ingress-nginx 部署使用

安装部署 nginx-ingress-controller

 

输入下面网址:选择版本

https://github.com/kubernetes/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml

 

 

 

 

 

vim mandatory.yaml  #新建一个yaml文件直接复制粘贴  ps: vim 编辑器 需要 set paste  防止格式错误

 

 

 

 

 

 

官网提示(0.30版本):!!! tip If you are using a Kubernetes version previous to 1.14, you need to change kubernetes.io/os to beta.kubernetes.io/os at line 217 of mandatory.yaml, see Labels details. #如果你的k8s集群版本低于1.14,需要

把第217 行 的 kubernetes.io/os 替换成 beta.kubernetes.io/os

kubectl   version    查看集群版本
Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:08:12Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}

 

214       terminationGracePeriodSeconds: 300
215       serviceAccountName: nginx-ingress-serviceaccount
216       nodeSelector:
217         beta.kubernetes.io/os: linux
218       containers:
219         - name: nginx-ingress-controller
:set nu                                    

修改完创建资源

[root@localhost ~/test/ingress]# kubectl apply -f mandatory.yaml 
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created
limitrange/ingress-nginx created

查看控制器Pod 已经正常运行
[root@localhost ~/test/ingress]# kubectl get pods -n ingress-nginx
NAME                                       READY   STATUS   RESTARTS   AGE
nginx-ingress-controller-97547988b-jh9q4   1/1     Running   0         3m32s


 

创建个service 集群外访问

[root@localhost ~/test/ingress]# vim service-nodeport.yaml 

apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
  port: 80
  targetPort: 80
  protocol: TCP
  nodePort: 30080
- name: https
  port: 443
  targetPort: 443
  protocol: TCP
  nodePort: 30443
selector:
  app.kubernetes.io/name: ingress-nginx
  app.kubernetes.io/part-of: ingress-nginx




kubectl apply -f service-nodeport.yaml    

 

 

 

创建一组应用pod和对应的service

 

[root@localhost ~/test/ingress/tomcat]# vim deploy-tomcat.yaml 

apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
  app: tomcat
  release: canary
ports:
- name: http
  port: 80
  targetPort: 8080
# - name: ajp
# port: 8009
  # targetPort: 8009

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
spec:
replicas: 3
selector:
  matchLabels:
    app: tomcat
release: canary
template:
  metadata:
    labels:
      app: tomcat
      release: canary
  spec:
    containers:
    - name: tomcat
      image: tomcat:7-alpine
      ports:
      - name: httpd
        containerPort: 8080
  #   - name: ajp
    #     containerPort: 8009
                               
kubectl apply -f deploy-tomcat.yaml
       

 

 

配置 ingress 规则

[root@localhost ~/test/ingress/tomcat]# vim tomcat.yaml 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
  kubernets.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.luoluo.com
  http:
    paths:
    - path:
      backend:
        serviceName: tomcat
        servicePort: 8080
         
         
kubectl apply -f tomcat.yaml

 

 

浏览器输入 tomcat.luoluo.com:30080 验证 #测试需要修改宿主机 C:\Windows\System32\drivers\etc 下 HOSTS文件 映射

 

 

 

 

 

 

 

对tomcat服务添加httpds服务

 

创建私有证书及secret

openssl genrsa -out tls.key 2048

[root@localhost ~/test/ingress/tomcat]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.luoluo.com #注意域名要和服务的域名一致


kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key #创建secret


将证书应用至tomcat服务中

 

[root@localhost ~/test/ingress/tomcat]# vim ingress-tomcat-tls.yaml 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
  kubernets.io/ingress.class: "nginx"
spec:
tls:
- hosts:
  - tomcat.luoluo.com       #与secret证书的域名需要保持一致
  secretName: tomcat-ingress-secret   #secret证书的名称
rules:
- host: tomcat.luoluo.com
  https:
    paths:
    - path:
      backend:
        serviceName: tomcat
        servicePort: 8080
~                                                                                                                                    
~                                                                                              
kubectl apply -f ingress-tomcat-tls.yaml    

~                                                    

 

 

posted @ 2022-01-02 18:21  不用去猜。  阅读(508)  评论(0编辑  收藏  举报