k8s-ingress-nginx搭建

红太狼 2022-10-16 06:12 377阅读 0赞

首先区分开ingress和ingress-controller

前者个人理解是一种集群中服务之间访问控制策略

后者是client访问集群时得一种方式如下图
思维导图(部署方式不同,略有差别)
在这里插入图片描述
暴露服务还分几种方式
一 .Deployment+LoadBalancer模式的Service
客户端不能直接访问集群服务,创建ingress controller 的多副本模式 整套需要创建2个负载均衡 一个是proxy到ingress controller,一个是进来集群到后端服务的ingress的反向代理 需绑定2个svc。

二.Deployment+NodePort模式的Service
client直接访问集群服务,通过标签匹配node节点,创建的资源同上,只不过ingress controller的svc需修改成nodeport模式,node节点直接暴露服务,但是只能是30000-32767不方便客户使用。

三.DaemonSet+HostNetwork+nodeSelector (本次实验使用的方式)
通过标签匹配,选定node节点,使用主机网络模式,与上面的流程不同之处,整套流程创建一个ingress controller 绑定一个ingress代理一个svc绑定deployment
有一定依耐性,必须先启动Ingress Controller 服务
1.创建Ingress Controller

  1. vim mandatory.yaml 
  2. ##190行之后定义适合自己的模式
  4. apiVersion: v1
  5. kind: Namespace
  6. metadata:
  7.   name: ingress-nginx
  8.   labels:
  9.     app.kubernetes.io/name: ingress-nginx
  10.     app.kubernetes.io/part-of: ingress-nginx
  12. ---
  14. kind: ConfigMap
  15. apiVersion: v1
  16. metadata:
  17.   name: nginx-configuration
  18.   namespace: ingress-nginx
  19.   labels:
  20.     app.kubernetes.io/name: ingress-nginx
  21.     app.kubernetes.io/part-of: ingress-nginx
  23. ---
  24. kind: ConfigMap
  25. apiVersion: v1
  26. metadata:
  27.   name: tcp-services
  28.   namespace: ingress-nginx
  29.   labels:
  30.     app.kubernetes.io/name: ingress-nginx
  31.     app.kubernetes.io/part-of: ingress-nginx
  33. ---
  34. kind: ConfigMap
  35. apiVersion: v1
  36. metadata:
  37.   name: udp-services
  38.   namespace: ingress-nginx
  39.   labels:
  40.     app.kubernetes.io/name: ingress-nginx
  41.     app.kubernetes.io/part-of: ingress-nginx
  43. ---
  44. apiVersion: v1
  45. kind: ServiceAccount
  46. metadata:
  47.   name: nginx-ingress-serviceaccount
  48.   namespace: ingress-nginx
  49.   labels:
  50.     app.kubernetes.io/name: ingress-nginx
  51.     app.kubernetes.io/part-of: ingress-nginx
  53. ---
  54. apiVersion: rbac.authorization.k8s.io/v1beta1
  55. kind: ClusterRole
  56. metadata:
  57.   name: nginx-ingress-clusterrole
  58.   labels:
  59.     app.kubernetes.io/name: ingress-nginx
  60.     app.kubernetes.io/part-of: ingress-nginx
  61. rules:
  62.   - apiGroups:
  63.       - ""
  64.     resources:
  65.       - configmaps
  66.       - endpoints
  67.       - nodes
  68.       - pods
  69.       - secrets
  70.     verbs:
  71.       - list
  72.       - watch
  73.   - apiGroups:
  74.       - ""
  75.     resources:
  76.       - nodes
  77.     verbs:
  78.       - get
  79.   - apiGroups:
  80.       - ""
  81.     resources:
  82.       - services
  83.     verbs:
  84.       - get
  85.       - list
  86.       - watch
  87.   - apiGroups:
  88.       - ""
  89.     resources:
  90.       - events
  91.     verbs:
  92.       - create
  93.       - patch
  94.   - apiGroups:
  95.       - "extensions"
  96.       - "networking.k8s.io"
  97.     resources:
  98.       - ingresses
  99.     verbs:
  100.       - get
  101.       - list
  102.       - watch
  103.   - apiGroups:
  104.       - "extensions"
  105.       - "networking.k8s.io"
  106.     resources:
  107.       - ingresses/status
  108.     verbs:
  109.       - update
  111. ---
  112. apiVersion: rbac.authorization.k8s.io/v1beta1
  113. kind: Role
  114. metadata:
  115.   name: nginx-ingress-role
  116.   namespace: ingress-nginx
  117.   labels:
  118.     app.kubernetes.io/name: ingress-nginx
  119.     app.kubernetes.io/part-of: ingress-nginx
  120. rules:
  121.   - apiGroups:
  122.       - ""
  123.     resources:
  124.       - configmaps
  125.       - pods
  126.       - secrets
  127.       - namespaces
  128.     verbs:
  129.       - get
  130.   - apiGroups:
  131.       - ""
  132.     resources:
  133.       - configmaps
  134.     resourceNames:
  135.       # Defaults to "<election-id>-<ingress-class>"
  136.       # Here: "<ingress-controller-leader>-<nginx>"
  137.       # This has to be adapted if you change either parameter
  138.       # when launching the nginx-ingress-controller.
  139.       - "ingress-controller-leader-nginx"
  140.     verbs:
  141.       - get
  142.       - update
  143.   - apiGroups:
  144.       - ""
  145.     resources:
  146.       - configmaps
  147.     verbs:
  148.       - create
  149.   - apiGroups:
  150.       - ""
  151.     resources:
  152.       - endpoints
  153.     verbs:
  154.       - get
  156. ---
  157. apiVersion: rbac.authorization.k8s.io/v1beta1
  158. kind: RoleBinding
  159. metadata:
  160.   name: nginx-ingress-role-nisa-binding
  161.   namespace: ingress-nginx
  162.   labels:
  163.     app.kubernetes.io/name: ingress-nginx
  164.     app.kubernetes.io/part-of: ingress-nginx
  165. roleRef:
  166.   apiGroup: rbac.authorization.k8s.io
  167.   kind: Role
  168.   name: nginx-ingress-role
  169. subjects:
  170.   - kind: ServiceAccount
  171.     name: nginx-ingress-serviceaccount
  172.     namespace: ingress-nginx
  174. ---
  175. apiVersion: rbac.authorization.k8s.io/v1beta1
  176. kind: ClusterRoleBinding
  177. metadata:
  178.   name: nginx-ingress-clusterrole-nisa-binding
  179.   labels:
  180.     app.kubernetes.io/name: ingress-nginx
  181.     app.kubernetes.io/part-of: ingress-nginx
  182. roleRef:
  183.   apiGroup: rbac.authorization.k8s.io
  184.   kind: ClusterRole
  185.   name: nginx-ingress-clusterrole
  186. subjects:
  187.   - kind: ServiceAccount
  188.     name: nginx-ingress-serviceaccount
  189.     namespace: ingress-nginx
  191. ---
  193. apiVersion: apps/v1
  194. #kind: Deployment
  195. kind: DaemonSet
  196. metadata:
  197.   name: nginx-ingress-controller
  198.   namespace: ingress-nginx
  199.   labels:
  200.     app.kubernetes.io/name: ingress-nginx
  201.     app.kubernetes.io/part-of: ingress-nginx
  202. spec:
  203. # replicas: 1
  204.   selector:
  205.     matchLabels:
  206.       app.kubernetes.io/name: ingress-nginx
  207.       app.kubernetes.io/part-of: ingress-nginx
  208.   template:
  209.     metadata:
  210.       labels:
  211.         app.kubernetes.io/name: ingress-nginx
  212.         app.kubernetes.io/part-of: ingress-nginx
  213.       annotations:
  214.         prometheus.io/port: "10254"
  215.         prometheus.io/scrape: "true"
  216.     spec:
  217.       hostNetwork: true
  218.       # wait up to five minutes for the drain of connections
  219.       terminationGracePeriodSeconds: 300
  220.       serviceAccountName: nginx-ingress-serviceaccount
  221.       nodeSelector:
  222.         kubernetes.io/os: linux
  223.         nodes-rola: edg
  224.       containers:
  225.         - name: nginx-ingress-controller
  226.           image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
  227.           args:
  228.             - /nginx-ingress-controller
  229.             - --configmap=$(POD_NAMESPACE)/nginx-configuration
  230.             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
  231.             - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
  232.             - --publish-service=$(POD_NAMESPACE)/ingress-nginx
  233.             - --annotations-prefix=nginx.ingress.kubernetes.io
  234.           securityContext:
  235.             allowPrivilegeEscalation: true
  236.             capabilities:
  237.               drop:
  238.                 - ALL
  239.               add:
  240.                 - NET_BIND_SERVICE
  241.             # www-data -> 101
  242.             runAsUser: 101
  243.           env:
  244.             - name: POD_NAME
  245.               valueFrom:
  246.                 fieldRef:
  247.                   fieldPath: metadata.name
  248.             - name: POD_NAMESPACE
  249.               valueFrom:
  250.                 fieldRef:
  251.                   fieldPath: metadata.namespace
  252.           ports:
  253.             - name: http
  254.               containerPort: 80
  255.               protocol: TCP
  256.             - name: https
  257.               containerPort: 443
  258.               protocol: TCP
  259.           livenessProbe:
  260.             failureThreshold: 3
  261.             httpGet:
  262.               path: /healthz
  263.               port: 10254
  264.               scheme: HTTP
  265.             initialDelaySeconds: 10
  266.             periodSeconds: 10
  267.             successThreshold: 1
  268.             timeoutSeconds: 10
  269.           readinessProbe:
  270.             failureThreshold: 3
  271.             httpGet:
  272.               path: /healthz
  273.               port: 10254
  274.               scheme: HTTP
  275.             periodSeconds: 10
  276.             successThreshold: 1
  277.             timeoutSeconds: 10
  278.           lifecycle:
  279.             preStop:
  280.               exec:
  281.                 command:
  282.                   - /wait-shutdown
  284. ---
  286. apiVersion: v1
  287. kind: LimitRange
  288. metadata:
  289.   name: ingress-nginx
  290.   namespace: ingress-nginx
  291.   labels:
  292.     app.kubernetes.io/name: ingress-nginx
  293.     app.kubernetes.io/part-of: ingress-nginx
  294. spec:
  295.   limits:
  296.   - min:
  297.       memory: 90Mi
  298.       cpu: 100m
  299.     type: Container

如果是cluster,nodeport的话 还需要一个svc代理Ingress Controller

  1. vim mandatory-svc.yaml
  3. apiVersion: v1
  4. kind: Service
  5. metadata:
  6.   name: ingress-nginx
  7.   namespace: ingress-nginx
  8. spec:
  9.   ports:
  10.   - name: http
  11.     port: 80
  12.     targetPort: 80
  13.   - name: https
  14.     port: 443
  15.     targetPort: 443
  16.   selector:
  17.     app.kubernetes.io/name: ingress-nginx
  18.   type: ClusterIP

这里我们用的主机网络模式 所以不用创建svc
3.创建转发规则ingress

  1. vim ingress-nginx.yaml
  3. apiVersion: extensions/v1beta1
  4. kind: Ingress
  5. metadata:
  6.   name: ingress-mynginx
  7.   namespace: default ##修改命名空间
  8.   annotations:
  9.     kubernetes.io/ingress.class: "nginx"
  10. spec:
  11.   rules:
  12.   - host: mynginx.com
  13.     http:
  14.       paths:
  15.       - path:
  16.         backend:
  17.           serviceName: service-nginx ##绑定后端服务
  18.           servicePort: 80

4.创建后端web服务

  1. vim my-nginx.yaml
  3. apiVersion: v1
  4. kind: Service
  5. metadata:
  6.   name: service-nginx ##与上面的ingress需一致,绑定关系 
  7.   namespace: default  ##命名空间
  8. spec:
  9.   selector:
  10.     app: mynginx   ##绑定下面的deployment启的pod
  11.   ports:
  12.   - name: http
  13.     port: 80
  14.     targetPort: 80
  16. ---
  17. apiVersion: apps/v1
  18. kind: Deployment
  19. metadata:
  20.   name: mynginx ##deployment的名字 无依赖关系
  21.   namespace: default
  22. spec:
  23.   replicas: 2
  24.   selector:
  25.     matchLabels:
  26.       app: mynginx ##这里是deployment和svc绑定关系,下面pod也得一致
  27.   template:
  28.     metadata:
  29.       labels:
  30.         app: mynginx ##与上面得deployment绑定,才能让deploy管理pod
  31.     spec:
  32.       containers:
  33.       - name: mycontainer
  34.         image: nginx
  35.         imagePullPolicy: IfNotPresent
  36.         ports:
  37.         - name: nginx 
  38.           containerPort: 80

发表评论

表情:
评论列表 (有 0 条评论,377人围观)

还没有评论,来说两句吧...

相关阅读

    相关 K8S 集群

    1、搭建清单 2台linux服务器(一个master节点,一个node节点),建议搭3台(一个master,两个node) 我使用的是腾讯云,节点与节点使用公网I

    傷城~傷城~/ 0/ 228 阅读

    相关 单机K8s

    单机版K8s搭建,使用的是`docker + kubectl + minikube`三部分组合而成。 对于个人来说,搭建一个K8s环境用来深入学习和了解K8s还是有

    以你之姓@以你之姓@/ 0/ 144 阅读

    相关 k8sgitlab

    `Gitlab`官方提供了 Helm 的方式在 Kubernetes 集群中来快速安装,但是在使用的过程中发现 Helm 提供的 Chart 包中有很多其他额外的配置,所以我们

    桃扇骨桃扇骨/ 0/ 520 阅读

    相关 k8s-ingress-nginx

    首先区分开ingress和ingress-controller 前者个人理解是一种集群中服务之间访问控制策略 后者是client访问集群时得一种方式如下图 思维导图(部

    红太狼红太狼/ 0/ 378 阅读

    相关 [K8S] Zabbix

    什么?还没有搭建k8s,那赶紧看看 [\[K8S\] 认证集群搭建][K8S_] 吧 容器这么火,我也玩玩,搭个zabbix测试下   1、首先上传 zabbix 相关镜

    女爷i女爷i/ 0/ 403 阅读