前言
k8s集群服务部署好之后,需要对外提域名访问,这时候就需要ingress-nginx了,今天来给大家分享一下
一、部署配置ingress
1、获取配置文件
1
2
|
#文件已下载到本地 https: //github.com/kubernetes/ingress-nginx/tree/nginx-0.20.0/deploy |
2、准备镜像
1
2
3
4
5
|
unzip ingress-nginx-nginx- 0.20 . 0 .zip cd ingress-nginx-nginx- 0.20 . 0 /deploy/ vim mandatory.yaml #其他文件的集合 #编辑mandatory.yaml文件,将defaultbackend镜像地址改成阿里云的镜像地址(如下图) image: registry.cn-hangzhou.aliyuncs.com/allinpay/defaultbackend-amd64:v1. 5 |
3、安装
1
|
kubectl apply -f mandatory.yaml |
1
2
3
|
#稍等片刻,使用下列命令查询 kubectl get namespace kubectl get pods -n ingress-nginx |
4、创建后端pod和service (pod-b、service-b)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
vim deploy-demo.yaml apiversion: v1 kind: service metadata: name: myapp namespace: default spec: selector: app: myapp release: canary ports: - name: http targetport: 80 port: 80 --- apiversion: apps/v1 kind: deployment metadata: name: myapp-deploy namespace: default spec: replicas: 3 selector: matchlabels: app: myapp release: canary template: metadata: labels: app: myapp release: canary spec: containers: - name: myapp image: ikubernetes/myapp:v2 ports: - name: http containerport: 80 #应用配置 kubectl apply -f deploy-demo.yaml #查看 kubectl get pods |
5、创建service-a
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
vim service-nodeport.yaml apiversion: v1 kind: service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: type: nodeport ports: - name: http port: 80 targetport: 80 protocol: tcp nodeport: 30080 - name: https port: 443 targetport: 443 protocol: tcp nodeport: 30443 selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx #应用配置 kubectl apply -f service-nodeport.yaml #查看 kubectl get svc -n ingress-nginx |
在外部浏览器中中访问:ip:30080
此时报错的原因是因为没有生成ingress-controller关联到service-b的ingress规则;
6、定义ingress规则
定义ingress规则,此间规则会自动注入到ingress-controller(pod)的nginx.conf中;
ingress-controller是直接关联到service-b的,但是中间由ingress来生成各种规则;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
vim ingress-myapp.yaml apiversion: extensions/v1beta1 kind: ingress metadata: name: ingress-myapp namespace: default annotations: kubernetes.io/ingress. class : "nginx" spec: rules: - host: myapp.magedu.com http: paths: - path: backend: servicename: myapp serviceport: 80 |
此时ingress-controller的nginx.conf中会自动生成一个server段的配置,也就是一个nginx的虚拟主机的字段,还包括upstream配置等;
upstream自动代理到后端pod(pod-b),这些都是自动生成,所以就实现了自动生成配置,自动更改配置等;
只需要改此yaml文件即可;
1
2
|
#应用配置 kubectl apply -f ingress-myapp.yaml |
在外部主机上配置好host文件
然后在浏览器中再访问,发现已经可以访问到后端pod了
二、使用https
1、创建k8s证书(要注意和后端的pod使用相同的namespace)
1
|
kubectl -n default create secret tls ingress-test --key /home/centos/cert/cash432.key --cert /home/centos/cert/cash432.crt |
2、创建ingress规则
注意namespace的相同性,要不然证书无法生效
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
vim ingress-myapp-cash432.yaml apiversion: extensions/v1beta1 kind: ingress metadata: name: ingress-myapp namespace: default annotations: kubernetes.io/ingress. class : "nginx" kubernetes.io/secure-backends: "true" kubernetes.io/ssl-passthrough: "true" spec: tls: - hosts: - myapp.cash432.xyz secretname: ingress-test rules: - host: myapp.cash432.xyz http: paths: - path: backend: servicename: myapp serviceport: 80 #应用配置 kubectl apply -f ingress-myapp-cash432.yaml |
浏览器访问
到此这篇关于k8s部署ingress-nginx的方法步骤的文章就介绍到这了,更多相关k8s部署ingress-nginx内容请搜索服务器之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持服务器之家!
原文链接:https://blog.csdn.net/qq_37837432/article/details/121720678