小笔记-简单但够用系列_K8S快速入门-Ingress安装使用

最新推荐文章于 2024-09-29 16:05:17 发布

NYTWTYN

最新推荐文章于 2024-09-29 16:05:17 发布

阅读量627

点赞数

分类专栏： LINUX 运维相关小笔记-简单但够用系列文章标签： kubernetes nginx linux ingress

本文链接：https://blog.csdn.net/nytwtyn/article/details/119379504

版权

小笔记-简单但够用系列同时被 3 个专栏收录

16 篇文章 0 订阅

订阅专栏

运维相关

14 篇文章 0 订阅

订阅专栏

LINUX

9 篇文章 0 订阅

订阅专栏

文章目录

安装 Ingress

安装 Ingress

Ingress 是非 k8s 内置的服务，可完成服务暴露，使可通过访问域名的方式连接pod。Ingress是k8s集群的一个API资源对象，相当于一个集群网关，可设置自定义路由规则进行转发、管理、暴露服务等。
Ingress有多个类型版本，以官方维护的 Ingress-nginx 为例。

github 地址

https://github.com/kubernetes/ingress-nginx

安装配置文件
Ingress-nginx 是使用 nginx 作为反向代理和负载均衡器的 k8s Ingress 控制器。可在以下地址查看安装配置yaml文件

https://github.com/kubernetes/ingress-nginx/blob/main/deploy/static/provider/baremetal/deploy.yaml

或在以下地址获取文件内容，手动创建yaml文件
https://blog.csdn.net/NYTWTYN/article/details/119342249?spm=1001.2014.3001.5502

安装 ingress-nginx

将上述文件保存为 ingress-nginx.yaml，修改相关内容，应用文件，安装 ingress-nginx

[root@master ~]# kubectl apply -f ingress-nginx.yaml 
namespace/ingress-nginx unchanged
serviceaccount/ingress-nginx unchanged
configmap/ingress-nginx-controller configured
clusterrole.rbac.authorization.k8s.io/ingress-nginx unchanged
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged
role.rbac.authorization.k8s.io/ingress-nginx unchanged
rolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged
service/ingress-nginx-controller-admission unchanged
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
service/ingress-nginx-controller configured
deployment.apps/ingress-nginx-controller configured
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission unchanged
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
role.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
job.batch/ingress-nginx-admission-create unchanged
job.batch/ingress-nginx-admission-patch unchanged
[root@master ~]# 
[root@master ~]# kubectl get deploy -n ingress-nginx
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
ingress-nginx-controller   1/1     1            1           28m

注意：创建后的 ingress-nginx 的 pod , svc , deploy 都在 ingress-nginx 命令空间中

创建 ingress-nginx 规则文件

[root@master ~]# cat ingress-role1.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress2
spec:
  rules:
  - host: www.test01.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
         service: 
          name: nginx
          port: 
           number: 80

注意：不同的 apiVersion 写法，可能会导致下面的参数字段格式变化，导致应用规则失败，如以下的 extensions/v1beta1 中的 backend：
[root@master ~]# cat ingress-role2.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
spec:
  rules:
  - host: www.test01.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx
          servicePort: 80

应用 ingress-nginx 规则

[root@master ~]# kubectl apply -f ingress-role1.yaml 
ingress.networking.k8s.io/test-ingress-tomcat created

查看 ingress-nginx 相关信息

[root@master ~]# kubectl get pod,svc,deploy -n ingress-nginx 
NAME                                            READY   STATUS      RESTARTS   AGE
pod/ingress-nginx-admission-create-ttcgg        0/1     Completed   0          23h
pod/ingress-nginx-admission-patch-fc4q2         0/1     Completed   2          23h
pod/ingress-nginx-controller-6d56b75946-v96hj   1/1     Running     1          23h

NAME                                         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                     AGE
service/ingress-nginx-controller             NodePort    10.111.143.129   <none>        80:31280/TCP,443:30535/TCP,8443:31415/TCP   63m
service/ingress-nginx-controller-admission   ClusterIP   10.105.228.182   <none>        443/TCP                                     23h

NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   1/1     1            1           23h

[root@master ~]# kubectl get ing
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME                  CLASS    HOSTS                  ADDRESS           PORTS   AGE
test-ingress          <none>   www.testbywnginx.com   192.168.139.132   80      9h
test-ingress-tomcat   <none>   www.testbywnginx.com   192.168.139.132   80      12s
[root@master ~]# 
[root@master ~]# kubectl describe ing
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Name:             test-ingress
Namespace:        default
Address:          192.168.139.132
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                  Path  Backends
  ----                  ----  --------
  www.testbywnginx.com  
                        /   nginx:80 (10.244.2.15:80)
Annotations:            <none>
Events:
  Type    Reason  Age              From                      Message
  ----    ------  ----             ----                      -------
  Normal  CREATE  9h               nginx-ingress-controller  Ingress default/test-ingress
  Normal  UPDATE  9h (x2 over 9h)  nginx-ingress-controller  Ingress default/test-ingress
  Normal  CREATE  57m              nginx-ingress-controller  Ingress default/test-ingress


Name:             test-ingress-tomcat
Namespace:        default
Address:          192.168.139.132
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                  Path  Backends
  ----                  ----  --------
  www.testbywnginx.com  
                        /tomcat   tomcat:8080 (10.244.1.20:8080)
Annotations:            kubernetes.io/ingress.class: nginx
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  19s   nginx-ingress-controller  Ingress default/test-ingress-tomcat
  Normal  UPDATE  10s   nginx-ingress-controller  Ingress default/test-ingress-tomcat

删除规则

[root@master ~]# kubectl get ing
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME                  CLASS    HOSTS                  ADDRESS           PORTS   AGE
test-ingress          <none>   www.testbywnginx.com   192.168.139.132   80      10h
test-ingress-tomcat   <none>   www.testbywnginx.com   192.168.139.132   80      34m
[root@master ~]# 
[root@master ~]# kubectl delete ingress test-ingress test-ingress-tomcat
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions "test-ingress" deleted
ingress.extensions "test-ingress-tomcat" deleted
[root@master ~]# 
[root@master ~]# 
[root@master ~]# kubectl get ing
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
No resources found in default namespace.

一些问题

创建规则后即可以使用域名 + ingress-nginx-controller 的端口来访问服务。如http 服务 ingress-nginx-controller 的暴露端口为 31280 ，则通过 www.testbywnginx.com:31280 来访问 http 服务。
需要注意的是：部分教程里会有看到配置了 ingress-nginx 后就直接通过域名访问服务，不需要加端口，是因为做了端口映射。在不做端口映射的情况下，是通过域名 + 端口来访问，只是这个端口是固定了为 ingress-nginx-controller 的暴露端口。
ingress-nginx 本质上也是创建 pod，service，deployment 等容器，只是通过其对应的 nginx 做了域名映射及负载均衡，通过其暴露的服务，仍需要通过 ingress-nginx-controller 的端口进行访问。
在完成了 ingress-nginx 的安装后，后续如需暴露服务，可通过以下步骤