kubernetes — 安装Ingress

1、 Ingress

 1、安装-Nginx-Ingress

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml

 2、设为默认的Ingress

[root@k8s01 ~]# vim default_ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  labels:
    app.kubernetes.io/component: controller
  name: nginx
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
spec:
  controller: k8s.io/ingress-nginx

[root@k8s01 ~]# k apply -f default_ingress.yaml

 3、创建deployment（命令方式）

k create deployment webserver1 --image=httpd

4、创建service并暴露端口

k expose deployment webserver1 --port=8080 --target-port=80

5、发布单个服务

[root@k8s01 ~]# vim ingress1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
spec:
  defaultBackend:
    service:
      name: webserver1
      port:
        number: 8080

[root@k8s01 ~]# k apply -f ingress1.yaml

2、基于名称的虚拟托管

1、Ingress 资源在 rules 中定义的 hosts

机支持将针对多个主机名的 HTTP 流量路由到同一 IP 地址上

1.创建第二个deployment

[root@k8s01 ~]# k create deployment webserver2 --image=httpd

2.创建第二个service并暴露端口

因为是不同的ClusterIP，所以端口可以为同一个

[root@k8s01 ~]# k expose deployment webserver3 --port=8082 --target-port=80

3.创建基于路径的虚拟托管的ingress

[root@k8s01 ~]# k get svc
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)     AGE
webserver1    ClusterIP   10.104.70.168    <none>        8080/TCP    21m
webserver2    ClusterIP   10.110.102.43    <none>        8081/TCP    4s

[root@k8s01 ~]# vim ingress_name.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: name-virtual-host-ingress
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webserver1
            port:
              number: 8080
  - host: bar.foo.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webserver2
            port:
              number: 8081

[root@k8s01 ~]# k apply -f ingress_name.yaml
ingress.networking.k8s.io/name-virtual-host-ingress created

        当定义了Ingress规则，并将其与特定的主机名关联时（例如，host: www.cce-test.com），请求将只会被路由到与该主机名匹配的后端服务。这意味着只有通过www.cce-test.com主机名发送的请求才会被路由，而不会使用节点的IP地址 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
 rules:
   - host: www.cce-test.com
     http:
       paths:
         - backend:
             service:
               name: nginx-proxy
               port:
                 number: 8081
           path: /
           pathType: Prefix
   - http:
       paths:
         - backend:
             service:
               name: nginx-proxy
               port:
                 number: 8081
           path: /
           pathType: Prefix
这个示例，可以同时支持域名和NodeIP方式访问

 4.修改hosts文件

[root@k8s01 ~]# echo "192.168.248.21 foo.bar.com bar.foo.com" >> /etc/hosts

5.测试

[root@k8s01 ~]# curl bar.foo.com
web2
[root@k8s01 ~]# curl foo.bar.com
web1

2、Ingress 资源没有在 rules 中定义的任何 hosts时

1.创建第三个deployment

[root@k8s01 ~]# k create deployment webserver3 --image=httpd

2.创建第三个service并暴露端口

[root@k8s01 ~]# k expose deployment webserver2 --port=8081 --target-port=80

3.创建基于路径的虚拟托管的ingress，并且增加没有在rule中定义的hosts

[root@k8s01 ~]# vim ingress_name_norule.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: name-virtual-host-ingress-no-third-host
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webserver1
            port:
              number: 8081
  - host: bar.foo.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webserver2
            port:
              number: 8082
  - http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webserver3
            port:
              number: 8083

4.

        如果在Ingress中没有指定默认后端（如 webserver3），那么未匹配到任何主机名的请求仍然会被允许通过。这是Ingress的默认规则。

        在Ingress配置中，只有foo.bar.com和 bar.foo.com 的请求会被路由到相应的后端服务（webserver1 和 webserver2）。对于其他主机名或没有指定主机名的请求，它们会被Ingress Controller视为未匹配到任何规则的请求，因此会被放行。这就是为什么即使不加 webserver3，未匹配到任何主机名的请求也会被允许通过的原因

3、基于路径的虚拟托管

1.编写Ingress的yaml

[root@k8s01 ~]# vim ingress_name_ip.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-ip-path
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - pathType: Prefix
        path: "/web1"
        backend:
          service:
            name: webserver1
            port:
              number: 8080
      - pathType: Prefix
        path: "/web2"
        backend:
          service:
            name: webserver2
            port:
              number: 8081

[root@k8s01 ~]# k apply -f ingress_name_ip.yaml

Ingress 经常使用注解（annotations）来配置一些选项，具体取决于 Ingress 控制器，例如重写目标注解

  annotations:
    kubernetes.io/ingress.class: "nginx" 

• kubernetes.io/ingress.class：这是一个内置的Kubernetes注解，用于标识Ingress资源所使用的Ingress控制器的类别或名称。

• "nginx"：这个值表示该Ingress资源应该由名称为 "nginx" 的Ingress控制器处理

Name	Description	Values
nginx.ingress.kubernetes.io/rewrite-target	Target URI where the traffic must be redirected	string
nginx.ingress.kubernetes.io/ssl-redirect	Indicates if the location section is only accessible via SSL (defaults to True when Ingress contains a Certificate)	bool
nginx.ingress.kubernetes.io/force-ssl-redirect	Forces the redirection to HTTPS even if the Ingress is not TLS Enabled	bool
nginx.ingress.kubernetes.io/app-root	Defines the Application Root that the Controller must redirect if it's in / context	string
nginx.ingress.kubernetes.io/use-regex	Indicates if the paths defined on an Ingress use regular expressions	bool

2.测试

[root@k8s01 ~]# curl 192.168.248.21/web1
web1
[root@k8s01 ~]# curl 192.168.248.21/web2
web2