zoukankan      html  css  js  c++  java
  • kubernetes 之ingress-nginx对象实现代理后端主机并实现ssl回话卸载

    下载所需:https://github.com/kubernetes/ingress-nginx/tree/nginx-0.17.1

    创建一个目录

     mkdir -p /data
    [root@master ~]# tar xf ingress-nginx-nginx-0.17.1.tar.gz -C /data/
    [root@master deploy]# cd /data/ingress-nginx-nginx-0.17.1/deploy
    

     修改mandatory.yaml与with-rbac.yaml

    apiVersion: apps/v1  #把 extensions/v1beta1修改成apps/v1;两个文件一样操作
    kind: Deployment
    

    创建名称空间资源

    [root@master deploy]# kubectl apply -f namespace.yaml 
    namespace/ingress-nginx created
    

     把剩下的yaml文件全部创建出来

    [root@master deploy]# kubectl apply -f ./
    configmap/nginx-configuration created
    service/default-http-backend created
    namespace/ingress-nginx unchanged
    deployment.apps/default-http-backend created
    service/default-http-backend unchanged
    configmap/nginx-configuration unchanged
    configmap/tcp-services created
    configmap/udp-services created
    serviceaccount/nginx-ingress-serviceaccount created
    clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
    role.rbac.authorization.k8s.io/nginx-ingress-role created
    rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
    clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
    namespace/ingress-nginx unchanged
    serviceaccount/nginx-ingress-serviceaccount unchanged
    clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole unchanged
    role.rbac.authorization.k8s.io/nginx-ingress-role unchanged
    rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding unchanged
    clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding unchanged
    configmap/tcp-services unchanged
    configmap/udp-services unchanged
    deployment.apps/nginx-ingress-controller created
    unable to recognize "default-backend.yaml": no matches for kind "Deployment" in version "extensions/v1beta1"
    unable to recognize "mandatory.yaml": no matches for kind "Deployment" in version "extensions/v1beta1"
    

         查看创建的pod

    [root@master deploy]# kubectl get -n ingress-nginx pods
    NAME                                        READY   STATUS    RESTARTS   AGE
    default-http-backend-75b5c88cd6-5z8kg       1/1     Running   0          7m22s
    nginx-ingress-controller-7c457c5b84-zbr9n   1/1     Running   0          7m21s
    

     创建后端应用pod

    [root@master data]# vim  depl-server-web.yaml 
    
    apiVersion: v1
    kind: Service
    metadata:
      name: myapp
      namespace: default
    spec:
      selector:
        app: myapp-cx
        cx: cx
      ports:
      - name: http
        targetPort: 80  
        port: 80
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: myapp-dp
      namespace: default
    spec:
      replicas: 2
      revisionHistoryLimit: 5
      selector:
        matchLabels:
          app: myapp-cx
          cx: cx
      strategy:
        rollingUpdate:
          maxSurge: 3
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: myapp-cx
            cx: cx
          name: myapp-dp
          namespace: default
        spec:
          containers:
          - name: myapp-f
            image: ikubernetes/myapp:v2
            ports:
            - name: httpd
              containerPort: 80
            livenessProbe:
              tcpSocket:
                port: 80
    

      启动创建

    [root@master data]# kubectl apply -f depl-server-web.yaml 
    service/myapp created
    deployment.apps/myapp-dp created
    [root@master data]# kubectl get svc
    NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
    kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP    114d
    myapp        ClusterIP   10.96.177.23    <none>        80/TCP     13s
    mysql        ClusterIP   10.96.177.112   <none>        3306/TCP   93d
    [root@master data]# kubectl get pods
    NAME                        READY   STATUS    RESTARTS   AGE
    myapp-dp-75889b7b8c-kcddh   1/1     Running   0          50s
    myapp-dp-75889b7b8c-p9cfk   1/1     Running   0          50s
    

      编写ingress-nginx与podserver建立的配置文件

    [root@master baremetal]# cd /data/ingress-nginx-nginx-0.17.1/deploy/provider/baremetal/
    [root@master baremetal]# vim service-nodeport.yaml   修改这个文件
    
    apiVersion: v1
    kind: Service
    metadata:
      name: ingress-nginx
      namespace: ingress-nginx
    spec:
      type: NodePort
      ports:
      - name: http
        port: 80
        targetPort: 80
        protocol: TCP
        nodePort: 30080   添加节点监听的端口
      - name: https
        port: 443
        targetPort: 443
        protocol: TCP
        nodePort: 30443   添加节点监听的端口
      selector:
        app: ingress-nginx   
    
    [root@master baremetal]# kubectl apply -f service-nodeport.yaml 
    service/ingress-nginx created
    [root@master baremetal]# kubectl get -n ingress-nginx svc   查看创建的svc
    NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
    default-http-backend   ClusterIP   10.96.24.100    <none>        80/TCP                       51m
    ingress-nginx          NodePort    10.96.234.141   <none>        80:30080/TCP,443:30443/TCP   45s
    

      浏览器访问NodeIP加端口号测试

    [root@master baremetal]# curl http://192.168.10.21:30080/
    default backend - 404
    [root@master baremetal]# curl http://192.168.10.21:30443/
    <html>
    <head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
    <body bgcolor="white">
    <center><h1>400 Bad Request</h1></center>
    <center>The plain HTTP request was sent to HTTPS port</center>
    <hr><center>nginx/1.13.12</center>
    </body>
    </html>
    

      创建于后端建立关系的ingress的资源

    [root@master baremetal]# cat ingress-nginx.yaml 
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: ingress
      namespace: default
      annotations: 
        kubernetes.io/ingress.class: "nginx"
    spec:
      rules:
      - host: www.chenxi.com   监听的主机名server_name
        http:
          paths:
          - path:   不写表示跟路径
            backend:
              serviceName: myapp   引用到那个service上
              servicePort: 80     servervice 监听的端口
    

      创建并测试

    [root@master baremetal]# kubectl apply -f ingress-nginx.yaml 
    ingress.extensions/ingress created
    [root@master baremetal]# kubectl describe ingress   查看相关资源
    Name:             ingress
    Namespace:        default
    Address:          
    Default backend:  default-http-backend:80 (<none>)
    Rules:
      Host            Path  Backends
      ----            ----  --------
      www.chenxi.com  
                         myapp:80 (10.244.1.56:80,10.244.2.46:80)
    Annotations:
      kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/i
    ngress.class":"nginx"},"name":"ingress","namespace":"default"},"spec":{"rules":[{"host":"www.chenxi.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":null}]}}]}}
      kubernetes.io/ingress.class:  nginx
    Events:
      Type    Reason  Age   From                      Message
      ----    ------  ----  ----                      -------
      Normal  CREATE  11m   nginx-ingress-controller  Ingress default/ingress
    
    [root@master baremetal]# vim /etc/hosts   主机名解析
    
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    192.168.10.20 master
    192.168.10.21 node01 www.chenxi.com
    192.168.10.22 node02
    [root@master baremetal]# curl http://www.chenxi.com:30080
    Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
    

      进入pod内部

    [root@master ~]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-7c457c5b84-zbr9n -- /bin/sh
    $ ls
    

      创建HTTPS会话卸载代理至tomcat创建tomcat pod以及server

    [root@master data]# cat depl-tomcat.yaml 
    apiVersion: v1
    kind: Service
    metadata:
      name: tomcat
      namespace: default
    spec:
      selector: 
        app: tomcat
        cx: tomcat-cx
      ports:
      - name: http
        targetPort: 8080
        port: 8080
    ---
    apiVersion: apps/v1
    kind: Deployment   
    metadata:
      name: tomcat
      namespace: default
    spec:
      replicas: 3
      revisionHistoryLimit: 5
      selector:
        matchLabels:
          app: tomcat
          cx: tomcat-cx
      strategy:
        rollingUpdate:
          maxSurge: 3
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: tomcat
            cx: tomcat-cx
          name: tomcat
          namespace: default
        spec:
          containers:
          - name: myapp-f
            image: tomcat
            ports:  
            - name: httpd
              containerPort: 8080
            livenessProbe:
              tcpSocket:
                port: 8080
    

      创建

    [root@master baremetal]# kubectl apply -f ingress-tomcat.yaml
    

      编写ingress资源;service-nodeport.yaml文件里如果不写默认是映射80端口的那个端口 

    [root@master baremetal]# cat ingress-tomcat.yaml 
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: ingress-tomcat
      namespace: default
      annotations: 
        kubernetes.io/ingress.class: "nginx"
    spec:
      rules:
      - host: www.cx.com
        http:
          paths:
          - path:
            backend:
              serviceName: tomcat
              servicePort: 8080
    

      启动

    [root@master baremetal]# kubectl apply -f ingress-tomcat.yaml 
    ingress.extensions/ingress configured
    [root@master baremetal]# kubectl describe ingress ingress-tomcat
    Name:             ingress-tomcat
    Namespace:        default
    Address:          
    Default backend:  default-http-backend:80 (<none>)
    Rules:
      Host        Path  Backends
      ----        ----  --------
      www.cx.com  
                     tomcat:8080 (10.244.1.57:8080,10.244.2.47:8080,10.244.2.48:8080)
    Annotations:
      kubernetes.io/ingress.class:                       nginx
      kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/i
    ngress.class":"nginx"},"name":"ingress-tomcat","namespace":"default"},"spec":{"rules":[{"host":"www.cx.com","http":{"paths":[{"backend":{"serviceName":"tomcat","servicePort":8080},"path":null}]}}]}}
    Events:
      Type    Reason  Age   From                      Message
      ----    ------  ----  ----                      -------
      Normal  CREATE  23s   nginx-ingress-controller  Ingress default/ingress-tomcat
    

      测试

    [root@master baremetal]# curl http://www.cx.com:30080
    <!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h
    1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Not found</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.54</h3></body></html>
    

      实现https创建证书文件

    [root@master baremetal]# openssl genrsa -out tls.key 2048
    [root@master baremetal]# openssl req -new -x509 -key tls.key  -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/o=DevOps/CN=www.cx.com
    [root@master baremetal]# kubectl create secret tls tomcat-ingress-secret  --cert=tls.crt --key=tls.key
    secret/tomcat-ingress-secret created
    

      修改ingress-tomcat.yaml 文件

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: ingress-tomcat
      namespace: default
      annotations:
        kubernetes.io/ingress.class: "nginx"
    spec:
      tls:  添加tls
      - hosts:   主机名
        - www.cx.com
        secretName: tomcat-ingress-secret   哪里读取文件
      rules:
      - host: www.cx.com
        http:
          paths:
          - path:
            backend:
              serviceName: tomcat
              servicePort: 8080
    

      更新测试

    [root@master baremetal]# kubectl apply -f ingress-tomcat.yaml 
    ingress.extensions/ingress-tomcat configured
    

      测试https://www.cx.com:30443/

      

  • 相关阅读:
    Python Web学习笔记之Python多线程基础
    Python入门之python可变对象与不可变对象
    Python Web学习笔记之SOCK_STREAM和SOCK_DGRAM
    background和background-position相关笔记
    自定义switch开关
    获取浏览器类型和版本号
    随机生成字符串
    white-space详解
    文件选择按钮随笔
    mouse的各种事件
  • 原文地址:https://www.cnblogs.com/rdchenxi/p/12743325.html
Copyright © 2011-2022 走看看