https://github.com/kubernetes/ingress-nginx
Ingress 控制器 | Kubernetes 官网网址 –>https://kubernetes.io/zh-cn/docs/concepts/services-networking…
Nginx Ingress 控制器是官网举荐并保护的 Ingress 控制器。
为了让 Ingress 资源工作,集群必须有一个正在运行的 Ingress 控制器。
与作为 kube-controller-manager 可执行文件的一部分运行的其余类型的控制器不同,Ingress 控制器不是随集群主动启动的。基于此页面,你可抉择最适宜你的集群的 ingress 控制器实现。
Kubernetes 作为一个我的项目,目前反对和保护 AWS、GCE 和 Nginx Ingress 控制器。
Helm 装置
官网举荐应用 helm 装置,匹配关系
Helm 装置官网文档:https://helm.sh/docs/intro/install/
装置 helm v3 版本,间接从 github 下载源码包:
下载
[root@master01 ~]# wget https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz# 解压
[root@master01 ~]# tar -zxvf helm-v3.11.1-linux-amd64.tar.gz# cp 到环境变量目录外面即可
[root@master01 ~]# cp linux-amd64/helm /usr/local/bin/helm
Chart
官网给出的办法:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
国内应用 gcr 的 image 有问题,提前准备到 aliyun 的 registry:
registry.cn-hangzhou.aliyuncs.com/tanzu/controller:v1.6.4
registry.cn-hangzhou.aliyuncs.com/tanzu/kube-webhook-certgen:v20220916-gd32f8c343
registry.cn-hangzhou.aliyuncs.com/tanzu/defaultbackend-amd64:1.5在官网下载 Chart 包:ingress-nginx-4.5.2.tgz
tar -zxvf ingress-nginx-4.5.2.tgz
cd ingress-nginx
kubectl create ns ingress-nginx
kubectl label node master01 ingress=true #对应上面的 nodeSelctor
批改 value.yaml,须要批改的地位
- Controller 和 admissionWebhook 的镜像地址,须要将公网镜像同步至公司内网镜像仓库
controller:
name: controller
image:
## Keep false as default for now!
chroot: false
registry: registry.cn-hangzhou.aliyuncs.com
image: tanzu/controller
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
tag: "v1.6.4"
#digest: sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
#digestChroot: sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
...
opentelemetry:
enabled: false
image: registry.cn-hangzhou.aliyuncs.com/tanzu/opentelemetry:v20230107
...
image:
registry: registry.cn-hangzhou.aliyuncs.com
image: tanzu/kube-webhook-certgen
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
tag: v20220916-gd32f8c343
#digest: sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f- hostNetwork 设置为 true
hostNetwork: true- dnsPolicy 设置为 ClusterFirstWithHostNet,与 hostNetwork 参数匹配
dnsPolicy: ClusterFirstWithHostNet- NodeSelector 增加 ingress:"true"部署至指定节点
nodeSelector:
kubernetes.io/os: linux
ingress: "true"- 类型更改为 kind:DaemonSet。配合第 4 步,能够利用零碎主动监控有 ingress: true 标签的主机启动 Ingress Controller
# -- Use a `DaemonSet` or `Deployment`
kind: DaemonSet
# -- Annotations to be added to the controller Deployment or DaemonSet
部署
root@master01:/home/zyi/ingress-nginx# helm install ingress-nginx -n ingress-nginx .
Release "ingress-nginx" has been installed. Happy Helming!
NAME: ingress-nginx
LAST DEPLOYED: Wed Mar 1 09:25:47 2023
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
Get the application URL by running these commands:
export POD_NAME=$(kubectl --namespace ingress-nginx get pods -o jsonpath="{.items[0].metadata.name}" -l "app=ingress-nginx,component=controller,release=ingress-nginx")
kubectl --namespace ingress-nginx port-forward $POD_NAME 8080:80
echo "Visit <http://127.0.0.1:8080> to access your application."
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
namespace: foo
spec:
ingressClassName: nginx
rules:
- host: www.example.com
http:
paths:
- pathType: Prefix
backend:
service:
name: exampleService
port:
number: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
root@master01:/home/zyi/ingress-nginx# kubectl get po -n ingress-nginx -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-nginx-controller-7w89d 1/1 Running 4 (58s ago) 5m39s 172.16.21.21 master01 <none> <none>
ingress-release-ingress-nginx-admission-create-f4xc8 0/1 Completed 0 3h33m 10.211.5.22 worker01 <none> <none>
Ingress test
配置好两个 svc
root@master01:~# curl 10.106.61.146
WBITT Network MultiTool (with NGINX) - auto-694fdc5546-6ndvd - 10.211.30.86 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)
root@master01:~# curl 10.100.73.212:8080
WBITT Network MultiTool (with NGINX) - foo-6d8f44fdb6-nlhcb - 10.211.30.95 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)
配置 Ingress
#Ingress yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-example
namespace: default
spec:
ingressClassName: nginx
rules:
- host: auto.etaon.lab
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: auto
port:
number: 80
- host: foo.etaon.lab
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: foo
port:
number: 8080测试
另一台设施上,配置 dns auto/foo.etaon.lab —>master01,并测试。
后果如下:
[root@cent ~]# curl auto.etaon.lab
WBITT Network MultiTool (with NGINX) - auto-694fdc5546-6ndvd - 10.211.30.86 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)
[root@cent ~]# curl foo.etaon.lab
WBITT Network MultiTool (with NGINX) - foo-6d8f44fdb6-r4zr2 - 10.211.5.37 - HTTP: 80 , HTTPS: 443 . (Formerly praqma/network-multitool)