Kubernetes教程-Ingress

第十章 Ingress

一、资料信息

自定义域名能够指向某个services。

Ingress-Nginx github 地址：https://github.com/kubernetes/ingress-nginx

Ingress-Nginx 官方网站：https://kubernetes.github.io/ingress-nginx/

 

 

二、部署 Ingress-Nginx

 https://kubernetes.github.io/ingress-nginx/deploy/#docker-for-mac

#cd /usr/local/install-k8s/plugin/
#mkdir ingress
#cd ingress
#wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/cloud/deploy.yaml

#cat deploy.yaml | grep image

#docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0    #其他node机器也需要执行

#docker save -o ingress.contr.tar quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0   #可以保存
#tar -zcvf ingress.contr.tar.gz  ingress.contr.tar
#tar -zxvf ingress.contr.tar.gz
#docker load -i ingress.contr.tar

#kubectl apply -f deploy.yaml
#kubectl get pod -n ingress-nginx

https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

#wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml
#kubectl apply -f deploy.yaml.1   #文件存在会自动增加文件后缀

#kubectl get svc -n ingress-nginx

 Ingress HTTP 代理访问

 deployment、Service、Ingress Yaml 文件

#cd ~
#vim ingress.http.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-dm
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: hub.atguigu.com/library/nginx:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx

#kubectl apply -f ingress.http.yaml

#kubectl get svc
#kubectl get deployment
#kubectl get pod

#cd -
#vim ingress1.yaml

apiVersion: extensions/v1beta1
kind: Ingress                   #其实Ingress是Service
metadata:
  name: nginx-test
spec:
  rules:
    - host: www1.atguigu.com     #主机名
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc    #服务名
            servicePort: 80


#kubectl create -f ingress1.yaml
#kubectl get svc -n ingress-nginx    #通过svc命令访问Service，-n 表示使用命名空间
#kubectl get ingress    #通过ingress命令访问ingress

设置host文件，192.168.4.86 www1.atguigu.com

浏览器访问：http://www1.atguigu.com:31107/

 

 

 

 根据不同的域名指向不同的svc，实现上图的yaml文件如下：

#vim deployment1.yaml
 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: deployment1
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: hub.atguigu.com/library/nginx:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: svc-1
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx


#kubectl apply -f deployment1.yaml
#kubectl get svc
#curl svc-2的ipadress


#cp -a deployment1.yaml deployment2.yaml

#vim deployment2.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: deployment2
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx2
    spec:
      containers:
        - name: nginx2
          image: hub.atguigu.com/library/nginx:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: svc-2
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx2


#kubectl apply -f deployment2.yaml
#kubectl get svc
#curl svc-1的ipadress


#vim ingressrule.yaml      #根据域名指向不同的svc

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress1
spec:
  rules:
    - host: www1.atguigu.com   #www1指向svc-1
      http:
        paths:
        - path: /
          backend:
            serviceName: svc-1
            servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress2
spec:
  rules:
    - host: www2.atguigu.com   #www2指向svc-2
      http:
        paths:
        - path: /
          backend:
            serviceName: svc-2
            servicePort: 80


#kubectl apply -f ingressrule.yaml

#kubectl get pod -n ingress-nginx

#kubectl exec nginx-ingress-controller-*****-*** -n ingress-nginx  -it -- /bin/bash    #进入nginx容器的pod里面
#cat nginx.conf              #在nginx容器看nginx的配置文件
#exit   #退出容器

#kubectl get svc -c ingress-nginx    #查看service的端口
#kubectl get ingress

设置host文件，192.168.4.86 www2.atguigu.com

浏览器访问：http://www1.atguigu.com:31107/

浏览器访问：http://www2.atguigu.com:31107/

三、Ingress HTTPS 代理访问

创建证书，以及 cert 存储方式

#cd ~
#mkdir https
#cd https

#创建证书
#openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj"/CN=nginxsvc/O=nginxsvc"
#kubectl create secret tls tls-secret --key tls.key --cert tls.crt

#vim deployment3.yaml
 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: deployment3
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx3
    spec:
      containers:
        - name: nginx3
          image: hub.atguigu.com/library/nginx:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: svc-3
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx

#kubectl apply -f deployment3.yaml


#vim https.ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: https
spec:
  tls:
    - hosts:
      - www3.atguigu.com        #www3绑定证书
      secretName: tls-secret    #指定证书名称
  rules:
    - host: www3.atguigu.com    #www3指向svc-3
      http:
        paths:
        - path: /
          backend:
            serviceName: svc-3
            servicePort: 80


#kubectl apply -f https.ingress.yaml

#kubectl get svc -n ingress-nginx    #查看https的端口

设置host文件，192.168.4.86 www3.atguigu.com

浏览器访问：https://www3.atguigu.com:32135/

四、Nginx 进行 BasicAuth

给nginx加一个基础认证

https://kubernetes.github.io/ingress-nginx/examples/auth/basic/#basic-authentication

#yum -y install httpd
#cd ~
#mkdir basic-auth
#cd basic-auth
#htpasswd -c auth foo    #文件名为auth，用户名为foo
#kubectl create secret generic basic-auth --from-file=auth

 

#vim auth.ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name:ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: auth.atguigu.com
    http:
      paths:
      - path: /
        backend:
          serviceName: svc-1
          servicePort: 80

#kubectl apply -f auth.ingress.yaml

设置host文件，192.168.4.86 auth.atguigu.com

浏览器访问：http://auth.atguigu.com:31107/

输入用户名和密码

五、Nginx 进行重写

 

#vim redirect.ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: https://www3.atguigu.com:32135/hostname.html
spec:
  rules:
  - host: re.bar.com     #访问re跳转www3
    http:
      paths:
      - path: /
      backend:
        serviceName: svc-1   #可以不写
        servicePort: 80
 
#kubectl apply -f redirect.ingress.yaml

设置host文件，192.168.4.86 re.atguigu.com

浏览器访问：http://re.atguigu.com:31107/