【K8S】Nginx-Ingress-Controller部署，用域名的方式访问服务

【K8S】Nginx-Ingress-Controller部署，用域名的方式访问服务

一、创建资源

完整的yaml清单文件在后面。

[root@lidabai-master app]# kubectl apply -f nginx-ingress-controller.yamlserviceaccount/nginx-ingress-serviceaccount created

二、查看服务状态

查看服务状态是否正常，刚才创建的Pod是放在kube-system名称空间的。

[root@lidabai-master app]# kubectl -n kube-system get pod

服务状态正常！

三、创建测试的服务

$ kubectl apply -f pod-test.yaml$ vim pod-test.yaml apiVersion: apps/v1kind: Deploymentmetadata: name: nginx labels: app: nginxxspec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx imagePullPolicy: IfNotPresent ports: - containerPort: 80---apiVersion: v1kind: Servicemetadata: name: nginx-svcspec: selector: app: nginx ports: - port: 80 targetPort: 80 protocol: TCP

查看服务

[root@lidabai-master app]# kubectl get svcnginx-svc ClusterIP 10.108.224.202 80/TCP 26h

四、创建Ingress

[root@lidabai-master app]# kubectl apply -f ingress-test.yaml[root@lidabai-master app]# cat ingress-test.yaml---apiVersion: networking.k8s.io/v1kind: Ingressmetadata: name: ingress-ngi annotations: nginx.ingress.kubernetes.io/rewrite-target: /spec: ingressClassName: nginx rules: - host: lidabai.nginx.com #这里是我们访问的域名 paths: - path: / pathType: Prefix #匹配类型， Prefix（精确匹配）、 backend: service: name: nginx-svc #这里就是我们刚才创建的service名称 port: number: 80

查看ingress

[root@lidabai-master app]# kubectl get ingressNAME CLASS HOSTS ADDRESS PORTS AGEingress-ngi nginx lidabai.nginx.com 80 26h[root@lidabai-master app]# kubectl describe ingress ingress-ngi #查看ingress的详细信息

五、Windows主机配置

在自己的Windows系统中使用Notpad++工具打开 C:\Windows\System32\drivers\etc\hosts文件,

增加如下配置：

192.168.2.131 lidabai.damon.com

注意: 这里的IP是部署的nginx-ingress-controller服务的Pod所在的节点IP

六、浏览器使用域名访问服务

刚才我填的域名是lidabai.nginx.com，现在我就在浏览器中用这个域名访问我的服务。

可以看到可以访问到我们后端部署的nginx服务。

七、完整的yaml文件说明

完整的yaml文件如下，总共会部署2个pod：

default-Pod亲和性将2个pod调度到一起了。

---apiVersion: v1kind: ServiceAccountmetadata: name: nginx-ingress-serviceaccount namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRolemetadata: name: nginx-ingress-clusterrole #这个ServiceAcount所绑定的集群角色rules: - apiGroups: - "" resources: #此集群角色的权限，它能操作的API资源 - configmaps - endpoints - nodes - pods - secrets verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - "" resources: - services verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "extensions" resources: - ingresses/status verbs: - update---apiVersion: rbac.authorization.k8s.io/v1beta1kind: Rolemetadata: name: nginx-ingress-role #这是一个角色，而非集群角色 namespace: kube-systemrules: #角色的权限 - apiGroups: - "" resources: - configmaps - pods - secrets - namespaces verbs: - get - apiGroups: - "" resources: - configmaps resourceNames: # Defaults to "-" # Here: "-" # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - "ingress-controller-leader-nginx" verbs: - get - update - apiGroups: - "" resources: - configmaps verbs: - create - apiGroups: - "" resources: - endpoints verbs: - get - create - update---apiVersion: rbac.authorization.k8s.io/v1beta1kind: RoleBinding #角色绑定metadata: name: nginx-ingress-role-nisa-binding namespace: kube-systemroleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-ingress-rolesubjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount #绑定在这个用户 namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBinding #集群绑定metadata: name: nginx-ingress-clusterrole-nisa-bindingroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-ingress-clusterrolesubjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount #集群绑定到这个serviceacount namespace: kube-system #集群角色是可以跨namespace，但是这里只指明给这个namespce来使用---apiVersion: apps/v1kind: Deploymentmetadata: name: nginx-ingress-controller labels: k8s-app: nginx-ingress-controller namespace: kube-systemspec: replicas: 1 selector: matchLabels: k8s-app: nginx-ingress-controller template: metadata: labels: k8s-app: nginx-ingress-controller spec: # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host # that said, since hostPort is broken on CNI (we have to use hostNetwork where CNI is used # like with kubeadm terminationGracePeriodSeconds: 60 hostNetwork: true #表示容器使用和宿主机一样的网络 serviceAccountName: nginx-ingress-serviceaccount #引用前面创建的serviceacount containers: - image: registry.cn-hangzhou.aliyuncs.com/peter1009/nginx-ingress-controller:0.20.0 #容器使用的镜像 name: nginx-ingress-controller readinessProbe: #启动这个服务时要验证/healthz 端口10254会在运行的node上监听。 path: /healthz port: 10254 scheme: HTTP livenessProbe: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 #每隔10做健康检查 timeoutSeconds: 1 ports: - containerPort: 80 hostPort: 80 #80映射到80# - containerPort: 443 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/default- - --default-ssl-certificate=$(POD_NAMESPACE)/ingress-secret #这是启用Https时用的# nodeSelector: #指明运行在哪，此IP要和default backend是同一个IP# kubernetes.io/hostname: 10.3.1.17 #上面映射到了hostport80，确保此IP80，443没有占用.---apiVersion: apps/v1kind: Deploymentmetadata: name: default- labels: k8s-app: default- namespace: kube-systemspec: replicas: 1 selector: matchLabels: k8s-app: default- template: metadata: labels: k8s-app: default- spec: terminationGracePeriodSeconds: 60 containers: - name: default- # Any image is permissable as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint image: registry.cn-hangzhou.aliyuncs.com/hachikou/defaultbackend:1.0 livenessProbe: path: /healthz #这个URI是 nginx-ingress-controller中nginx里配置好的localtion port: 8080 scheme: HTTP initialDelaySeconds: 30 #30s检测一次/healthz timeoutSeconds: 5 ports: - containerPort: 8080 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi affinity: #Pod亲和性调度，default需要跟前面的nginx的Pod在同一节点 podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: k8s-app operator: In values: - nginx-ingress-controller topologyKey: "kubernetes.io/hostname"---apiVersion: v1kind: Servicemetadata: name: default- namespace: kube-system labels: k8s-app: default- ports: - port: 80 targetPort: 8080 selector: k8s-app: default-http-backend

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。