k8s部署ingress

k8s部署ingress

零、nginx-dep

#ngx-dep
kubectl create deploy ngx-dep --image=nginx:alpine --dry-run=client -o yaml

最终的配置文件

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ngx-dep
  name: ngx-dep
spec:
  replicas: 2
  selector:
    matchLabels:
      app: ngx-dep
  template:
    metadata:
      labels:
        app: ngx-dep
    spec:
      volumes: 
      - name: ngx-conf-vol 
        configMap: 
          name: ngx-conf 
      containers: 
      - image: nginx:alpine 
        name: nginx 
        ports: 
        - containerPort: 80 
        volumeMounts: 
        - mountPath: /etc/nginx/conf.d 
          name: ngx-conf-vol

可以手动扩容

#扩容
kubectl scale --replicas=3 deploy ngx-dep`
​
#给deployment创建service
kubectl expose deploy ngx-dep --port=80 --target-port=80 --dry-run=client -o yaml

 

最终配置文件ngx-svc.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app: ngx-dep
  name: ngx-svc
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: ngx-dep

 

​

定义一个configmap

​

apiVersion: v1
kind: ConfigMap
metadata:
  name: ngx-conf
​
data:
  default.conf: |
    server {
      listen 80;
      location / {
        default_type text/plain;
        return 200
          'srv : $server_addr:$server_port\nhost: $hostname\nuri : $request_method $host $request_uri\ndate: $time_iso8601\n';
      }
    }

 

进入pod，查看负载均衡效果

#因为 Service、 Pod 的 IP 地址都是 Kubernetes 集群的内部网段，所以我们需要用 kubectl exec 进入到 Pod 内部（或者 ssh 登录集群节点），再用 curl 等工具来访问 Service：
kubectl exec -it ngx-dep-6796688696-fm9fj -- sh
​
curl svc_host:80,查看打印的内容

 

Service 的 IP 地址是“虚”的，只用于转发流量，所以 ping 无法得到回应数据包，也就失败了

可以给svc添加type=NodePort属性，就可以再集群外访问service了

一、ingress

kubectl create ing ngx-ing --rule="ngx.test/=ngx-svc:80" --class=ngx-ink --dry-run=client -o yaml

 

配置文件

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ngx-ing
spec:
  ingressClassName: ngx-ink
  rules:
  - host: ngx.test
    http:
      paths:
      - backend:
          service:
            name: ngx-svc
            port:
              number: 80
        path: /
        pathType: Exact

 

二、ingressClass

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: ngx-ink
​
spec:
  controller: nginx.org/ingress-controller

 

此时ingressClass、ingress、service的映射关系

NGINX-controller的配置文件https://github.com/chronolaw/k8s_study/tree/master/ingress

如果只是测试只需要四个文件

​
kubectl apply -f common/ns-and-sa.yaml
kubectl apply -f rbac/rbac.yaml
kubectl apply -f common/nginx-config.yaml
kubectl apply -f common/default-server-secret.yaml

 

下面实现ingress-controller，它实际也是一个应用，

来源https://github.com/nginxinc/kubernetes-ingress/blob/main/deployments/deployment/nginx-ingress.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ngx-kic-dep
  namespace: nginx-ingress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ngx-kic-dep
  template:
    metadata:
      labels:
        app: ngx-kic-dep
    spec:
      serviceAccountName: nginx-ingress
      automountServiceAccountToken: true
      containers:
      - image: nginx/nginx-ingress:2.2-alpine
        imagePullPolicy: IfNotPresent
        name: nginx-ingress
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        resources:
          requests:
            cpu: "100m"
            memory: "128Mi"
        securityContext:
          allowPrivilegeEscalation: true
          runAsUser: 101 #nginx
          runAsNonRoot: true
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        args:
          - -ingress-class=ngx-ink

这个deploy是在新的namespace：nginx-ingress下面，查看命令如下

kubectl get po -n nginx-ingress

kubectl get deploy-n nginx-ingress

 

 最终的映射关系