K8S ingress实战

最新推荐文章于 2023-07-23 17:04:17 发布

MiddenEurope

最新推荐文章于 2023-07-23 17:04:17 发布

阅读量273

点赞数

文章标签： mysql

本文链接：https://blog.csdn.net/MiddenEurope/article/details/119952942

版权

ingress-nginx

nginx采用内部服务nortport方式来暴露给外部用户，通过client建立连接，监听资源变化事件

IngressClass is a Kubernetes resource. See the description below. Its important because until now, a default install of the Ingress-NGINX controller did not require a ingressClass object. But from version 1.0.0 of the Ingress-NGINX Controller, a ingressclass object is required.

On clusters with more than one instance of the Ingress-NGINX controller, all instances of the controllers must be aware of which Ingress object they must serve. The ingressClass field of a ingress object is the way to let the controller know about that.

Ingress
nginx+Apache+mysql，如果外部想要访问到Apache中，通过HTTPs方式进行连接，需要安装证书到svc中。

官方NodePort启动Ingress

NortPort方式去部署Ingress-Nginx,会产生一个SVC

使用K8S声明式方法提交ingress资源

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/baremetal/deploy.yaml

会产生一个Ingress-nginx-controllers(该例子为NortPort)

kubectl get svc -n ingress-nginx

ingress-nginx-controller NodePort 10.110.124.27 <none> 80:30169/TCP,443:32520/TCP 5m58s

Ingress实战

创建k8s secret方式代理deployment nginx

nginx deployment

vim nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deploy
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      name: nginx
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80

nginx svc(TCP)

vim nginx-svc-nortport.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  selector:
    name: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

创建ingress(再hosts中添加域名后可以通过ingress-svc的端口号去访问nginx页面),根据backend去代理相应的svc

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: https
spec:
  tls:
    - hosts:
      - www3.vector.com
      secretName: tls-secret
  rules:
    - host: www3.vector.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc-https
            servicePort: 80

Ingress HTTPS 代理访问（需要创建密钥）

用openssl创建密钥

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt (创建secret对象)

创建ingress(再hosts中添加域名后可以通过ingress-svc的端口号去访问nginx页面),根据backend去代理相应的svc

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
    - host: www1.vector.com
      
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

BasicAuth Ingress登录

创建用户密码并添加到k8s secret中

yum -y install httpd
htpasswd -c auth foo
kubectl create secret generic basic-auth --from-file=auth

创建basic-auth Ingress文件

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
    - host: www4.vector.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

Nginx Rewrite

You will need to make sure your Ingress targets exactly one Ingress controller by specifying the ingress.class annotation, and that you have an ingress controller running in your cluster.

Name	Description	Values
nginx.ingress.kubernetes.io/rewrite-target	Target URI where the traffic must be redirected	string
nginx.ingress.kubernetes.io/ssl-redirect	Indicates if the location section is accessible SSL only (defaults to True when Ingress contains a Certificate)	bool
nginx.ingress.kubernetes.io/force-ssl-redirect	Forces the redirection to HTTPS even if the Ingress is not TLS Enabled	bool
nginx.ingress.kubernetes.io/app-root	Defines the Application Root that the Controller must redirect if it's in '/' context	string
nginx.ingress.kubernetes.io/use-regex	Indicates if the paths defined on an Ingress use regular expressions	bool

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: http://auth.vector.com:30169/
  name: rewrite
  namespace: default
spec:
  rules:
  - host: rewrite.vector.com
    http:
      paths:
      - backend:
          serviceName: rewrite-svc
          servicePort: 80
        path: /

MiddenEurope

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
K8S ingress实战

ingress-nginxnginx采用内部服务nortport方式来暴露给外部用户，通过client建立连接，监听资源变化事件IngressClass is a Kubernetes resource. See the description below. Its important because until now, a default install of the Ingress-NGINX controller did not require a ingressClass object.
复制链接

扫一扫