关于kubernetes:Installation-Ingressnginx-v164

75次阅读

共计 5191 个字符,预计需要花费 13 分钟才能阅读完成。

https://github.com/kubernetes/ingress-nginx
Ingress 控制器 | Kubernetes 官网网址 –>https://kubernetes.io/zh-cn/docs/concepts/services-networking…

Nginx Ingress 控制器是官网举荐并保护的 Ingress 控制器。

为了让 Ingress 资源工作,集群必须有一个正在运行的 Ingress 控制器。
与作为 kube-controller-manager 可执行文件的一部分运行的其余类型的控制器不同,Ingress 控制器不是随集群主动启动的。基于此页面,你可抉择最适宜你的集群的 ingress 控制器实现。
Kubernetes 作为一个我的项目,目前反对和保护 AWS、GCE 和 Nginx Ingress 控制器。

Helm 装置

官网举荐应用 helm 装置,匹配关系

Helm 装置官网文档:https://helm.sh/docs/intro/install/
装置 helm v3 版本,间接从 github 下载源码包:

下载

[root@master01 ~]# wget https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz# 解压
[root@master01 ~]# tar -zxvf helm-v3.11.1-linux-amd64.tar.gz# cp 到环境变量目录外面即可
[root@master01 ~]# cp linux-amd64/helm /usr/local/bin/helm

Chart

官网给出的办法:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install [RELEASE_NAME] ingress-nginx/ingress-nginx

国内应用 gcr 的 image 有问题,提前准备到 aliyun 的 registry:

registry.cn-hangzhou.aliyuncs.com/tanzu/controller:v1.6.4
registry.cn-hangzhou.aliyuncs.com/tanzu/kube-webhook-certgen:v20220916-gd32f8c343
registry.cn-hangzhou.aliyuncs.com/tanzu/defaultbackend-amd64:1.5

在官网下载 Chart 包:ingress-nginx-4.5.2.tgz

tar -zxvf ingress-nginx-4.5.2.tgz 
cd ingress-nginx

kubectl create ns ingress-nginx

kubectl label node master01 ingress=true #对应上面的 nodeSelctor

批改 value.yaml,须要批改的地位

  1. Controller 和 admissionWebhook 的镜像地址,须要将公网镜像同步至公司内网镜像仓库
controller:
    name: controller
    image:
        ## Keep false as default for now!
        chroot: false
        registry: registry.cn-hangzhou.aliyuncs.com
        image: tanzu/controller
        ## for backwards compatibility consider setting the full image url via the repository value below
        ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
        ## repository:
        tag: "v1.6.4"
        #digest: sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
        #digestChroot: sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
...
opentelemetry:
        enabled: false
        image: registry.cn-hangzhou.aliyuncs.com/tanzu/opentelemetry:v20230107
...
image:
                registry: registry.cn-hangzhou.aliyuncs.com
                image: tanzu/kube-webhook-certgen
                ## for backwards compatibility consider setting the full image url via the repository value below
                ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
                ## repository:
                tag: v20220916-gd32f8c343
                #digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
  1. hostNetwork 设置为 true
hostNetwork: true
  1. dnsPolicy 设置为 ClusterFirstWithHostNet,与 hostNetwork 参数匹配
dnsPolicy: ClusterFirstWithHostNet
  1. NodeSelector 增加 ingress:"true"部署至指定节点
nodeSelector:
        kubernetes.io/os: linux
        ingress: "true"
  1. 类型更改为 kind:DaemonSet。配合第 4 步,能够利用零碎主动监控有 ingress: true 标签的主机启动 Ingress Controller
# -- Use a `DaemonSet` or `Deployment`
    kind: DaemonSet
    # -- Annotations to be added to the controller Deployment or DaemonSet

部署

root@master01:/home/zyi/ingress-nginx#  helm install ingress-nginx -n ingress-nginx .
Release "ingress-nginx" has been installed. Happy Helming!
NAME: ingress-nginx
LAST DEPLOYED: Wed Mar  1 09:25:47 2023
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
Get the application URL by running these commands:
  export POD_NAME=$(kubectl --namespace ingress-nginx get pods -o jsonpath="{.items[0].metadata.name}" -l "app=ingress-nginx,component=controller,release=ingress-nginx")
  kubectl --namespace ingress-nginx port-forward $POD_NAME 8080:80
  echo "Visit <http://127.0.0.1:8080> to access your application."

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
root@master01:/home/zyi/ingress-nginx# kubectl get po -n ingress-nginx  -owide
NAME                                                   READY   STATUS      RESTARTS      AGE     IP             NODE       NOMINATED NODE   READINESS GATES
ingress-nginx-controller-7w89d                         1/1     Running     4 (58s ago)   5m39s   172.16.21.21   master01   <none>           <none>
ingress-release-ingress-nginx-admission-create-f4xc8   0/1     Completed   0             3h33m   10.211.5.22    worker01   <none>           <none>

Ingress test

配置好两个 svc

root@master01:~# curl 10.106.61.146
WBITT Network MultiTool (with NGINX) - auto-694fdc5546-6ndvd - 10.211.30.86 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)
root@master01:~# curl 10.100.73.212:8080
WBITT Network MultiTool (with NGINX) - foo-6d8f44fdb6-nlhcb - 10.211.30.95 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)

配置 Ingress

#Ingress yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-example
  namespace: default
spec:
  ingressClassName: nginx
  rules:
  - host: auto.etaon.lab
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: auto
            port:
              number: 80
  - host: foo.etaon.lab
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: foo
            port:
              number: 8080

测试

另一台设施上,配置 dns auto/foo.etaon.lab —>master01,并测试。
后果如下:

[root@cent ~]# curl auto.etaon.lab
WBITT Network MultiTool (with NGINX) - auto-694fdc5546-6ndvd - 10.211.30.86 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)
[root@cent ~]# curl foo.etaon.lab
WBITT Network MultiTool (with NGINX) - foo-6d8f44fdb6-r4zr2 - 10.211.5.37 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)

正文完
 0