kubernetes 部署 Ingress-nginx controller-v1.8.0
环境说明
裸机集群
适用于部署在裸机服务器上的 Kubernetes 集群,以及使用通用 Linux 发行版(如 CentOS、Ubuntu...)手动安装 Kubernetes 的“原始”VM。通常会使用 30000-32767 范围内的端口。Ingress-NGINX Controller
部署清单说明
该部署清单把所有资源都部署在ingress-nginx名称空间下,包括由Deployment控制器编排的ingress-nginx-controller Pod及用于配置应用的configmap/ingress-nginx-controller等。为了便于用户使用,该清单还创建了一个NodePort类型的service/ingress-nginxcontroller资源,该Service资源通过TCP端口80和443分别服务于HTTP与HTTPS客户端。下载 ingress-nginx-deploy.yaml
# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.0/deploy/static/provider/baremetal/deploy.yaml -O ingress-nginx-deploy.yaml修改端口
# vim ingress-nginx-deploy.yaml---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.0
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: http
nodePort: 40080
- appProtocol: https
name: https
port: 443
protocol: TCP
targetPort: https
nodePort: 40443
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: NodePort
---部署Ingress-nginx controller
# kubectl apply -f ingress-nginx-deploy.yaml查看Ingress-nginx controller pod
# kubectl get pod -n ingress-nginxNAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-66rvr 0/1 Completed 0 2m1s
ingress-nginx-admission-patch-vbhq5 0/1 Completed 3 2m
ingress-nginx-controller-57996bb47f-9j7rk 1/1 Running 0 2m1s查看Ingress-nginx controller svc
# kubectl get svc -n ingress-nginxNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.100.49.51 <none> 80:40080/TCP,443:40443/TCP 2m57s
ingress-nginx-controller-admission ClusterIP 10.100.205.58 <none> 443/TCP 2m57s访问测试
# curl 192.168.174.100:40080 -IHTTP/1.1 404 Not Found
Date: Thu, 08 Jun 2023 06:38:10 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive配置Ingress Nginx
除使用Ingress资源自定义流量路由相关的配置外,Ingress Nginx应用程序还存在许多其他配置需要,例如日志格式、CORS、URL重写、代理缓冲和SSL透传等。这类的配置通常有ConfigMap、Annotations和自定义模板3种实现方式。
Ingress Nginx的ConfigMap和Annotations配置接口都支持使用大量的参数来定制所需要的功能,不同的是,前者通过在Ingress Nginx引用ConfigMap资源规范中data字段特定的键及可用取值进行定义,且多用于Nginx全局特性的定制,因而是集群级别的配置;而后者则于Ingress资源上使用资源注解配置,多用于虚拟主机级别,因而通常是服务级别的配置。Annotations
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-web
namespace: ingress-single-host
annotations:
nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客户端上传文件,最大大小,默认为20m
nginx.ingress.kubernetes.io/rewrite-target: /$2 # url重写
nginx.ingress.kubernetes.io/ssl-passthrough: "true" #SSL透传
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # 后端使用TLS协议
nginx.ingress.kubernetes.io/ssl-redirect: "false" #禁止重定向HTTP到HTTPS
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
....ConfigMap
ingress-nginx-deploy.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.0
name: ingress-nginx-controller
namespace: ingress-nginx
data:
allow-snippet-annotations: "true"
use-gzip: "true" # 启用页面资源压缩功能,默认为启用
gzip-level: "6" # 设置页面资源的压缩级别,默认为5
worker-processes: "8" # 设置Nginx的工作进程数web服务
depoly-demoapp-v10.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-demoapp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoappv10
name: demoappv10
namespace: ingress-demoapp
spec:
replicas: 1
selector:
matchLabels:
app: demoappv10-selector
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: demoappv10-selector
spec:
containers:
- image: ikubernetes/demoapp:v1.0
name: demoapp
env:
- name: PORT
value: "8080"
resources: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: demoappv10-service
name: demoappv10
namespace: ingress-demoapp
spec:
ports:
- name: http-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demoappv10-selector
type: ClusterIPdepoly-demoapp-v11.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-demoapp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoappv11
name: demoappv11
namespace: ingress-demoapp
spec:
replicas: 1
selector:
matchLabels:
app: demoappv11-selector
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: demoappv11-selector
spec:
containers:
- image: ikubernetes/demoapp:v1.1
name: demoapp
env:
- name: PORT
value: "8080"
resources: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: demoappv11-service
name: demoappv11
namespace: ingress-demoapp
spec:
ports:
- name: http-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demoappv11-selector
type: ClusterIP创建web资源
# kubectl apply -f depoly-demoapp-v10.yaml -f depoly-demoapp-v11.yamlnamespace/ingress-demoapp created
deployment.apps/demoappv10 created
service/demoappv10 created
namespace/ingress-demoapp unchanged
deployment.apps/demoappv11 created
service/demoappv11 created查看 web svc
# kubectl get svc -n ingress-demoappNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
demoappv10 ClusterIP 10.100.36.18 <none> 8080/TCP 54s
demoappv11 ClusterIP 10.100.85.106 <none> 8080/TCP 54s访问web服务
demoappv10
# curl `kubectl get svc/demoappv10 -n ingress-demoapp -o jsonpath="{.spec.clusterIP}"`:8080iKubernetes demoapp v1.0 !! ClientIP: 172.20.151.128, ServerName: demoappv10-69f6cf9477-v9m6g, ServerIP: 172.20.154.216!demoappv11
# curl `kubectl get svc/demoappv11 -n ingress-demoapp -o jsonpath="{.spec.clusterIP}"`:8080iKubernetes demoapp v1.1 !! ClientIP: 172.20.151.128, ServerName: demoappv11-9bf785ff8-thp9m, ServerIP: 172.20.89.175!单域名主机服务
ingress_single-host.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-web
namespace: ingress-demoapp
annotations:
nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客户端上传文件,最大大小,默认为20m
spec:
ingressClassName: nginx
rules: #路由规则
- host: www.demoapp10.com ##客户端访问的host域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: demoappv10 #转发至哪个service
port:
number: 8080 ##转发至service的端口号创建ingress 规则资源
# kubectl apply -f ingress_single-host.yamlingress.networking.k8s.io/nginx-web created查看ingress 规则信息
# kubectl describe ing nginx-web -n ingress-demoappName: nginx-web
Labels: <none>
Namespace: ingress-demoapp
Address: 192.168.174.106
Ingress Class: nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
www.demoapp10.com
/ demoappv10:8080 (172.20.89.165:8080)
Annotations: nginx.ingress.kubernetes.io/app-root: /index.html
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-connect-timeout: 600
nginx.ingress.kubernetes.io/proxy-read-timeout: 600
nginx.ingress.kubernetes.io/proxy-send-timeout: 600
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 15s (x2 over 72s) nginx-ingress-controller Scheduled for sync访问资源
# curl -H "host: www.demoapp10.com" 192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==80)].nodePort}"`iKubernetes demoapp v1.0 !! ClientIP: 172.20.154.254, ServerName: demoappv10-69f6cf9477-vsz88, ServerIP: 172.20.89.165!多域名主机服务
ingress_multi-host.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-web
namespace: ingress-demoapp
annotations:
nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客户端上传文件,最大大小,默认为20m
spec:
ingressClassName: nginx
rules: #路由规则
- host: www.demoapp10.com ##客户端访问的host域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: demoappv10 #转发至哪个service
port:
number: 8080 ##转发至service的端口号
- host: www.demoapp11.com ##客户端访问的host域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: demoappv11 #转发至哪个service
port:
number: 8080 ##转发至service的端口号创建ingress 规则资源
# kubectl apply -f ingress_multi-host.yamlingress.networking.k8s.io/nginx-web created查看ingress 规则信息
# kubectl describe ing nginx-web -n ingress-demoappName: nginx-web
Labels: <none>
Namespace: ingress-demoapp
Address: 192.168.174.106
Ingress Class: nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
www.demoapp10.com
/ demoappv10:8080 (172.20.89.155:8080)
www.demoapp11.com
/ demoappv11:8080 (172.20.154.204:8080)
Annotations: nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-connect-timeout: 600
nginx.ingress.kubernetes.io/proxy-read-timeout: 600
nginx.ingress.kubernetes.io/proxy-send-timeout: 600
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 2m3s (x2 over 2m12s) nginx-ingress-controller Scheduled for sync访问资源
demoappv10
# curl -H "host: www.demoapp10.com" 192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==80)].nodePort}"`iKubernetes demoapp v1.0 !! ClientIP: 172.20.154.243, ServerName: demoappv10-cdf9995cb-n9vbd, ServerIP: 172.20.89.155!demoappv11
# curl -H "host: www.demoapp11.com" 192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==80)].nodePort}"`iKubernetes demoapp v1.1 !! ClientIP: 172.20.154.243, ServerName: demoappv11-85d9ddccf8-qwjkq, ServerIP: 172.20.154.204!多URL
Ingress-url.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-web
namespace: ingress-demoapp
annotations:
nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客户端上传文件,最大大小,默认为20m
spec:
ingressClassName: nginx
rules: #路由规则
- host: www.demoapp.com ##客户端访问的host域名
http:
paths:
- path: /v10
pathType: Prefix
backend:
service:
name: demoappv10 #转发至哪个service
port:
number: 8080 ##转发至service的端口号
- path: /v11
pathType: Prefix
backend:
service:
name: demoappv11 #转发至哪个service
port:
number: 8080 ##转发至service的端口号
TLS
生成证书
ca
# openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=www.demoapp10.com'www.demoapp10.com
# openssl req -new -newkey rsa:4096 -keyout demoapp10.key -out demoapp10.csr -nodes -subj '/CN=www.demoapp10.com'
# openssl x509 -req -sha256 -days 3650 -in demoapp10.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out demoapp10.crtwww.demoapp11.com
# openssl req -new -newkey rsa:4096 -keyout demoapp11.key -out demoapp11.csr -nodes -subj '/CN=www.demoapp11.com'
# openssl x509 -req -sha256 -days 3650 -in demoapp11.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out demoapp11.crt查看证书
# lsca.crt ca.key demoapp10.crt demoapp10.csr demoapp10.key demoapp11.crt demoapp11.csr demoapp11.keysecret
创建secret
# kubectl create secret tls tls-demoapp10 --cert=demoapp10.crt --key=demoapp10.key -n ingress-demoapp
# kubectl create secret tls tls-demoapp11 --cert=demoapp11.crt --key=demoapp11.key -n ingress-demoapp查看secret
# kubectl get secret -n ingress-demoappNAME TYPE DATA AGE
tls-demoapp10 kubernetes.io/tls 2 83s
tls-demoapp11 kubernetes.io/tls 2 73singress_tls-multi-host.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-web
namespace: ingress-demoapp
annotations:
nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客户端上传文件,最大大小,默认为20m
nginx.ingress.kubernetes.io/ssl-redirect: "false" #禁止重定向HTTP到HTTPS
spec:
ingressClassName: nginx
tls:
- hosts:
- www.demoapp10.com
secretName: tls-demoapp10
- hosts:
- www.demoapp11.com
secretName: tls-demoapp11
rules: #路由规则
- host: www.demoapp10.com ##客户端访问的host域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: demoappv10 #转发至哪个service
port:
number: 8080 ##转发至service的端口号
- host: www.demoapp11.com ##客户端访问的host域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: demoappv11 #转发至哪个service
port:
number: 8080 ##转发至service的端口号查看ingress 规则信息
# kubectl describe ing nginx-web -n ingress-demoappName: nginx-web
Labels: <none>
Namespace: ingress-demoapp
Address: 192.168.174.106
Ingress Class: nginx
Default backend: <default>
TLS:
tls-demoapp10 terminates www.demoapp10.com
tls-demoapp11 terminates www.demoapp11.com
Rules:
Host Path Backends
---- ---- --------
www.demoapp10.com
/ demoappv10:8080 (172.20.89.155:8080)
www.demoapp11.com
/ demoappv11:8080 (172.20.154.204:8080)
Annotations: nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-connect-timeout: 600
nginx.ingress.kubernetes.io/proxy-read-timeout: 600
nginx.ingress.kubernetes.io/proxy-send-timeout: 600
nginx.ingress.kubernetes.io/ssl-redirect: false
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 63s (x3 over 5m49s) nginx-ingress-controller Scheduled for sync访问web服务
demoapp10
# curl -H "host: www.demoapp10.com" 192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==80)].nodePort}"`
iKubernetes demoapp v1.0 !! ClientIP: 172.20.154.243, ServerName: demoappv10-cdf9995cb-n9vbd, ServerIP: 172.20.89.155!# curl -k -H "host: www.demoapp10.com" https://192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==443)].nodePort}"`
iKubernetes demoapp v1.0 !! ClientIP: 172.20.154.243, ServerName: demoappv10-cdf9995cb-n9vbd, ServerIP: 172.20.89.155!demoapp11
# curl -H "host: www.demoapp11.com" 192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==80)].nodePort}"`
iKubernetes demoapp v1.1 !! ClientIP: 172.20.154.243, ServerName: demoappv11-85d9ddccf8-qwjkq, ServerIP: 172.20.154.204!# curl -k -H "host: www.demoapp11.com" https://192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==443)].nodePort}"`
iKubernetes demoapp v1.1 !! ClientIP: 172.20.154.243, ServerName: demoappv11-85d9ddccf8-qwjkq, ServerIP: 172.20.154.204!auth
htpasswd生成的文件名称必须为auth,否则会返回503.创建用户名密码
# htpasswd -c -b -m ./auth ingress-auth foo
Adding password for user ingress-auth创建secret
# kubectl create secret generic basic-auth --from-file=auth -n ingress-demoapp
secret/basic-auth createdingress_auth-host.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-web
namespace: ingress-demoapp
annotations:
nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客户端上传文件,最大大小,默认为20m
nginx.ingress.kubernetes.io/ssl-redirect: "false" #禁止重定向HTTP到HTTPS
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
ingressClassName: nginx
tls:
- hosts:
- www.demoapp10.com
secretName: tls-demoapp10
rules: #路由规则
- host: www.demoapp10.com ##客户端访问的host域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: demoappv10 #转发至哪个service
port:
number: 8080 ##转发至service的端口号查看ingress 规则信息
# kubectl describe ing nginx-web -n ingress-demoappName: nginx-web
Labels: <none>
Namespace: ingress-demoapp
Address: 192.168.174.106
Ingress Class: nginx
Default backend: <default>
TLS:
tls-demoapp10 terminates www.demoapp10.com
Rules:
Host Path Backends
---- ---- --------
www.demoapp10.com
/ demoappv10:8080 (172.20.89.155:8080)
Annotations: nginx.ingress.kubernetes.io/auth-realm: Authentication Required
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-connect-timeout: 600
nginx.ingress.kubernetes.io/proxy-read-timeout: 600
nginx.ingress.kubernetes.io/proxy-send-timeout: 600
nginx.ingress.kubernetes.io/ssl-redirect: false
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 22s (x3 over 7m3s) nginx-ingress-controller Scheduled for sync访问web服务
没有验证访问
# curl -k -H "host: www.demoapp10.com" https://192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==443)].nodePort}"` <html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx</center>
</body>
</html>有验证访问
# curl -k -H "host: www.demoapp10.com" https://192.168.174.108:`kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath="{.spec.ports[?(@.port==443)].nodePort}"` -u "ingress-auth:foo"iKubernetes demoapp v1.0 !! ClientIP: 172.20.154.243, ServerName: demoappv10-cdf9995cb-n9vbd, ServerIP: 172.20.89.155!参考文档
https://kubernetes.github.io/ingress-nginx/
