k8s-Ingress

k8s-Ingress

https://kubernetes.github.io/ingress-nginx/deploy/ 官网部署指南

介绍：管理对集群中的服务(通常是HTTP)的外部访问的API对象。Ingress可以提供负载平衡、SSL终端和基于名称的虚拟主机。

1 第一种情况，访问域名需要加端口

一 部署安装

 

## 必须执行
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
## 下面这个是nodeip类型的（）
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml

在安装ingress之前，需要先编辑mandatory.yaml文件，把里面的kind类型更改为demoset,然后在吧replicas注释掉，如图：以保证每个node节点运行ingress

然后查看是ingress否启动成功

kubectl get pod -n ingress-nginx

然后在查看svc

二创建deployment和svc,ingress

2.1 创建deployment(pod)和svc

kubectl apply -f deployment.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-dm
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: huningfei/nginx:v1
          imagePullPolicy: IfNotPresent #如果本地有，就不拉取
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx

2.2创建ingress

kubectl apply -f ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
    - host: www.hu.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc #这里的名字要和svc名字一致
            servicePort: 80 #端口也要和上面一致

2.3 查看ingress

kubectl get svc -n ingress-nginx #查看对外暴露的端口

 

先编辑host文件

浏览器访问：不停的刷新会发现会在两个pod直接交替访问

2 第二种情况，直接用域名访问

一 下载 mandatory.yaml文件

https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml

 

二 编辑mandatory文件

1 镜像地址修改：image: lizhenliang/nginx-ingress-controller:0.20.0 

2 使用宿主机网络 hostNetwork: true #212行下面 这个参数是保证用域名访问的前提

3 副本，可改可不改，默认是1 replicas: 1 #194行

4 更改 类型 kind: DaemonSet #191行，保证每个node节点运行ingress

 

然后 kubectl apply -f mandatory.yaml，查看ingress

 

三创建deployment和svc,ingress

3.1 创建deployment和svc

[root@k8s-master01 ingress]# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.15.4
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: nginx-service 
  labels:
    app: nginx
spec:
  type: NodePort #可以不加
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx

--- #也可以用无头服务
apiVersion: v1
kind: Service
metadata:
  name: nginx-service 
  labels:
    app: nginx
spec:
  selector:
    app: nginx
  clusterIP: "None"
  ports:
  - port: 80
    targetPort: 80

3.2 创建ingress

 

[root@k8s-master01 ingress]# cat ingress-nginx.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-example
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-service
          servicePort: 80

3.3 查看ingress

浏览器访问：

3 ingress-https

一 创建证书，以及 cert 存储方式

 

# 生成证书
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
# 创建密钥
kubectl create secret tls tls-secret --key tls.key --cert tls.crt

查看 secret

二 创建ingress-https

其中的pod和svc使用的是上面第1种情况中的

 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  tls:
    - hosts:
      - foo.bar.com
      secretName: tls-secret #跟上面的secret名字一致
  rules:
    - host: foo.bar.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

三 浏览器访问

4 Nginx 进行 BasicAuth(认证访问)

一 安装 http

 

yum -y install httpd
htpasswd -c auth foo #设置密码
kubectl create secret generic basic-auth --from-file=auth

查看证书

二 创建auth-ingress

 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: foo2.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

 

三 浏览器访问

输入用户名和密码访问

foo 密码 123456

5 nginx重写功能

演示：

 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: http://www1.atguigu.com
spec:
  rules:
  - host: foo3.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

浏览器访问效果，访问foo3.bar.com会跳转到http://www1.atguigu.com/