本安装暴露方式为hostnetwork,即暴露pod所在node的相应端口
kubectl apply -f mandatory.yaml
1 apiVersion: v1 2 kind: Namespace 3 metadata: 4 name: ingress-nginx 5 labels: 6 app.kubernetes.io/name: ingress-nginx 7 app.kubernetes.io/part-of: ingress-nginx 8 9 --- 10 11 kind: ConfigMap 12 apiVersion: v1 13 metadata: 14 name: nginx-configuration 15 namespace: ingress-nginx 16 labels: 17 app.kubernetes.io/name: ingress-nginx 18 app.kubernetes.io/part-of: ingress-nginx 19 20 --- 21 kind: ConfigMap 22 apiVersion: v1 23 metadata: 24 name: tcp-services 25 namespace: ingress-nginx 26 labels: 27 app.kubernetes.io/name: ingress-nginx 28 app.kubernetes.io/part-of: ingress-nginx 29 30 --- 31 kind: ConfigMap 32 apiVersion: v1 33 metadata: 34 name: udp-services 35 namespace: ingress-nginx 36 labels: 37 app.kubernetes.io/name: ingress-nginx 38 app.kubernetes.io/part-of: ingress-nginx 39 40 --- 41 apiVersion: v1 42 kind: ServiceAccount 43 metadata: 44 name: nginx-ingress-serviceaccount 45 namespace: ingress-nginx 46 labels: 47 app.kubernetes.io/name: ingress-nginx 48 app.kubernetes.io/part-of: ingress-nginx 49 50 --- 51 apiVersion: rbac.authorization.k8s.io/v1beta1 52 kind: ClusterRole 53 metadata: 54 name: nginx-ingress-clusterrole 55 labels: 56 app.kubernetes.io/name: ingress-nginx 57 app.kubernetes.io/part-of: ingress-nginx 58 rules: 59 - apiGroups: 60 - "" 61 resources: 62 - configmaps 63 - endpoints 64 - nodes 65 - pods 66 - secrets 67 verbs: 68 - list 69 - watch 70 - apiGroups: 71 - "" 72 resources: 73 - nodes 74 verbs: 75 - get 76 - apiGroups: 77 - "" 78 resources: 79 - services 80 verbs: 81 - get 82 - list 83 - watch 84 - apiGroups: 85 - "" 86 resources: 87 - events 88 verbs: 89 - create 90 - patch 91 - apiGroups: 92 - "extensions" 93 - "networking.k8s.io" 94 resources: 95 - ingresses 96 verbs: 97 - get 98 - list 99 - watch 100 - apiGroups: 101 - "extensions" 102 - "networking.k8s.io" 103 resources: 104 - ingresses/status 105 verbs: 106 - update 107 108 --- 109 apiVersion: rbac.authorization.k8s.io/v1beta1 110 kind: Role 111 metadata: 112 name: nginx-ingress-role 113 namespace: ingress-nginx 114 labels: 115 app.kubernetes.io/name: ingress-nginx 116 app.kubernetes.io/part-of: ingress-nginx 117 rules: 118 - apiGroups: 119 - "" 120 resources: 121 - configmaps 122 - pods 123 - secrets 124 - namespaces 125 verbs: 126 - get 127 - apiGroups: 128 - "" 129 resources: 130 - configmaps 131 resourceNames: 132 # Defaults to "<election-id>-<ingress-class>" 133 # Here: "<ingress-controller-leader>-<nginx>" 134 # This has to be adapted if you change either parameter 135 # when launching the nginx-ingress-controller. 136 - "ingress-controller-leader-nginx" 137 verbs: 138 - get 139 - update 140 - apiGroups: 141 - "" 142 resources: 143 - configmaps 144 verbs: 145 - create 146 - apiGroups: 147 - "" 148 resources: 149 - endpoints 150 verbs: 151 - get 152 153 --- 154 apiVersion: rbac.authorization.k8s.io/v1beta1 155 kind: RoleBinding 156 metadata: 157 name: nginx-ingress-role-nisa-binding 158 namespace: ingress-nginx 159 labels: 160 app.kubernetes.io/name: ingress-nginx 161 app.kubernetes.io/part-of: ingress-nginx 162 roleRef: 163 apiGroup: rbac.authorization.k8s.io 164 kind: Role 165 name: nginx-ingress-role 166 subjects: 167 - kind: ServiceAccount 168 name: nginx-ingress-serviceaccount 169 namespace: ingress-nginx 170 171 --- 172 apiVersion: rbac.authorization.k8s.io/v1beta1 173 kind: ClusterRoleBinding 174 metadata: 175 name: nginx-ingress-clusterrole-nisa-binding 176 labels: 177 app.kubernetes.io/name: ingress-nginx 178 app.kubernetes.io/part-of: ingress-nginx 179 roleRef: 180 apiGroup: rbac.authorization.k8s.io 181 kind: ClusterRole 182 name: nginx-ingress-clusterrole 183 subjects: 184 - kind: ServiceAccount 185 name: nginx-ingress-serviceaccount 186 namespace: ingress-nginx 187 188 --- 189 190 apiVersion: apps/v1 191 kind: Deployment 192 metadata: 193 name: nginx-ingress-controller 194 namespace: ingress-nginx 195 labels: 196 app.kubernetes.io/name: ingress-nginx 197 app.kubernetes.io/part-of: ingress-nginx 198 spec: 199 replicas: 1 200 selector: 201 matchLabels: 202 app.kubernetes.io/name: ingress-nginx 203 app.kubernetes.io/part-of: ingress-nginx 204 template: 205 metadata: 206 labels: 207 app.kubernetes.io/name: ingress-nginx 208 app.kubernetes.io/part-of: ingress-nginx 209 annotations: 210 prometheus.io/port: "10254" 211 prometheus.io/scrape: "true" 212 spec: 213 serviceAccountName: nginx-ingress-serviceaccount 214 hostNetwork: true 215 nodeSelector: 216 nginx: host 217 containers: 218 - name: nginx-ingress-controller 219 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1 220 args: 221 - /nginx-ingress-controller 222 - --configmap=$(POD_NAMESPACE)/nginx-configuration 223 - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services 224 - --udp-services-configmap=$(POD_NAMESPACE)/udp-services 225 - --publish-service=$(POD_NAMESPACE)/ingress-nginx 226 - --annotations-prefix=nginx.ingress.kubernetes.io 227 securityContext: 228 allowPrivilegeEscalation: true 229 capabilities: 230 drop: 231 - ALL 232 add: 233 - NET_BIND_SERVICE 234 # www-data -> 33 235 runAsUser: 33 236 env: 237 - name: POD_NAME 238 valueFrom: 239 fieldRef: 240 fieldPath: metadata.name 241 - name: POD_NAMESPACE 242 valueFrom: 243 fieldRef: 244 fieldPath: metadata.namespace 245 ports: 246 - name: http 247 containerPort: 80 248 - name: https 249 containerPort: 443 250 livenessProbe: 251 failureThreshold: 3 252 httpGet: 253 path: /healthz 254 port: 10254 255 scheme: HTTP 256 initialDelaySeconds: 10 257 periodSeconds: 10 258 successThreshold: 1 259 timeoutSeconds: 10 260 readinessProbe: 261 failureThreshold: 3 262 httpGet: 263 path: /healthz 264 port: 10254 265 scheme: HTTP 266 periodSeconds: 10 267 successThreshold: 1 268 timeoutSeconds: 10 269 270 ---
kubectl apply -f service-nodeport.yaml
1 apiVersion: v1 2 kind: Service 3 metadata: 4 name: ingress-nginx 5 namespace: ingress-nginx 6 labels: 7 app.kubernetes.io/name: ingress-nginx 8 app.kubernetes.io/part-of: ingress-nginx 9 spec: 10 type: NodePort 11 ports: 12 - name: http 13 port: 80 14 targetPort: 80 15 protocol: TCP 16 - name: https 17 port: 443 18 targetPort: 443 19 protocol: TCP 20 selector: 21 app.kubernetes.io/name: ingress-nginx 22 app.kubernetes.io/part-of: ingress-nginx 23 24 ---
- 可以根据个人情况使用 nodeSelector 和 replicas 绑定到一台或多台node
- 注意214行~216行,与官方文件略有变化
- 此例暴露node的80和443端口
参考
官方文档:https://kubernetes.github.io/ingress-nginx/deploy/baremetal/