kubernetes 的 ingress 配置部署
標籤(空格分隔): kubernetes系列
- 一:kubernetes 的 ingress
一:kubernetes 的 nginx ingress
1.1 ingress-nginx的部署
Ingress-Nginx github 地址:https://github.com/kubernetes/ingress-nginx
Ingress-Nginx 官方網站:https://kubernetes.github.io/ingress-nginx/
部署:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml
kubectl apply -f mandatory.yaml
kubectl apply -f service-nodeport.yaml
----
所有節點上傳ingress-contro.tar 文件
所有節點加載鏡像
docker load -i ingree.contro.tar
docker images
kubectl apply -f mandatory.yaml
kubectl get deploy -n ingress-nginx
kubectl get pod -n ingress-nginx 
如何使用國外機器打包鏡像已經下載
先部署docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce-18.09.9 docker-ce-cli-18.09.9 containerd.io -y
service docker start
----
docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
docker save -o ingrss.contro.tar quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
tar -zcvf ingrss.contro.tar.gz ingrss.contro.tar
然後 下載 ingrss.contro.tar.gz 即可
部署ingress-nginx的 svc
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml
kubectl apply -f service-nodeport.yaml
kubectl get svc -n ingress-nignx
1.2:Ingress HTTP 代理訪問
deployment、Service、Ingress Yaml 文件
---
vim svc-deploy.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-dm
spec:
replicas: 2
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: nginx
image: wangyanglinux/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx
---
使用ingress 發佈
vim nginx-ingress.yaml
----
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-test
spec:
rules:
- host: node01.flyfish
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
---
kubectl apply -f nginx-ingress.yaml
kubectl get svc -n ingress-nginx
實現一個虛擬主機
定義deploy1 與svc1
vim deployment1.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: deployment1
spec:
replicas: 2
template:
metadata:
labels:
name: nginx1
spec:
containers:
- name: nginx1
image: wangyanglinux/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-1
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx1
---
kubectl apply -f deployment1.yaml
定義deploy2 與svc2
vim deployment2.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: deployment2
spec:
replicas: 2
template:
metadata:
labels:
name: nginx2
spec:
containers:
- name: nginx2
image: wangyanglinux/myapp:v2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-2
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx2
---
kubectl apply -f deployment2.yaml
定義ingress的nginx 對外連接
vim ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress1
spec:
rules:
- host: www1.flyfish.com
http:
paths:
- path: /
backend:
serviceName: svc-1
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress2
spec:
rules:
- host: www2.flyfish.com
http:
paths:
- path: /
backend:
serviceName: svc-2
servicePort: 80
---
kubectl apply -f ingress.yaml
測試:
kubectl get svc
kubectl get svc -n ingress-nginx
1.3 Ingress HTTPS 代理訪問
創建證書,以及 cert 存儲方式
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt
deployment、Service、Ingress Yaml 文件
vim deployment3.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: deployment1
spec:
replicas: 2
template:
metadata:
labels:
name: nginx3
spec:
containers:
- name: nginx3
image: wangyanglinux/myapp:v3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-3
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx3
---
vim ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: https
spec:
tls:
- hosts:
- www3.flyfish.com
secretName: tls-secret
rules:
- host: www3.flyfish.com
http:
paths:
- path: /
backend:
serviceName: svc-3
servicePort: 80
---
kubectl apply -f deployment3.yaml
kubectl apply -f ingress.yaml
1.4 Nginx 進行 BasicAuth
yum -y install httpd
htpasswd -c auth foo
kubectl create secret generic basic-auth --from-file=auth
kubectl get secret
vim deployment4.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: deployment4
spec:
replicas: 2
template:
metadata:
labels:
name: nginx4
spec:
containers:
- name: nginx4
image: wangyanglinux/myapp:v4
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-4
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx4
---
vim basicauth.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
rules:
- host: auth.flyfish.com
http:
paths:
- path: /
backend:
serviceName: svc-4
servicePort: 80
---
kubectl apply -f deployment4.yaml
kubectl apply -f basicauth.yaml
kubectl get svc -n ingress-nginx
##1.5 Nginx 進行重寫
vim ingress-re.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-re
annotations:
nginx.ingress.kubernetes.io/rewrite-target: https://www3.flyfish.com:32500/hostname.html
spec:
rules:
- host: re.flyfish.com
http:
paths:
- path: /
backend:
serviceName: svc-2
servicePort: 80
---
kubectl apply -f ingress-re.yaml
kubectl get svc -n ingress-nginx 
