k8s学习记录,Ingress及其安装(十四)

文章中资料参考来源2022 云原生Kubernetes全栈架构师

什么是Ingress

通俗的说,Ingress和Service、Deployment、StatefulSet、DaemonSet一样,是k8s的资源类型,主要用于实现用域名的方式访问k8s内部应用。【ingress-nginx(k8s官方维护的nginx实现的ingress)】

为什么不使用nodeport来发布服务呢?

  • 当nodeport太多时,服务不方便管理
  • nodeport当service太多时,性能会下降

因为这样,所以k8s引入了ingress的概念,在k8s内部实现一个7层或4层的代理,可以实现端口的代理或域名的发布

helm安装Ingress

1、添加官方ingress-nginx的helm仓库

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

2、搜索仓库中已有的ingress-nginx版本信息

#建议安装0.40.2以上的版本
helm search repo ingress-nginx

3、拉取ingress-nginx的包

#   helm pull [repo名称/chart名称]
helm pull ingress-nginx/ingress-nginx

4、解压包,修改values.yaml配置文件

#修改镜像仓库地址为国内镜像仓库地址
image:
    #repository: k8s.gcr.io/ingress-nginx/controller
    repository: registry.cn-hangzhou.aliyuncs.com/creamk87/ingress-nginx-controller
    tag: "v0.46.0"
# 注释掉hash值检查
    # digest: sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a

# 使用hostNetwork模式,并且修改dns策略为ClusterFirstWithHostNet,指定某几台node专门跑ingress,并且使用DaemoSet来进行部署,添加nodeSelector
  # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
  # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
  # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
  dnsPolicy: ClusterFirstWithHostNet

  # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
  # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
  reportNodeInternalIp: false

  # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
  # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
  # is merged
  hostNetwork: true
 
  ......
  
  ## DaemonSet or Deployment
  ##
  kind: DaemonSet
  
  ......

  nodeSelector:
    kubernetes.io/os: linux
    ingress: "true"

  ......
  
# 根据生产环境机器配置修改资源需求【笔记本带不动,我这里就配的比较小】
  resources:
  #  limits:
  #    cpu: 100m
  #    memory: 90Mi
    requests:
      cpu: 50m
      memory: 40Mi

  ......

    ports:
      http: 80
      https: 443

    targetPorts:
      http: http
      https: https
    # 如果环境是部署在公有云上,使用云服务提供的负载均衡,如果部署在本地机房,这里使用ClusterIP
    # type: LoadBalancer
    type: ClusterIP

  ......

  admissionWebhooks:
    annotations: {}
    # 如果ingress的版本过低,enabled需要设置为false,低版本做证书检测有问题
    enabled: true
    failurePolicy: Fail

  ......

  patch:
      enabled: true
      image:
        # 修改镜像地址为国内地址
        repository: registry.cn-hangzhou.aliyuncs.com/creamk87/kube-webhook-certgen
        tag: v1.5.1
        pullPolicy: IfNotPresent

5、使用命令安装ingress

# 创建对应的命名空间
kubectl create ns ingress-nginx

# 给对应的node打上标签,使上面配置的nodeSelector生效,在指定节点部署DaemonSet
kubectl label node master03. ingress=true

[root@master01 ingress-nginx]# helm install ingress-nginx -n ingress-nginx .
NAME: ingress-nginx
LAST DEPLOYED: Sat May 29 21:41:58 2021
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
Get the application URL by running these commands:
  export POD_NAME=$(kubectl --namespace ingress-nginx get pods -o jsonpath="{.items[0].metadata.name}" -l "app=ingress-nginx,component=controller,release=ingress-nginx")
  kubectl --namespace ingress-nginx port-forward $POD_NAME 8080:80
  echo "Visit http://127.0.0.1:8080 to access your application."

An example Ingress that makes use of the controller:

  apiVersion: networking.k8s.io/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
[root@master01 ingress-nginx]#

如果出现上面的报错,可以使用describe查看一下pod的报错原因,我这里查看是因为镜像文件拉取不成功导致,解决方法参见后面第十五篇笔记

kubectl  describe po ingress-nginx-controller-xdlwk -n ingress-nginx

#之前的报错信息
#Warning  Failed     21s (x2 over 38s)  kubelet            Failed to pull image "registry.cn-beijing.aliyuncs.com/dotbalo/ingress-nginx/controller:v0.40.2": rpc error: code = Unknown desc = Error response from daemon: pull access denied for registry.cn-beijing.aliyuncs.com/dotbalo/ingress-nginx/controller, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

至此,ingress安装完成

posted @ 2021-05-30 23:17  Hei蛋炒饭  阅读(901)  评论(0编辑  收藏  举报