K8s-day7-Ingress介绍+重定向语法案例

文章目录

• Ingress 介绍及案例
• • 一、ingress种类
  • 二、配置安装Ingress
  • • 1.安装Ingress
    • 2.测试http
  • 三、案例
  • • 1.配置清单wordpress
    • • 1）编写配置清单
      • 2）测试部署https
    • 2.配置清单wordpress-nginx
    • • 1）编写配置清单
      • 2）测试部署https
    • 3.nginx ingress常用语法
    • • 1）域名重定向（不能重定向 / ）
      • 2）设置ingress白名单
      • 3）域名重定向
      • 4）使用正则的方式匹配（支持的正则比较少）
      • 5）nginx登录
    • 4.设置nginx常用用法的时候

Ingress 介绍及案例

一、ingress种类

• ingress主要是为服务提供外网入口

• 种类：

  • Nginx Ingress
  • treafik
  • 服务网格：istio

二、配置安装Ingress

1.安装Ingress

# 下载Ingress Nginx配置清单
[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml

# 修改镜像
[root@k8s-master1 ~]# sed -i 's#k8s.gcr.io/ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a#registry.cn-hangzhou.aliyuncs.com/k8sos/ingress-controller:v0.44.0#g' deploy.yaml

# 开始部署
[root@k8s-master1 ~]# kubectl apply -f deploy.yaml

# 检查
[root@k8s-master1 ~]# kubectl get pods -n ingress-nginx 
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-g9brk        0/1     Completed   0          3d22h
ingress-nginx-admission-patch-tzlgf         0/1     Completed   0          3d22h
ingress-nginx-controller-8494fd5b55-wpf9g   1/1     Running     0          3d22h

2.测试http

• 部署服务（Deployment + Service）
• 编写ingress配置清单（见下文）
• 命名空间、域名不同，需重新部署证书

三、案例

1.配置清单wordpress

1）编写配置清单

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: wordpress
  namespace: wordpress
spec:
  rules:
    - host: www.wordpress.local
      http:
        paths:
          - path: /
            backend:
              serviceName: wordpress
              servicePort: 80

2）测试部署https

1、创建证书
[root@k8s-master1 ~]# openssl genrsa -out tls.key 2048
[root@k8s-master1 ~]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.wordpress.local

2、部署证书
[root@k8s-master1 ~]# kubectl -n wordpress create secret tls ingress-tls --cert=tls.crt --key=tls.key

3、编写ingress配置清单(见下文)

4、部署并测试
[root@k8s-master1 ~]# curl -k https://www.wordpress.local:44490/

2.配置清单wordpress-nginx

1）编写配置清单

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: ingress-ingress-nginx-tls
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
    - hosts: 
        - www.test-nginx.com
      secretName: ingress-tls
  rules:
    - host: www.test-nginx.com
      http:
        paths:
          - path: /
            backend:
              serviceName: wordpress-nginx
              servicePort: 80

2）测试部署https

1、创建证书
[root@k8s-master1 ~]# openssl genrsa -out tls.key 2048
[root@k8s-master1 ~]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.test-nginx.com

2、部署证书
[root@k8s-master1 ~]# kubectl -n default create secret tls ingress-tls --cert=tls.crt --key=tls.key

3、编写ingress配置清单(见下文)

4、部署并测试
[root@k8s-master1 ~]# curl -k https://www.test-nginx.com:44350/

3.nginx ingress常用语法

• k8s官网参考

  https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#service-upstream
  

1）域名重定向（不能重定向 / ）

• 重定向到：nginx.ingress.kubernetes.io/rewrite-target

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-ingress-nginx-tls
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=nginx
spec:
  rules:
    - host: www.test-nginx.com
      http:
        paths:
          - path: /
            backend:
              serviceName: wordpress-nginx
              servicePort: 80

2）设置ingress白名单

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-ingress-nginx-tls
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.15.53,192.168.15.52
spec:
  rules:
    - host: www.test-nginx.com
      http:
        paths:
          - path: /
            backend:
              serviceName: wordpress-nginx
              servicePort: 80

3）域名重定向

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-ingress-nginx-tls
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/permanent-redirect: https://www.baidu.com
spec:
  rules:
    - host: www.test-nginx.com
      http:
        paths:
          - path: /
            backend:
              serviceName: wordpress-nginx
              servicePort: 80

4）使用正则的方式匹配（支持的正则比较少）

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-ingress-nginx-tls
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=$1
spec:
  rules:
    - host: www.test-nginx.com
      http:
        paths:
          - path: /search/(.+)
            backend:
              serviceName: wordpress-nginx
              servicePort: 80

5）nginx登录

• https://kubernetes.github.io/ingress-nginx/examples/auth/basic/

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-ingress-nginx-tls
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
    - host: www.test-nginx.com
      http:
        paths:
          - path: /
            backend:
              serviceName: wordpress-nginx
              servicePort: 80

4.设置nginx常用用法的时候

• 有两种方式：
  • 注解：当前ingress生效
  • configMap：全局ingress生效