什么是Ingress
通俗的说,Ingress和Service、Deployment、StatefulSet、DaemonSet一样,是k8s的资源类型,主要用于实现用域名的方式访问k8s内部应用。【ingress-nginx(k8s官方维护的nginx实现的ingress)】
为什么不使用nodeport来发布服务呢?
- 当nodeport太多时,服务不方便管理
- nodeport当service太多时,性能会下降
因为这样,所以k8s引入了ingress的概念,在k8s内部实现一个7层或4层的代理,可以实现端口的代理或域名的发布
helm安装Ingress
1、添加官方ingress-nginx的helm仓库
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
2、搜索仓库中已有的ingress-nginx版本信息
#建议安装0.40.2以上的版本
helm search repo ingress-nginx
3、拉取ingress-nginx的包
# helm pull [repo名称/chart名称]
helm pull ingress-nginx/ingress-nginx
4、解压包,修改values.yaml配置文件
#修改镜像仓库地址为国内镜像仓库地址
image:
#repository: k8s.gcr.io/ingress-nginx/controller
repository: registry.cn-hangzhou.aliyuncs.com/creamk87/ingress-nginx-controller
tag: "v0.46.0"
# 注释掉hash值检查
# digest: sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a
# 使用hostNetwork模式,并且修改dns策略为ClusterFirstWithHostNet,指定某几台node专门跑ingress,并且使用DaemoSet来进行部署,添加nodeSelector
# Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
# By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
# to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
dnsPolicy: ClusterFirstWithHostNet
# Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
# Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
reportNodeInternalIp: false
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged
hostNetwork: true
......
## DaemonSet or Deployment
##
kind: DaemonSet
......
nodeSelector:
kubernetes.io/os: linux
ingress: "true"
......
# 根据生产环境机器配置修改资源需求【笔记本带不动,我这里就配的比较小】
resources:
# limits:
# cpu: 100m
# memory: 90Mi
requests:
cpu: 50m
memory: 40Mi
......
ports:
http: 80
https: 443
targetPorts:
http: http
https: https
# 如果环境是部署在公有云上,使用云服务提供的负载均衡,如果部署在本地机房,这里使用ClusterIP
# type: LoadBalancer
type: ClusterIP
......
admissionWebhooks:
annotations: {}
# 如果ingress的版本过低,enabled需要设置为false,低版本做证书检测有问题
enabled: true
failurePolicy: Fail
......
patch:
enabled: true
image:
# 修改镜像地址为国内地址
repository: registry.cn-hangzhou.aliyuncs.com/creamk87/kube-webhook-certgen
tag: v1.5.1
pullPolicy: IfNotPresent
5、使用命令安装ingress
# 创建对应的命名空间
kubectl create ns ingress-nginx
# 给对应的node打上标签,使上面配置的nodeSelector生效,在指定节点部署DaemonSet
kubectl label node master03. ingress=true
[root@master01 ingress-nginx]# helm install ingress-nginx -n ingress-nginx .
NAME: ingress-nginx
LAST DEPLOYED: Sat May 29 21:41:58 2021
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
Get the application URL by running these commands:
export POD_NAME=$(kubectl --namespace ingress-nginx get pods -o jsonpath="{.items[0].metadata.name}" -l "app=ingress-nginx,component=controller,release=ingress-nginx")
kubectl --namespace ingress-nginx port-forward $POD_NAME 8080:80
echo "Visit http://127.0.0.1:8080 to access your application."
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
[root@master01 ingress-nginx]#
如果出现上面的报错,可以使用describe查看一下pod的报错原因,我这里查看是因为镜像文件拉取不成功导致,解决方法参见后面第十五篇笔记
kubectl describe po ingress-nginx-controller-xdlwk -n ingress-nginx
#之前的报错信息
#Warning Failed 21s (x2 over 38s) kubelet Failed to pull image "registry.cn-beijing.aliyuncs.com/dotbalo/ingress-nginx/controller:v0.40.2": rpc error: code = Unknown desc = Error response from daemon: pull access denied for registry.cn-beijing.aliyuncs.com/dotbalo/ingress-nginx/controller, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
至此,ingress安装完成