ingress-nginx和nginx实现k8s集群内跳转外部域名访问

0 资源准备

 **k8s-master1**
 - 47.96.252.251   公
 - 172.30.125.104 私


 **k8s-node2**
 - 120.55.15.211 公
 - 172.30.125.103 私

**k8s-node1**

 - 121.43.55.128  公
 - 172.30.125.105 私

**虚拟域名**

 - zhiboqingyun.com

1 制作镜像

cat Dockerfile

From nginx
RUN rm -v /etc/nginx/nginx.conf
 
ADD nginx.conf /etc/nginx/
 
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 
 
EXPOSE 80
 
ENTRYPOINT /etc/init.d/nginx start && /usr/sbin/sshd -D

• 在nginx.conf，请写入待要跳转到外部的 URL，比如：https://www.baidu.com

cat nginx.conf

#user  nobody;
#worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            proxy_pass https://www.baidu.com;
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

• 制作镜像，并推送 harbor 仓库，仓库 URL： myharbor2.com

docker build -t demo11 .

# docker run --name demo11 -p 8081:80 -d demo11
docker tag demo11:latest myharbor2.com/library/demo11:latest
docker push myharbor2.com/library/demo11:latest

2 部署 ingress 服务

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec: 
      containers:
      - image: myharbor2.com/library/demo11:latest
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-pod-service
  labels:
    app: nginx                  #自身标签
spec:
  type: NodePort                # 类型ExternalName, ClusterIP, NodePort, and LoadBalancer
  ports:
  - port: 8080                 # service在k8s集群内服务端口
    targetPort: 80             # 关联pod对外开放端口
  selector:
    app: nginx                 # pod标签
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  labels:
    app.kubernetes.io/version: v1
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: zhiboqingyun.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-pod-service     # 上面nginx Service配置的name
          servicePort: 8080                  #  Service配置的port

3 配置域名解析

ingress-nginx, 是以kind: DaemonSet，hostNetWork: true, 通过 nodeSelector: kubernetes.io/hostname: k8s-master1 固定在k8s-master1节点，因此，用该pod对应k8s-master1节点私网 IP配置域名解析即可

#获取域名解析私网IP地址
kubectl get po -n ingress-nginx -o wide
#获取 Ingress
kubectl get ingress -n default

• 配置域名解析

echo "172.30.125.104 zhiboqingyun.com" >> /etc/hosts

4 验证黑屏

• 获取部署的 nginx 服务

kubectl get svc -n default -o wide

• 测试 nginx 服务是否内部通信正常

kubectl get ingress -n default
curl zhiboqingyun.com:80
kubectl get po -n default
curl 10.244.2.105

5 白屏验证

• WINDOWS 本地配置 /etc/hosts 文件
• C:\WINDOWS\System32\drivers\etc\hosts
• 47.96.252.251 zhiboqingyun.com

**注意：**47.96.252.251为 ingress-controller的pod所在节点私网 IP对应的公网 IP地址，用于注册ingress的所有信息到内部nginx.conf中，将服务分发

访问时，一定要开放安全组对应端口