1、kubernetes ingress资源部署
#此处需要连接到国外资源 gitbub
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml
国内yaml地址:
https://gitee.com/mirrors/ingress-nginx/
#部署安装ingress
kubectl apply -f deploy.yaml
[root@node1 ingress]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-hcpbf 0/1 Completed 0 19h
ingress-nginx-admission-patch-4qbhg 0/1 Completed 0 19h
ingress-nginx-controller-79bfb7f657-sw75q 1/1 Running 1 (126m ago) 19h
[root@node1 ingress]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.110.103.18 <none> 80:30080/TCP,443:30443/TCP 19h
ingress-nginx-controller NodePort 10.106.94.63 <none> 80:32477/TCP,443:32386/TCP 19h
ingress-nginx-controller-admission ClusterIP 10.97.5.79 <none> 443/TCP 19h
2、部署tomcat (pod和service)
[root@node1 ingress]# cat tomcat.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: tomcat
name: tomcat
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: tomcat
spec:
containers:
- image: tomcat
name: tomcat
resources: {}
status: {}
kubectl apply -f tomcat.yaml
[root@node1 ingress]# cat tomcat-svc.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: tomcat
name: tomcat
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat
status:
loadBalancer: {}
kubectl apply -f tomcat-svc.yaml
[root@node1 ingress]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-b4ccb96c6-qxc52 1/1 Running 1 (140m ago) 21h
nginx-b4ccb96c6-zmrb8 1/1 Running 1 (140m ago) 21h
tomcat-c89f9dd5f-6qlr8 1/1 Running 1 (140m ago) 18h
tomcat-c89f9dd5f-f62zp 1/1 Running 1 (140m ago) 18h
[root@node1 ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 25h
nginx NodePort 10.99.101.137 <none> 80:30611/TCP 20h
tomcat ClusterIP 10.111.99.41 <none> 8080/TCP 18h
3、配置 ingress对外发布Service
[root@node1 ingress]# cat ingress-service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
protocol: TCP
- name: https
port: 443
targetPort: 443
nodePort: 30443
protocol: TCP
externalTrafficPolicy: Cluster
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
[root@node1 ingress]# kubectl apply -f ingress-service-nodeport.yaml
[root@node1 ingress]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.110.103.18 <none> 80:30080/TCP,443:30443/TCP 19h
4、配置tomcat对应 ingress资源
[root@node1 ingress]# cat ingress-tomcat.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.cuase.com #网站的域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat #网站对应的后台serice名字
port:
number: 8080 #网站对应的后台serice的端口
[root@node1 ingress]# kubectl apply -f ingress-tomcat.yaml
Warning: annotation "kubernetes.io/ingress.class" is deprecated, please use 'spec.ingressClassName' instead
ingress.networking.k8s.io/ingress-tomcat created
[root@node1 ingress]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-nginx-backend <none> nginx.cuase.com 192.168.58.131 80 19h
ingress-tomcat <none> tomcat.cuase.com 80 14s
访问:http://tomcat.cuase.com:30080/
5、自定义tls(openssl)证书和部署secret资源
[root@node1 ingress]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
.............+++
................+++
e is 65537 (0x10001)
[root@node1 ingress]# ls
deploy.yaml mandatory.yaml nginx-ingress-backend_nginx.yaml tomcat-svc.yaml
ingress-service-nodeport.yaml mandatory.yaml.bak nginx-tomcat.yaml tomcat.yaml
ingress-tomcat.yaml nginx.conf tls.key
[root@node1 ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=sichuan/L=chengdu/O=DevOps/CN=tomcat.cause.com
[root@node1 ingress]# ls
deploy.yaml mandatory.yaml nginx-ingress-backend_nginx.yaml tls.key
ingress-service-nodeport.yaml mandatory.yaml.bak nginx-tomcat.yaml tomcat-svc.yaml
ingress-tomcat.yaml nginx.conf tls.crt
[root@node1 ingress]# kubectl create secret tls tomcat-ingress-secert --cert=tls.crt --key=tls.key
secret/tomcat-ingress-secert created
[root@node1 ingress]# kubectl get secret
NAME TYPE DATA AGE
tomcat-ingress-secert kubernetes.io/tls 2 37s
[root@node1 ingress]# kubectl describe secret tomcat-ingress-secert
Name: tomcat-ingress-secert
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 1294 bytes
tls.key: 1675 bytes
6、配置tomcat对应ingress(https认证服务)资源
[root@node1 ingress]#cat ingress-tomcat-tls.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- tomcat.cuase.com
secretName: tomcat-ingress-secert
rules:
- host: tomcat.cuase.com #网站的域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat #网站对应的后台serice名字
port:
number: 8080 #网站对应的后台serice的端口
[root@node1 ingress]# kubectl apply -f ingress-tomcat-tls.yaml
Warning: annotation "kubernetes.io/ingress.class" is deprecated, please use 'spec.ingressClassName' instead
ingress.networking.k8s.io/ingress-tomcat-tls created
[root@node1 ingress]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-nginx-backend <none> nginx.cuase.com 192.168.58.131 80 19h
ingress-tomcat-tls <none> tomcat.cuase.com 80, 443 13s
[root@node1 ingress]# kubectl describe ingress ingress-tomcat-tls
Name: ingress-tomcat-tls
Labels: <none>
Namespace: default
Address: 192.168.58.131
Ingress Class: <none>
Default backend: <default>
TLS:
tomcat-ingress-secert terminates tomcat.cuase.com
Rules:
Host Path Backends
---- ---- --------
tomcat.cuase.com
/ tomcat:8080 (10.244.1.10:8080,10.244.2.6:8080)
Annotations: kubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 25s (x2 over 45s) nginx-ingress-controller Scheduled for sync