ingress

 

资料信息

Ingress-Nginx github 地址:https://github.com/kubernetes/ingress-nginx

Ingress-Nginx 官方网站:https://kubernetes.github.io/ingress-nginx/

 

 

 

 

 

 

 

部署 Ingress-Nginx


[root@k8s-master01 ingress]# cd /usr/local/install-k8s/
[root@k8s-master01 ingress]# cd plugin/
[root@k8s-master01 ingress]# mkdir ingress
[root@k8s-master01 ingress]# cd ingress/

[root@k8s-master01 ingress]# ls
ingree.contro.tar  ingree.contro.tar.gz  mandatory.yaml
[root@k8s-master01 ingress]#

 [root@k8s-master01 ingress]# kubectl  apply -f mandatory.yaml

[root@k8s-master01 ingress]# kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS              RESTARTS      AGE
nginx-ingress-controller-66f74977cc-djlmd   0/1     Running             4 (40s ago)   4m3s
[root@k8s-master01 ingress]#

[root@k8s-master01 ingress]# ls
deploy.yaml        ingree.contro.tar.gz  service-nodeport.yaml(此文件已经传输上来了)
ingree.contro.tar  mandatory.yaml
[root@k8s-master01 ingress]#

[root@k8s-master01 ingress]# kubectl get svc -n ingress-nginx
NAME            TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx   NodePort   10.107.253.165   <none>        80:30933/TCP,443:30553/TCP   105s
[root@k8s-master01 ingress]#


 

 

 

 

Ingress HTTP 代理访问

 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-dm
spec:
  replicas: 2
  selector:
    matchLabels:
      name: nginx
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: nginx
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx

 [root@k8s-master01 ingress]# vim ingress.http.yaml
[root@k8s-master01 ingress]# kubectl apply -f ingress.http.yaml
deployment.apps/nginx-dm created
service/nginx-svc created
[root@k8s-master01 ingress]# kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP   22d
nginx-svc    ClusterIP   10.98.109.56   <none>        80/TCP    23s


[root@k8s-master01 ingress]# curl  10.98.109.56
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
</head>
<body>
<h1>Welcome to nginx!</h1>
</body>
</html>
[root@k8s-master01 ingress]#

 


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-test
spec:
  ingressClassName: nginx
  rules:
    - host: www1.loveyou.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-svc
                port: 
                  number: 80

 

 

 

 

 

解决方法:找到对应的deployment    command: ["/bin/bash", "-ce", "tail -f /dev/null"]

 

 

 

 

 [root@k8s-master01 ingress]# kubectl apply -f ingress1.yaml

这里会报错,参考此文档:

 https://www.cnblogs.com/zypdbk/p/16518359.html

 [root@k8s-master01 ingress]# kubectl apply -f ingress1.yaml
ingress.networking.k8s.io/nginx-test created

 

 

 

 我们可以域名加端口号访问,我这里不知道为啥访问不到,就不演示了

 

 

 

我们接下来完成这个实验

 

 

 

root@k8s-master01 ingress-vh]# vim deployment1.yaml
[root@k8s-master01 ingress-vh]# cat deployment1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment1
spec:
  replicas: 2
  selector:
    matchLabels:
      name: nginx
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: nginx
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: svc-1
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx
[root@k8s-master01 ingress-vh]# kubectl apply -f deployment1.yaml
deployment.apps/deployment1 created
service/svc-1 created
[root@k8s-master01 ingress-vh]#

[root@k8s-master01 ingress-vh]# kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP   22d
svc-1        ClusterIP   10.101.71.84   <none>        80/TCP    30s
[root@k8s-master01 ingress-vh]# curl 10.101.71.84(可以访问到就行)

[root@k8s-master01 ingress-vh]# cp -a deployment1.yaml deployment2.yaml
[root@k8s-master01 ingress-vh]# vim deployment2.yaml

[root@k8s-master01 ingress-vh]# cat deployment2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment2
spec:
  replicas: 2
  selector:
    matchLabels:
      name: nginx2
  template:
    metadata:
      labels:
        name: nginx2
    spec:
      containers:
        - name: nginx
          image: nginx
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: svc-2
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx2

[root@k8s-master01 ingress-vh]# kubectl apply -f deployment2.yaml
deployment.apps/deployment2 created
service/svc-2 created
[root@k8s-master01 ingress-vh]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP   22d
nginx-svc    ClusterIP   10.98.109.56     <none>        80/TCP    8h
svc-1        ClusterIP   10.101.71.84     <none>        80/TCP    3m34s
svc-2        ClusterIP   10.101.231.221   <none>        80/TCP    7s
[root@k8s-master01 ingress-vh]# curl 10.101.231.22(这里不知道怎么回事,访问页面卡的不动了)

 

[root@k8s-master01 ingress-vh]# vim ingressrule.yaml
[root@k8s-master01 ingress-vh]# cat ingressrule.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress1
spec:
  ingressClassName: nginx
  rules:
    - host: www1.loveyou.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: svc-1
                port:
                  number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress2
spec:
  ingressClassName: nginx
  rules:
    - host: www2.loveyou.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: svc-2
                port:
                  number: 80

[root@k8s-master01 ingress-vh]# kubectl apply -f ingressrule.yaml
ingress.networking.k8s.io/ingress1 created
ingress.networking.k8s.io/ingress2 created
[root@k8s-master01 ingress-vh]#

 

[root@k8s-master01 ingress-vh]# kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS              RESTARTS       AGE
nginx-ingress-controller-6565d58b69-wsmjd   0/1     Running             29 (24s ago)   8h
[root@k8s-master01 ingress-vh]# kubectl exec nginx-ingress-controller-6565d58b69-wsmjd -n ingress-nginx -it -- /bin/sh
error: unable to upgrade connection: container not found ("nginx-ingress-controller")
[root@k8s-master01 ingress-vh]#

(这里想要进入容器查看conf文件,结果报错,也没有解决……)

 

访问域名+端口也无法完成……

 

 

 

 

Ingress HTTPS 代理访问

创建证书,以及 cert 存储方式

 


openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt

[root@k8s-master01 https]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
Generating a 2048 bit RSA private key
..................................................................................+++
................................................+++
writing new private key to 'tls.key'
-----
[root@k8s-master01 https]# ls
tls.crt  tls.key
[root@k8s-master01 https]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt
secret/tls-secret created
[root@k8s-master01 https]#

 

 

deployment、Service、Ingress Yaml 文件

 

https.ingress.yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: https
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - www3.loveyou.com
      secretName: tls-secret
  rules:
    - host: www3.loveyou.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: svc-3
              port:
                number: 80

 

[root@k8s-master01 https]# cp ../ingress-vh/deployment1.yaml .
[root@k8s-master01 https]# vim deployment1.yaml

[root@k8s-master01 https]# cat deployment1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment3
spec:
  replicas: 2
  selector:
    matchLabels:
      name: nginx3
  template:
    metadata:
      labels:
        name: nginx3
    spec:
      containers:
        - name: nginx3
          image: nginx
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: svc-3
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx3

[root@k8s-master01 https]# kubectl apply -f deployment1.yaml
deployment.apps/deployment3 created
service/svc-3 unchanged

[root@k8s-master01 https]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP   22d
nginx-svc    ClusterIP   10.98.109.56     <none>        80/TCP    9h
svc-1        ClusterIP   10.101.71.84     <none>        80/TCP    48m
svc-2        ClusterIP   10.101.231.221   <none>        80/TCP    45m
svc-3        ClusterIP   10.96.147.93     <none>        80/TCP    4m41s
[root@k8s-master01 https]# curl 10.96.147.93(可以访问到)

[root@k8s-master01 https]# vim https.ingress.yaml
[root@k8s-master01 https]# kubectl apply -f https.ingress.yaml
ingress.networking.k8s.io/https created
[root@k8s-master01 https]# kubectl get svc -n ingress-nginx
NAME            TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx   NodePort   10.107.253.165   <none>        80:30933/TCP,443:30553/TCP   9h



不出意外,无法访问……

 

 

 

Nginx 进行 BasicAuth


yum -y install httpd
htpasswd -c auth foo
kubectl create secret generic basic-auth --from-file=auth

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: auth.loveyou.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: svc-1
            port: 
              number: 80

[root@k8s-master01 basic-auth]# yum -y install httpd

[root@k8s-master01 ~]# mkdir basic-auth
[root@k8s-master01 ~]# cd basic-auth/
[root@k8s-master01 basic-auth]#

[root@k8s-master01 basic-auth]# htpasswd -c auth foo
New password:
Re-type new password:
Adding password for user foo
[root@k8s-master01 basic-auth]# ls
auth
[root@k8s-master01 basic-auth]# kubectl create secret generic basic-auth --from-file=auth
secret/basic-auth created
[root@k8s-master01 basic-auth]#

root@k8s-master01 basic-auth]# vim ingress.yaml
[root@k8s-master01 basic-auth]# kubectl apply -f ingress.yaml
ingress.networking.k8s.io/ingress-with-auth created
[root@k8s-master01 basic-auth]#



正常来说,得输入用户名(foo)和密码才可以正常访问

 

 

 

 

Nginx 进行重写

 

名称描述
nginx.ingress.kubernetes.io/rewritetarget 必须重定向流量的目标URI
nginx.ingress.kubernetes.io/sslredirect 指示位置部分是否仅可访问SSL(当Ingress包含证书时默认为True) 布尔
nginx.ingress.kubernetes.io/forcessl-redirect 即使Ingress未启用TLS,也强制重定向到HTTPS 布尔
nginx.ingress.kubernetes.io/approot 定义Controller必须重定向的应用程序根,如果它在'/'上下文中
nginx.ingress.kubernetes.io/useregex 指示Ingress上定义的路径是否使用正则表达式 布尔

 

 

 


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: https://www3.loveyou.com:30553
spec:
  rules:
  - host: re.loveyou.com(访问此域名就跳转到https://www3.loveyou.com:30553了)
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: svc-1
            port: 
              number: 80

 

 

 [root@k8s-master01 re]# vim re.yaml
[root@k8s-master01 re]# kubectl apply -f re.yaml
ingress.networking.k8s.io/nginx-test configured
[root@k8s-master01 re]#

 

 

 

 

 

 

 

posted @ 2022-07-25 20:38  屯子里唯一的架构师  阅读(202)  评论(0编辑  收藏  举报