马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?立即注册
x
一、安装NGINX Ingress Controller
1. 安装helm
- curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- helm repo add nginx-stable https://helm.nginx.com/stable
- helm repo update
- # 安装
- kubectl create namespace ingress-nginx
- helm install my-release nginx-stable/nginx-ingress --set enableSnippets=true --set controller.service.type=NodePort -n ingress-nginx
- # 查看组件状态
- [root@kube-controller-manager ~]# kubectl get all
- NAME READY STATUS RESTARTS AGE
- pod/my-release-nginx-ingress-controller-54f956cfd7-2lmtj 1/1 Running 0 17h
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d22h
- service/my-release-nginx-ingress-controller LoadBalancer 10.100.189.0 <pending> 80:31020/TCP,443:32145/TCP 17h
- NAME READY UP-TO-DATE AVAILABLE AGE
- deployment.apps/my-release-nginx-ingress-controller 1/1 1 1 17h
- NAME DESIRED CURRENT READY AGE
- replicaset.apps/my-release-nginx-ingress-controller-54f956cfd7 1 1 1 17h
经检查是Linux内核问题,我将内核升级到5.4解决问题
3. 暴露ingress-nginx服务
因为我这是在虚拟机上安装的,检查两个参数的设置
- type: NodePort
- externalTrafficPolicy: Cluster
第二个参数确定集群中的每个节点的IP都可以访问到ingress的控制器,如果为Local只能部署IC的Pod所在节点IP能访问
查看服务- [root@kube-controller-manager ~]# kubectl -n ingress-nginx get svc
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- my-release-nginx-ingress-controller NodePort 10.109.66.211 <none> 80:30080/TCP,443:30935/TCP 2d2h
二、Ingress的使用
这里展示如何使用ingress代理后端服务
1. 创建deploymet
kubectl create deployment kubernetes-bootcamp --image=jocatalin/kubernetes-bootcamp:v1
2. 为deployment创建服务
kubectl expose deployment/kubernetes-bootcamp --type="ClusterIP" --port 8080
3. 创建ingress
bootcamp_ingress.yaml- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: test-ingress
- spec:
- ingressClassName: nginx
- rules:
- - host: kube.local
- http:
- paths:
- - path: /v1/
- pathType: Prefix
- backend:
- service:
- name: kubernetes-bootcamp
- port:
- number: 8080
kubectl applay -f bootcamp_ingress.yaml
创建域名映射
在客户端的hosts中添加
192.168.1.190 kube.local
4. 测试后端服务是否代理成功
在浏览器中访问 http://kube.local:30080/v1/
5. 启用https
- umask 077;openssl genrsa -out kube.local.key
- openssl req -new -x509 -key kube.local.key -out kube.local.crt -subj /C=CN/ST=Hunan/L=Changsha/O=IT/CN=kube.loca
- 将证书写进secret
kubectl create secret tls kube-local-ingress-secret --cert=kube.local.crt --key=kube.local.key
- 修改ingress资源
添加tls的配置
- spec:
- ingressClassName: nginx
- rules:
- - host: kube.local
- http:
- paths:
- - backend:
- service:
- name: kubernetes-bootcamp
- port:
- number: 8080
- path: /v1/
- pathType: Prefix
- tls:
- - hosts:
- - kube.local
- secretName: kube-local-ingress-secret
6. 如何去掉域名后的端口
现在的域名kube.local:30080,不是默认的80端口号,是因为Kubernetes 的默认Node Port范围是30000-32767
我们将它改成80-32767
修改文件/etc/kubernetes/manifests/kube-apiserver.yaml
在 --service-cluster-ip-range下添加一行- - --service-cluster-ip-range=10.96.0.0/12
- - --service-node-port-range=80-3276
- kubectl -n ingress-nginx edit svc my-release-nginx-ingress-controller
- ports:
- - name: http
- nodePort: 80
- port: 80
- protocol: TCP
- targetPort: 80
- - name: https
- nodePort: 443
- port: 443
- protocol: TCP
- targetPort: 443
|
