingress]# vi deploy-demo02.yaml #创建第二个用于测试的svc和pod

  1 apiVersion: v12 kind: Service3 metadata:4   name: mydemo02svc5   namespace: default6 spec:7   selector:8     app: mydemo029   ports:10   - name: httpd11     port: 808012     targetPort: 808013 14 ---15 apiVersion: apps/v116 kind: Deployment17 metadata:18   name: mydemo02pod19 spec:20   replicas: 321   selector:22     matchLabels:23       app: mydemo0224   template:25     metadata:26       labels:27         app: mydemo0228     spec:29       containers:30       - name: mytomcat31         image: tomcat:932         ports:33         - name: httpd34           containerPort: 808035         volumeMounts:36         - mountPath: "/usr/local/tomcat/webapps/ROOT/index.html"37           name: sample-volume38           readOnly: true39       volumes:40       - name: sample-volume41         hostPath:42           type: File43           path: /etc/kubernetes/index.html

  1 [root@master01 ingress]# kubectl apply -f deploy-demo01.yaml2 [root@master01 ingress]# kubectl apply -f deploy-demo02.yaml3 [root@master01 ingress]# kubectl get pods -o wide4 [root@master01 ingress]# kubectl get svc -o wide

clipboard

3.2 创建ingress策略

  1 [root@master01 ingress]# vi deploy-demo-ingress-http.yaml

  1 apiVersion: networking.k8s.io/v1beta12 kind: Ingress3 metadata:4   name: ingress-mydemo5   namespace: default6   annotations:7     kubernetes.io/ingress.class: "nginx"8 spec:9   rules:10   - host: demo01.odocker.com11     http:12       paths:13       - path:14         backend:15           serviceName: mydemo01svc16           servicePort: 8017   - host: demo02.linuxsb.com18     http:19       paths:20       - path:21         backend:22           serviceName: mydemo02svc23           servicePort: 8080

  1 [root@master01 ingress]# kubectl apply -f deploy-demo-ingress-http.yaml2 [root@master01 ingress]# kubectl get pods -o wide3 [root@master01 ingress]# kubectl get svc -o wide4 [root@master01 ingress]# kubectl get ingress -o wide

clipboard

3.3 确认验证

添加demo01.odocker.com和demo02.odocker.com的解析。分别访问两个地址：

clipboard

参考：https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/

四 ingress https使用

4.1 创建证书

使用自签名证书，证书创建参考《附008.Kubernetes TLS证书介绍及创建》。

4.2 创建secret

  1 [root@master01 ingress]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo02.key -out demo02.crt -subj "/CN=demo02.odocker.com"2 [root@master01 ingress]# kubectl create secret generic demo02-tls --from-file=demo02.crt --from-file=demo02.key -n default3 [root@master01 ingress]# kubectl get secret demo02-tls 4 NAME TYPE DATA AGE5 6 demo02-tls Opaque 2 27s

4.3 创建TLS ingress策略

[root@master01 ingress]# vi deploy-demo-ingress-https.yaml

  1 apiVersion: networking.k8s.io/v1beta12 kind: Ingress3 metadata:4   name: ingress-mydemo02-https5   namespace: default6   annotations:7     kubernets.io/ingress.class: "nginx"8 spec:9   tls:10   - hosts:11     - demo02.odocker.com12     secretName: demo02-tls13   rules:14   - host: demo02.odocker.com15     http:16       paths:17       - path:18         backend:19           serviceName: mydemo02svc20           servicePort: 8080

[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-https.yaml