k8s–基础–29.2–ingress–安装Ingress Controller和配置Ingress
1、使用Ingress功能的步骤
1. 安装部署ingress controller Pod
2. 部署Ingress-controller的service,以实现接入集群外部流量
3. 测试代理 后端服务
1. 部署后端服务,并通过service进行暴露
1. 我这里的案例是 myapp
2. 部署ingress,进行定义规则,使Ingress-controller和后端服务的Pod组进行关联
2、安装Ingress Controller
- master1节点操作
- 脚本位置
2.1、创建名称空间
2.1.1、脚本
vi /root/ingress/namespace.yaml
内容
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
2.1.2、执行脚本
# 执行
kubectl apply -f /root/ingress/namespace.yaml
# 查看你
kubectl get namespace
2.2、创建配置文件 configmap.yaml
2.2.1、脚本
vi /root/ingress/configmap.yaml
内容
kind: ConfigMap
apiVersion: v1
metadata:
# ConfigMap的名称
name: nginx-configuration
# 名称空间是ingress-nginx
namespace: ingress-nginx
# ConfigMap的标签
labels:
app: ingress-nginx
2.2.2、执行脚本
# 执行
kubectl apply -f /root/ingress/configmap.yaml
# 查看
kubectl get ConfigMap -n ingress-nginx
2.3、创建配置文件 tcp-services-configmap.yaml
2.3.1、脚本
vi /root/ingress/tcp-services-configmap.yaml
内容
kind: ConfigMap
apiVersion: v1
metadata:
# ConfigMap的名称
name: tcp-services
# 名称空间是ingress-nginx
namespace: ingress-nginx
2.3.2、执行脚本
# 执行
kubectl apply -f /root/ingress/tcp-services-configmap.yaml
# 查看
kubectl get ConfigMap -n ingress-nginx
2.4、创建配置文件 udp-services-configmap.yaml
2.4.1、脚本
vi /root/ingress/udp-services-configmap.yaml
内容
kind: ConfigMap
apiVersion: v1
metadata:
# ConfigMap的名称
name: udp-services
# 名称空间是ingress-nginx
namespace: ingress-nginx
2.4.2、执行脚本
# 执行
kubectl apply -f /root/ingress/udp-services-configmap.yaml
# 查看
kubectl get ConfigMap -n ingress-nginx
2.5、rbac授权
2.5.1、脚本
vi /root/ingress/rbac.yaml
内容
---
# 创建sa账号
apiVersion: v1
kind: ServiceAccount
metadata:
# sa账号:nginx-ingress-serviceaccount
name: nginx-ingress-serviceaccount
# 名称空间:ingress-nginx
namespace: ingress-nginx
---
# rbac 授权
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
# 定义集群角色名称为:nginx-ingress-clusterrole
name: nginx-ingress-clusterrole
# 定义集群权限
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
# 定义角色名称为nginx-ingress-role
name: nginx-ingress-role
# 定义名称空间
namespace: ingress-nginx
# 定义角色权限
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
# 角色绑定
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
# 角色绑定名称:nginx-ingress-role-nisa-binding
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
# 集群角色绑定
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
# 集群角色绑定名称:nginx-ingress-clusterrole-nisa-binding
name: nginx-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
2.5.2、执行脚本
# 执行
kubectl apply -f /root/ingress/rbac.yaml
# 查看账号
kubectl get sa -n ingress-nginx
# 查看集群角色
kubectl get ClusterRole -n ingress-nginx | grep nginx
# 查看角色
kubectl get Role -n ingress-nginx | grep nginx
# 查看绑定角色
kubectl get RoleBinding -n ingress-nginx | grep nginx
# 查看集群绑定角色
kubectl get ClusterRoleBinding -n ingress-nginx | grep nginx
2.6、创建默认的后端服务
2.6.1、脚本
vi /root/ingress/default-backend.yaml
内容
---
apiVersion: v1
kind: Service
metadata:
# 创建一个名称为default-http-backend的Service
name: default-http-backend
# 名称空间
namespace: ingress-nginx
# Service的标签
labels:
app: default-http-backend
spec:
# 定义端口
ports:
# Service端口
- port: 80
# 目标pod端口
targetPort: 8080
# 对应pod的标签
selector:
app: default-http-backend
---
apiVersion: apps/v1
kind: Deployment
metadata:
# 定义Deployment的名称
name: default-http-backend
# 定义Deployment的标签
labels:
app: default-http-backend
# 定义名称空间
namespace: ingress-nginx
spec:
# 副本数量
replicas: 1
# 通过标签选择对应的template
selector:
matchLabels:
app: default-http-backend
template:
metadata:
labels:
app: default-http-backend
spec:
# 60秒后才终止服务
terminationGracePeriodSeconds: 60
# 定义容器
containers:
- name: default-http-backend
# Any image is permissible as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
# 镜像地址
image: whychoice/defaultbackend:1.4
# 镜像拉取策略,本地有则使用本地镜像,不拉取
imagePullPolicy: IfNotPresent
# 端口
ports:
- containerPort: 8080
# 资源设置
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
# 容器存活探针,判断容器是否存活
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
# 容器启动30秒后才开始探测
initialDelaySeconds: 30
# 探测5秒后,就认为探测超时
timeoutSeconds: 5
2.6.2、执行脚本
# 执行
kubectl apply -f /root/ingress/default-backend.yaml
# 查看
kubectl get svc -n ingress-nginx
kubectl get Deployment -n ingress-nginx
kubectl get pods -n ingress-nginx
2.7、部署 ingress-controller
这里本质还是启动一个nginx的pod
2.7.1、脚本
vi /root/ingress/with-rbac.yaml
内容
apiVersion: apps/v1
kind: Deployment
metadata:
# 定义Deployment的名称
name: nginx-ingress-controller
# 名称空间
namespace: ingress-nginx
spec:
# 定义副本数量
replicas: 1
# 定义使用哪个标签的模板
selector:
matchLabels:
app: ingress-nginx
# 定义模板
template:
metadata:
# 定义模板的标签
labels:
app: ingress-nginx
# 给prometheus使用的配置
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
spec:
# 使用的账号
serviceAccountName: nginx-ingress-serviceaccount
# 定义容器
containers:
# 容器的名称
- name: nginx-ingress-controller
# 镜像,该镜像本质是nginx
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
# 启动镜像的参数,这里有引用前面配置的configmap
args:
- /nginx-ingress-controller
# 定义默认的后端服务
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
# 定义环境变量
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# 定义http和https的短句
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
# 容器存活探针,判断容器是否存活
livenessProbe:
# 表示探测失败次数,探测3次失败,才认为是真失败了
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
# 容器启动10秒后才开始探测.
initialDelaySeconds: 10
# 10s探测一次.
periodSeconds: 10
# 探测1次成功,才认为是真成功了;
successThreshold: 1
# 探测1秒后,就认为探测超时
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
2.7.2、执行脚本
# 执行
kubectl apply -f /root/ingress/with-rbac.yaml
# 查看
kubectl get Deployment -n ingress-nginx
kubectl get pods -n ingress-nginx
2.7.3、进入容器,查看nginx配置
这里就是验证 ingress-controller 本质 是一个nginx
kubectl -n ingress-nginx exec -it nginx-ingress-controller-7c7d57b55d-4b9lw -- /bin/bash
3、部署 ingress-controller service
通过ingress-controller对外提供服务,现在还需要手动给ingress-controller建立一个service,接收集群外部流量。
3.1、脚本
vi /root/ingress/service-nodeport.yaml
内容
apiVersion: v1
kind: Service
metadata:
# Service名称
name: ingress-nginx
# 名称空间
namespace: ingress-nginx
# Service 的标签
labels:
app: ingress-nginx
spec:
# NodePort类型,提供对外访问能力
type: NodePort
# 定义端口
ports:
- name: http
# service端口
port: 80
# 目标端口
targetPort: 80
# 协议
protocol: TCP
# 节点端口
nodePort: 30080
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
# 定义pod的标签,也就是 2.7、部署的ingress-controller
selector:
app: ingress-nginx
3.2、执行
kubectl apply -f /root/ingress/service-nodeport.yaml
# 查看
kubectl get svc -n ingress-nginx
3.3、浏览器访问ingress-controller的service
http://192.168.187.154:30080/
这里调度器是正常工作的,因为虽然我们没有配置后端服务,所以这里显示的是默认的后端服务
4、测试代理–后端服务
这里才是真正的 服务路由转发配置
4.1、部署后端服务
4.1.1、脚本
vi /root/ingress/myapp/deploy-demo.yaml
内容
apiVersion: v1
kind: Service
metadata:
# 定义Service名称
name: myapp
# 名称空间
namespace: default
spec:
# 定义pod的标签
selector:
app: myapp
release: canary
# 定义Service端口
ports:
- name: http-port
# 定义目标端口
targetPort: 80
port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
# 定义Service名称
name: myapp-backend-pod
# 名称空间
namespace: default
spec:
# 副本数量3
replicas: 3
# 定义选择哪个template
selector:
matchLabels:
app: myapp
release: canary
# 定义模板标签
template:
metadata:
labels:
app: myapp
release: canary
# 定义容器
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
# 镜像拉取策略,本地有则使用本地镜像,不拉取
imagePullPolicy: IfNotPresent
ports:
- name: http-port
containerPort: 80
4.1.2、执行
kubectl apply -f /root/ingress/myapp/deploy-demo.yaml
# 查看
kubectl get svc
kubectl get pods
4.2、部署ingress
4.2.1、脚本
vi /root/ingress/myapp/ingress-myapp.yaml
内容
# api版本
apiVersion: extensions/v1beta1
# 清单类型
kind: Ingress
# 元数据
metadata:
# ingress的名称
name: ingress-myapp
# 所属名称空间
namespace: default
# 注解信息,这里配置的是nginx类型的ingress
annotations:
kubernetes.io/ingress.class: "nginx"
# 规格
spec:
# 定义后端转发的规则
rules:
# 通过域名进行转发
- host: myapp.zhoufei.com
http:
paths:
# 配置访问路径,如果通过url进行转发,需要修改;空默认为访问的路径为"/"
- path:
# 配置后端服务
backend:
# 请求myapp.zhoufei.com,路由转发到myapp的servicce
serviceName: myapp
servicePort: 80
4.2.2、执行
kubectl apply -f /root/ingress/myapp/ingress-myapp.yaml
# 查看
kubectl describe ingress ingress-myapp
4.2.3、修改本地host文件
下面的ip是k8s的master节点ip
192.168.187.154 myapp.zhoufei.com
4.2.4、浏览器访问
http://myapp.zhoufei.com:30080/
4.2.5、查看nginx配置
kubectl -n ingress-nginx exec -it nginx-ingress-controller-7c7d57b55d-4b9lw -- /bin/bash
从上面可以看出 我们已经把 ingress-myapp.yaml文件里面的配置,同步到 ingress-controller中,也就是nginx的配置文件中。
1916
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
