下载所需:https://github.com/kubernetes/ingress-nginx/tree/nginx-0.17.1
创建一个目录
mkdir -p /data [root@master ~]# tar xf ingress-nginx-nginx-0.17.1.tar.gz -C /data/ [root@master deploy]# cd /data/ingress-nginx-nginx-0.17.1/deploy
修改mandatory.yaml与with-rbac.yaml
apiVersion: apps/v1 #把 extensions/v1beta1修改成apps/v1;两个文件一样操作 kind: Deployment
创建名称空间资源
[root@master deploy]# kubectl apply -f namespace.yaml namespace/ingress-nginx created
把剩下的yaml文件全部创建出来
[root@master deploy]# kubectl apply -f ./ configmap/nginx-configuration created service/default-http-backend created namespace/ingress-nginx unchanged deployment.apps/default-http-backend created service/default-http-backend unchanged configmap/nginx-configuration unchanged configmap/tcp-services created configmap/udp-services created serviceaccount/nginx-ingress-serviceaccount created clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created role.rbac.authorization.k8s.io/nginx-ingress-role created rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created namespace/ingress-nginx unchanged serviceaccount/nginx-ingress-serviceaccount unchanged clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole unchanged role.rbac.authorization.k8s.io/nginx-ingress-role unchanged rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding unchanged clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding unchanged configmap/tcp-services unchanged configmap/udp-services unchanged deployment.apps/nginx-ingress-controller created unable to recognize "default-backend.yaml": no matches for kind "Deployment" in version "extensions/v1beta1" unable to recognize "mandatory.yaml": no matches for kind "Deployment" in version "extensions/v1beta1"
查看创建的pod
[root@master deploy]# kubectl get -n ingress-nginx pods NAME READY STATUS RESTARTS AGE default-http-backend-75b5c88cd6-5z8kg 1/1 Running 0 7m22s nginx-ingress-controller-7c457c5b84-zbr9n 1/1 Running 0 7m21s
创建后端应用pod
[root@master data]# vim depl-server-web.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp-cx
cx: cx
ports:
- name: http
targetPort: 80
port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-dp
namespace: default
spec:
replicas: 2
revisionHistoryLimit: 5
selector:
matchLabels:
app: myapp-cx
cx: cx
strategy:
rollingUpdate:
maxSurge: 3
type: RollingUpdate
template:
metadata:
labels:
app: myapp-cx
cx: cx
name: myapp-dp
namespace: default
spec:
containers:
- name: myapp-f
image: ikubernetes/myapp:v2
ports:
- name: httpd
containerPort: 80
livenessProbe:
tcpSocket:
port: 80
启动创建
[root@master data]# kubectl apply -f depl-server-web.yaml service/myapp created deployment.apps/myapp-dp created [root@master data]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 114d myapp ClusterIP 10.96.177.23 <none> 80/TCP 13s mysql ClusterIP 10.96.177.112 <none> 3306/TCP 93d [root@master data]# kubectl get pods NAME READY STATUS RESTARTS AGE myapp-dp-75889b7b8c-kcddh 1/1 Running 0 50s myapp-dp-75889b7b8c-p9cfk 1/1 Running 0 50s
编写ingress-nginx与podserver建立的配置文件
[root@master baremetal]# cd /data/ingress-nginx-nginx-0.17.1/deploy/provider/baremetal/
[root@master baremetal]# vim service-nodeport.yaml 修改这个文件
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080 添加节点监听的端口
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443 添加节点监听的端口
selector:
app: ingress-nginx
[root@master baremetal]# kubectl apply -f service-nodeport.yaml
service/ingress-nginx created
[root@master baremetal]# kubectl get -n ingress-nginx svc 查看创建的svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend ClusterIP 10.96.24.100 <none> 80/TCP 51m
ingress-nginx NodePort 10.96.234.141 <none> 80:30080/TCP,443:30443/TCP 45s
浏览器访问NodeIP加端口号测试
[root@master baremetal]# curl http://192.168.10.21:30080/ default backend - 404 [root@master baremetal]# curl http://192.168.10.21:30443/ <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx/1.13.12</center> </body> </html>
创建于后端建立关系的ingress的资源
[root@master baremetal]# cat ingress-nginx.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.chenxi.com 监听的主机名server_name
http:
paths:
- path: 不写表示跟路径
backend:
serviceName: myapp 引用到那个service上
servicePort: 80 servervice 监听的端口
创建并测试
[root@master baremetal]# kubectl apply -f ingress-nginx.yaml
ingress.extensions/ingress created
[root@master baremetal]# kubectl describe ingress 查看相关资源
Name: ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
www.chenxi.com
myapp:80 (10.244.1.56:80,10.244.2.46:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/i
ngress.class":"nginx"},"name":"ingress","namespace":"default"},"spec":{"rules":[{"host":"www.chenxi.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":null}]}}]}}
kubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 11m nginx-ingress-controller Ingress default/ingress
[root@master baremetal]# vim /etc/hosts 主机名解析
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.20 master
192.168.10.21 node01 www.chenxi.com
192.168.10.22 node02
[root@master baremetal]# curl http://www.chenxi.com:30080
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
进入pod内部
[root@master ~]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-7c457c5b84-zbr9n -- /bin/sh $ ls
创建HTTPS会话卸载代理至tomcat创建tomcat pod以及server
[root@master data]# cat depl-tomcat.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
cx: tomcat-cx
ports:
- name: http
targetPort: 8080
port: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat
namespace: default
spec:
replicas: 3
revisionHistoryLimit: 5
selector:
matchLabels:
app: tomcat
cx: tomcat-cx
strategy:
rollingUpdate:
maxSurge: 3
type: RollingUpdate
template:
metadata:
labels:
app: tomcat
cx: tomcat-cx
name: tomcat
namespace: default
spec:
containers:
- name: myapp-f
image: tomcat
ports:
- name: httpd
containerPort: 8080
livenessProbe:
tcpSocket:
port: 8080
创建
[root@master baremetal]# kubectl apply -f ingress-tomcat.yaml
编写ingress资源;service-nodeport.yaml文件里如果不写默认是映射80端口的那个端口
[root@master baremetal]# cat ingress-tomcat.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.cx.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
启动
[root@master baremetal]# kubectl apply -f ingress-tomcat.yaml
ingress.extensions/ingress configured
[root@master baremetal]# kubectl describe ingress ingress-tomcat
Name: ingress-tomcat
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
www.cx.com
tomcat:8080 (10.244.1.57:8080,10.244.2.47:8080,10.244.2.48:8080)
Annotations:
kubernetes.io/ingress.class: nginx
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/i
ngress.class":"nginx"},"name":"ingress-tomcat","namespace":"default"},"spec":{"rules":[{"host":"www.cx.com","http":{"paths":[{"backend":{"serviceName":"tomcat","servicePort":8080},"path":null}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 23s nginx-ingress-controller Ingress default/ingress-tomcat
测试
[root@master baremetal]# curl http://www.cx.com:30080
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h
1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Not found</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.54</h3></body></html>
实现https创建证书文件
[root@master baremetal]# openssl genrsa -out tls.key 2048 [root@master baremetal]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/o=DevOps/CN=www.cx.com [root@master baremetal]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key secret/tomcat-ingress-secret created
修改ingress-tomcat.yaml 文件
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls: 添加tls
- hosts: 主机名
- www.cx.com
secretName: tomcat-ingress-secret 哪里读取文件
rules:
- host: www.cx.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
更新测试
[root@master baremetal]# kubectl apply -f ingress-tomcat.yaml ingress.extensions/ingress-tomcat configured
