ingress-nginx 部署使用
输入下面网址:选择版本
https://github.com/kubernetes/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml
vim mandatory.yaml #新建一个yaml文件直接复制粘贴 ps: vim 编辑器 需要 set paste 防止格式错误
官网提示(0.30版本):!!! tip If you are using a Kubernetes version previous to 1.14, you need to change kubernetes.io/os
to beta.kubernetes.io/os
at line 217 of
把第217 行 的 kubernetes.io/os 替换成 beta.kubernetes.io/os
kubectl version 查看集群版本
Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:08:12Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
214 terminationGracePeriodSeconds: 300
215 serviceAccountName: nginx-ingress-serviceaccount
216 nodeSelector:
217 beta.kubernetes.io/os: linux
218 containers:
219 - name: nginx-ingress-controller
:set nu
修改完创建资源
[root@localhost ~/test/ingress]# kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
查看控制器Pod 已经正常运行
[root@localhost ~/test/ingress]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-97547988b-jh9q4 1/1 Running 0 3m32s
创建个service 集群外访问
[root@localhost ~/test/ingress]# vim service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
kubectl apply -f service-nodeport.yaml
创建一组应用pod和对应的service
[root@localhost ~/test/ingress/tomcat]# vim deploy-tomcat.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
port: 80
targetPort: 8080
# - name: ajp
# port: 8009
# targetPort: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: tomcat:7-alpine
ports:
- name: httpd
containerPort: 8080
# - name: ajp
# containerPort: 8009
kubectl apply -f deploy-tomcat.yaml
配置 ingress 规则
[root@localhost ~/test/ingress/tomcat]# vim tomcat.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.luoluo.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
kubectl apply -f tomcat.yaml
浏览器输入 tomcat.luoluo.com:30080 验证 #测试需要修改宿主机 C:\Windows\System32\drivers\etc 下 HOSTS文件 映射
对tomcat服务添加httpds服务
创建私有证书及secret
openssl genrsa -out tls.key 2048
[root@localhost ~/test/ingress/tomcat]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.luoluo.com #注意域名要和服务的域名一致
kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key #创建secret
将证书应用至tomcat服务中
[root@localhost ~/test/ingress/tomcat]# vim ingress-tomcat-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- tomcat.luoluo.com #与secret证书的域名需要保持一致
secretName: tomcat-ingress-secret #secret证书的名称
rules:
- host: tomcat.luoluo.com
https:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
~
~
kubectl apply -f ingress-tomcat-tls.yaml
~