Nginx-ingress部署及使用
生活随笔
收集整理的這篇文章主要介紹了
Nginx-ingress部署及使用
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
目錄
- 一 手動部署-官網版
- 1.1 獲取資源
- 1.2 安裝RBAC
- 1.3 安裝基礎資源
- 1.4 安裝ingress controllers
- 1.5 創建ingress controllers service
- 二 手動部署-github社區版(推薦)
- 2.1 獲取資源
- 2.2 創建default backend
- 2.3 確認驗證
- 三 ingress使用
- 3.1 創建demo環境
- 3.2 創建ingress策略
- 3.3 確認驗證
- 四 ingress https使用
- 4.1 創建證書
- 4.2 創建secret
- 4.3 創建TLS ingress策略
- 4.4 確認驗證
一 手動部署-官網版
1.1 獲取資源
1 [root@master01 ~]# mkdir ingress2 [root@master01 ~]# cd ingress/3 [root@master01 ingress]# git clone https://github.com/nginxinc/kubernetes-ingress/4 [root@master01 ingress]# cd kubernetes-ingress/deployments5 [root@master01 ingress]# git checkout v1.7.0?
1.2 安裝RBAC
1 [root@master01 deployments]# kubectl apply -f common/ns-and-sa.yaml #部署namespace及ServiceAccount2 [root@master01 deployments]# kubectl apply -f rbac/rbac.yaml #部署RBAC角色及權限等?
1.3 安裝基礎資源
1 [root@master01 deployments]# kubectl apply -f common/default-server-secret.yaml說明:
創建TLS證書和NGINX中默認服務器的secret。默認服務器返回Not Found頁面,其中包含404狀態代碼,用于未定義的所有訪問規則請求的返回值。默認包含了一個自簽名的證書和生成的密鑰。
1 [root@master01 deployments]# kubectl apply -f common/nginx-config.yaml2 [root@master01 deployments]# kubectl apply -f common/vs-definition.yaml3 [root@master01 deployments]# kubectl apply -f common/vsr-definition.yaml4 [root@master01 deployments]# kubectl apply -f common/ts-definition.yaml #創建虛擬主機5 [root@master01 deployments]# kubectl apply -f common/gc-definition.yaml6 [root@master01 deployments]# kubectl apply -f common/global-configuration.yaml?
1.4 安裝ingress controllers
1 [root@master01 deployments]# vi daemon-set/nginx-ingress.yaml 1 ……2 - -global-configuration=$(POD_NAMESPACE)/nginx-configuration3 …… 1 [root@master01 deployments]# kubectl apply -f daemon-set/nginx-ingress.yaml2 [root@master01 deployments]# kubectl get pods --namespace=nginx-ingress3 NAME READY STATUS RESTARTS AGE4 5 nginx-ingress-cqv2m 1/1 Running 0 43s6 nginx-ingress-fpmbv 1/1 Running 0 43s7 nginx-ingress-kdl9p 1/1 Running 0 43s8 nginx-ingress-lggw9 1/1 Running 0 43s9 nginx-ingress-lnw28 1/1 Running 0 43s10 nginx-ingress-z8rn8 1/1 Running 0 43s1.5 創建ingress controllers service
[root@master01 deployments]# vi service/nodeport.yaml
1 apiVersion: v12 kind: Service3 metadata:4 name: nginx-ingress5 namespace: nginx-ingress6 spec:7 type: NodePort8 ports:9 - port: 8010 targetPort: 8011 protocol: TCP12 name: http13 nodePort: 3001114 - port: 44315 targetPort: 44316 protocol: TCP17 name: https18 nodePort: 3001219 selector:20 app: nginx-ingress 1 [root@master01 deployments]# kubectl create -f service/nodeport.yaml2 [root@master01 deployments]# kubectl get svc nginx-ingress --namespace=nginx-ingress3 [root@master01 deployments]# kubectl describe svc nginx-ingress --namespace=nginx-ingress參考文檔:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/。
二 手動部署-github社區版(推薦)
2.1 獲取資源
1 [root@master01 ~]# mkdir ingress2 [root@master01 ~]# cd ingress/3 [root@master01 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml4 [root@master01 ingress]# vi deploy.yaml 1 ……2 apiVersion: apps/v13 kind: Deployment4 ……5 spec:6 replicas: 37 ……8 - --default-backend-service=$(POD_NAMESPACE)/default-http-backend9 ……10 apiVersion: v111 kind: Service12 ……13 name: ingress-nginx-controller14 ……15 spec:16 type: NodePort17 externalTrafficPolicy: Local18 ports:19 - name: http20 port: 8021 protocol: TCP22 targetPort: http23 nodePort: 8024 - name: https25 port: 44326 protocol: TCP27 targetPort: https28 nodePort: 44329 ……[root@master01 ingress]# kubectl create -f deploy.yaml
提示:添加默認backend需要等待default-backend創建完成controllers才能成功部署。
2.2 創建default backend
[root@master01 ingress]# vi default-backend.yaml
1 ---2 apiVersion: apps/v13 kind: Deployment4 metadata:5 name: default-http-backend6 labels:7 app.kubernetes.io/name: default-http-backend8 app.kubernetes.io/part-of: ingress-nginx9 namespace: ingress-nginx10 spec:11 replicas: 112 selector:13 matchLabels:14 app.kubernetes.io/name: default-http-backend15 app.kubernetes.io/part-of: ingress-nginx16 template:17 metadata:18 labels:19 app.kubernetes.io/name: default-http-backend20 app.kubernetes.io/part-of: ingress-nginx21 spec:22 terminationGracePeriodSeconds: 6023 containers:24 - name: default-http-backend25 # Any image is permissible as long as:26 # 1. It serves a 404 page at /27 # 2. It serves 200 on a /healthz endpoint28 image: k8s.gcr.io/defaultbackend-amd64:1.529 livenessProbe:30 httpGet:31 path: /healthz32 port: 808033 scheme: HTTP34 initialDelaySeconds: 3035 timeoutSeconds: 536 ports:37 - containerPort: 808038 resources:39 limits:40 cpu: 10m41 memory: 20Mi42 requests:43 cpu: 10m44 memory: 20Mi45 46 ---47 apiVersion: v148 kind: Service49 metadata:50 name: default-http-backend51 namespace: ingress-nginx52 labels:53 app.kubernetes.io/name: default-http-backend54 app.kubernetes.io/part-of: ingress-nginx55 spec:56 ports:57 - port: 8058 targetPort: 808059 selector:60 app.kubernetes.io/name: default-http-backend61 app.kubernetes.io/part-of: ingress-nginx62 --- 1 [root@master01 ingress]# kubectl create -f default-backend.yaml2.3 確認驗證
1 [root@master01 ingress]# kubectl get pods -n ingress-nginx2 [root@master01 ingress]# kubectl get svc -n ingress-nginx參考文檔:https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md
三 ingress使用
3.1 創建demo環境
1 [root@master01 ingress]# vi deploy-demo01.yaml #創建第一個用于測試的svc和pod 1 apiVersion: v12 kind: Service3 metadata:4 name: mydemo01svc5 namespace: default6 spec:7 selector:8 app: mydemo019 ports:10 - name: http11 port: 8012 targetPort: 8013 ---14 apiVersion: apps/v115 kind: Deployment16 metadata:17 name: mydemo01pod18 spec:19 replicas: 320 selector:21 matchLabels:22 app: mydemo0123 template:24 metadata:25 labels:26 app: mydemo0127 spec:28 containers:29 - name: myapp30 image: ikubernetes/myapp:v231 ports:32 - name: httpd33 containerPort: 80 1 [root@master01 ingress]# echo '<h1>Hello world!</h1>' > index.html #創建Tomcat測試頁面2 [root@master01 ingress]# scp index.html root@worker01:/etc/kubernetes/3 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/4 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/5 [root@master01 ingress]# vi deploy-demo02.yaml #創建第二個用于測試的svc和pod 1 apiVersion: v12 kind: Service3 metadata:4 name: mydemo02svc5 namespace: default6 spec:7 selector:8 app: mydemo029 ports:10 - name: httpd11 port: 808012 targetPort: 808013 14 ---15 apiVersion: apps/v116 kind: Deployment17 metadata:18 name: mydemo02pod19 spec:20 replicas: 321 selector:22 matchLabels:23 app: mydemo0224 template:25 metadata:26 labels:27 app: mydemo0228 spec:29 containers:30 - name: mytomcat31 image: tomcat:932 ports:33 - name: httpd34 containerPort: 808035 volumeMounts:36 - mountPath: "/usr/local/tomcat/webapps/ROOT/index.html"37 name: sample-volume38 readOnly: true39 volumes:40 - name: sample-volume41 hostPath:42 type: File43 path: /etc/kubernetes/index.html 1 [root@master01 ingress]# kubectl apply -f deploy-demo01.yaml2 [root@master01 ingress]# kubectl apply -f deploy-demo02.yaml3 [root@master01 ingress]# kubectl get pods -o wide4 [root@master01 ingress]# kubectl get svc -o wide3.2 創建ingress策略
1 [root@master01 ingress]# vi deploy-demo-ingress-http.yaml 1 apiVersion: networking.k8s.io/v1beta12 kind: Ingress3 metadata:4 name: ingress-mydemo5 namespace: default6 annotations:7 kubernetes.io/ingress.class: "nginx"8 spec:9 rules:10 - host: demo01.odocker.com11 http:12 paths:13 - path:14 backend:15 serviceName: mydemo01svc16 servicePort: 8017 - host: demo02.linuxsb.com18 http:19 paths:20 - path:21 backend:22 serviceName: mydemo02svc23 servicePort: 8080 1 [root@master01 ingress]# kubectl apply -f deploy-demo-ingress-http.yaml2 [root@master01 ingress]# kubectl get pods -o wide3 [root@master01 ingress]# kubectl get svc -o wide4 [root@master01 ingress]# kubectl get ingress -o wide3.3 確認驗證
添加demo01.odocker.com和demo02.odocker.com的解析。分別訪問兩個地址:
參考:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
四 ingress https使用
4.1 創建證書
使用自簽名證書,證書創建參考《附008.Kubernetes TLS證書介紹及創建》。
4.2 創建secret
1 [root@master01 ingress]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo02.key -out demo02.crt -subj "/CN=demo02.odocker.com"2 [root@master01 ingress]# kubectl create secret generic demo02-tls --from-file=demo02.crt --from-file=demo02.key -n default3 [root@master01 ingress]# kubectl get secret demo02-tls 4 NAME TYPE DATA AGE5 6 demo02-tls Opaque 2 27s4.3 創建TLS ingress策略
[root@master01 ingress]# vi deploy-demo-ingress-https.yaml
1 apiVersion: networking.k8s.io/v1beta12 kind: Ingress3 metadata:4 name: ingress-mydemo02-https5 namespace: default6 annotations:7 kubernets.io/ingress.class: "nginx"8 spec:9 tls:10 - hosts:11 - demo02.odocker.com12 secretName: demo02-tls13 rules:14 - host: demo02.odocker.com15 http:16 paths:17 - path:18 backend:19 serviceName: mydemo02svc20 servicePort: 8080[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-https.yaml
4.4 確認驗證
瀏覽器訪問:https://demo02.odocker.com/。
總結
以上是生活随笔為你收集整理的Nginx-ingress部署及使用的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: ASP.NET MVC 上传图片到项目目
- 下一篇: linux下使用c++17编译files