k8s1.25.3 安装ingress
https://kubernetes.github.io/ingress-nginx/deploy/
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/baremetal/deploy.yaml
查看文件需要的镜像文件.[root@k8s-master01 ingress]# cat deploy.yaml | grep image
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629
imagePullPolicy: IfNotPresent
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
imagePullPolicy: IfNotPresent
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
imagePullPolicy: IfNotPresent
更换国内从源,先用docker测试是否能拉取.
docker pull registry.aliyuncs.com/google_containers/nginx-ingress-controller:v1.5.1
v1.5.1: Pulling from google_containers/nginx-ingress-controller
docker pull registry.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343
v20220916-gd32f8c343: Pulling from google_containers/kube-webhook-certgen
1cd0595314a5: Pull complete
12fc225329e5: Pull complete
修改deploy文件:
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.aliyuncs.com/google_containers/nginx-ingress-controller:v1.5.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
image: registry.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343
imagePullPolicy: IfNotPresent
name: create
securityContext:
image: registry.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343
imagePullPolicy: IfNotPresent
name: patch
securityContext:
[root@k8s-master01 ingress]# kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
其实这里在刚执行apply之后会有一个ingress-nginx-admission-patch的pod一直CrashbackOff,但是再等一会这个pod就自动删除了,不知道原因也没有去纠结这个点。
[root@k8s-master01 ingress]# kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-7wxp9 0/1 Completed 0 64m
pod/ingress-nginx-admission-patch-mcqwb 0/1 Completed 0 64m
pod/ingress-nginx-controller-55b5c578d7-x2v9z 1/1 Running 0 64m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.105.197.236 <none> 80:30085/TCP,443:30087/TCP 64m
service/ingress-nginx-controller-admission ClusterIP 10.109.108.167 <none> 443/TCP 64m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 64m
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-55b5c578d7 1 1 1 64m
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 10s 64m
job.batch/ingress-nginx-admission-patch 1/1 10s 64m
2. 部署应用测试
kubectl create ns test-ns
创建httpd服务及其service与之关联
[root@k8s-master01 ingress]# vim httpd.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: web01
namespace: test-ns
spec:
replicas: 3
selector:
matchLabels:
app: httpd01
template:
metadata:
labels:
app: httpd01
spec:
containers:
- name: httpd
image: httpd:latest
---
apiVersion: v1
kind: Service
metadata:
name: httpd-svc
namespace: test-ns
spec:
selector:
app: httpd01
ports:
- protocol: TCP
port: 80
targetPort: 80
创建tomcat服务及service
[root@k8s-master01 ingress]# vim tomcat.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: web02
namespace: test-ns
spec:
replicas: 3
selector:
matchLabels:
app: tomcat01
template:
metadata:
labels:
app: tomcat01
spec:
containers:
- name: tomcat
image: tomcat:8.5.45
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: test-ns
spec:
selector:
app: tomcat01
ports:
- protocol: TCP
port: 8080
targetPort: 8080
[root@k8s-master01 ingress]# kubectl get all -n test-ns
NAME READY STATUS RESTARTS AGE
pod/web01-78bb8c9f79-29vwc 1/1 Running 0 5m32s
pod/web01-78bb8c9f79-4pwdk 1/1 Running 0 5m32s
pod/web01-78bb8c9f79-rhhd9 1/1 Running 0 5m32s
pod/web02-644bcf7964-9zrwd 1/1 Running 0 5m25s
pod/web02-644bcf7964-fzgqj 1/1 Running 0 5m25s
pod/web02-644bcf7964-lxqkj 1/1 Running 0 5m25s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/httpd-svc ClusterIP 10.106.226.220 <none> 80/TCP 5m32s
service/tomcat-svc ClusterIP 10.105.251.247 <none> 8080/TCP 5m25s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/web01 3/3 3 3 5m32s
deployment.apps/web02 3/3 3 3 5m25s
NAME DESIRED CURRENT READY AGE
replicaset.apps/web01-78bb8c9f79 3 3 3 5m32s
replicaset.apps/web02-644bcf7964 3 3 3 5m25s
调用服务验证:
[root@k8s-master01 ingress]# curl -I 10.106.226.220:80
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 18:07:04 GMT
Server: Apache/2.4.52 (Unix)
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
[root@k8s-master01 ingress]# curl -I 10.105.251.247:8080
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Sun, 04 Dec 2022 18:07:32 GMT
以上通过service ip调用是正常返回。
3. 配置ingress
[root@k8s-master01 ingress]# vim ingress.yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-test
namespace: test-ns
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: www.test01fh.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpd-svc
port:
number: 80
- path: /tomcat
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
[root@k8s-master01 ingress]# kubectl apply -f ingress.yaml
Error from server (InternalError): error when creating "ingress.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": failed to call webhook: Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/in
gresses?timeout=10s": x509: certificate has expired or is not yet valid: current time 2022-12-04T11:55:35Z is before 2022-12-04T16:26:01Z
[root@k8s-master01 ingress]# kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
validatingwebhookconfiguration.admissionregistration.k8s.io "ingress-nginx-admission" deleted
[root@k8s-master01 ingress]# kubectl apply -f ingress.yaml
ingress.networking.k8s.io/ingress-test created
[root@k8s-master01 ingress]# kubectl get ingress -n test-ns
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-test <none> www.test01fh.com 192.168.30.120 80 63s
[root@k8s-master01 ingress]# kubectl describe ingress -n test-ns ingress-test
Name: ingress-test
Labels: <none>
Namespace: test-ns
Address: 192.168.30.120
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
www.test01fh.com
/ httpd-svc:80 (10.244.85.204:80,10.244.85.205:80,10.244.85.206:80)
/tomcat tomcat-svc:8080 (10.244.85.207:8080,10.244.85.208:8080,10.244.85.209:8080)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync <invalid> (x2 over <invalid>) nginx-ingress-controller Scheduled for sync
4.访问测试
到这里一个ingress的小实践就完成了,可以在命令行curl 验证,也可以通过浏览器访问测试
在浏览器测试需要配置本电脑的host解析,在命令行同样也许要,这里演示浏览器访问方式
在windos上配置dns解析
使用浏览器访问
扩展:配置https访问
1.生成私钥nginx.key
openssl genrsa -out nginx.key 2048
Generating RSA private key, 2048 bit long modulus
.....................................+++
.................................+++
2.使用nginx.key生成自签证书
openssl req -new -x509 -key nginx.key -days 10000 -out nginx.crt -subj /C=CN/ST=Shanghai/L=Shanghai/O=DevOps/CN=ingressnginx.com
3.创建secret对象
kubectl create secret tls ingress-nginx-secret --cert=nginx.crt --key=nginx.key
secret/ingress-nginx-secret created
4. 创建ingress规则
[root@k8s-master01 ingress]# vim ingress.yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-test
namespace: test-ns
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- www.test01fh.com
secretName: ingress-nginx-secret
rules:
- host: www.test01fh.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpd-svc
port:
number: 80
- path: /tomcat
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
注意这里的ingress.yaml就是上面用到过的文件,只是加了tls那一段的配置
[root@k8s-master01 ingress]# kubectl apply -f ingress.yaml
ingress.networking.k8s.io/ingress-test configured
注意端口的变化
posted on 2022-10-21 14:57 FLOWERS_WAN 阅读(705) 评论(0) 编辑 收藏 举报
