Helm 安装Nginx Ingress
为了便于将集群中的服务暴露到集群外部,需要使用Ingress。接下来使用Helm将Nginx Ingress部署到Kubernetes上。 Nginx Ingress Controller被部署在Kubernetes的边缘节点上。
这里将master
作为边缘节点,打上label
[root@master /]# kubectl label node master node-role.kubernetes.io/edge=
node/master labeled
[root@master /]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready edge,master 4d3h v1.15.1
slaver1 Ready <none> 4d2h v1.15.1
slaver2 Ready <none> 4d2h v1.15.1
安装
使用yaml
配置文件安装
stable/nginx-ingress chart的值文件ingress-nginx.yaml如下:
controller:
replicaCount: 1
hostNetwork: true
nodeSelector:
node-role.kubernetes.io/edge: ''
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx-ingress
- key: component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: PreferNoSchedule
defaultBackend:
nodeSelector:
node-role.kubernetes.io/edge: ''
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: PreferNoSchedule
nginx ingress controller的副本数replicaCount为1,将被调度到node1这个边缘节点上。这里并没有指定nginx ingress controller service的externalIPs,而是通过hostNetwork: true
设置nginx ingress controller使用宿主机网络。
helm repo update
helm install stable/nginx-ingress \
-n nginx-ingress \
--namespace kube-system \
-f ingress-nginx.yaml
具体信息:
[root@master /]# helm install stable/nginx-ingress -n nginx-ingress --namespace kube-system -f ingress-nginx.yaml
NAME: nginx-ingress
LAST DEPLOYED: Tue Jul 30 15:29:31 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
nginx-ingress-controller 1 <invalid>
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-657658b9b-xxq8r 0/1 ContainerCreating 0 <invalid>
nginx-ingress-default-backend-f8b68765c-fgjfs 0/1 ContainerCreating 0 <invalid>
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller LoadBalancer 10.108.248.196 <pending> 80:30839/TCP,443:32156/TCP <invalid>
nginx-ingress-default-backend ClusterIP 10.97.98.91 <none> 80/TCP <invalid>
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-ingress-controller 0/1 1 0 <invalid>
nginx-ingress-default-backend 0/1 1 0 <invalid>
==> v1beta1/PodDisruptionBudget
NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE
nginx-ingress-controller 1 N/A 0 <invalid>
nginx-ingress-default-backend 1 N/A 0 <invalid>
NOTES:
The nginx-ingress controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace kube-system get services -o wide -w nginx-ingress-controller'
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
直接使用命令安装
helm install stable/nginx-ingress \
-n nginx-ingress \
--namespace kube-system \
--set controller.hostNetwork=true,rbac.create=true \
--set controller.replicaCount=1
输出:
[root@master /]# helm install stable/nginx-ingress \
> -n nginx-ingress \
> --namespace kube-system \
> --set controller.hostNetwork=true,rbac.create=true \
> --set controller.replicaCount=1
Error: release nginx-ingress failed: Deployment in version "v1beta1" cannot be handled as a Deployment: v1beta1.Deployment.Spec: v1beta1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.HostNetwork: ReadBool: expect t or f, but found ", error found in #10 byte of ...|Network":"true,rba|..., bigger context ...|s":{}}],"dnsPolicy":"ClusterFirst","hostNetwork":"true,rbac.create=true","serviceAccountName":"def|...
安装异常,我这里的helm安装的时候没有设置rbac,去掉重新安装即可
[root@master /]# helm install stable/nginx-ingress \
> -n nginx-ingress \
> --namespace kube-system \
> --set controller.hostNetwork=true,controller.replicaCount=1
NAME: nginx-ingress
LAST DEPLOYED: Tue Jul 30 15:19:59 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
nginx-ingress-controller 1 <invalid>
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-67db56c89f-2hkxq 0/1 ContainerCreating 0 <invalid>
nginx-ingress-default-backend-878d64884-q4fmt 0/1 ContainerCreating 0 <invalid>
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller LoadBalancer 10.108.107.199 <pending> 80:31412/TCP,443:31392/TCP <invalid>
nginx-ingress-default-backend ClusterIP 10.107.244.59 <none> 80/TCP <invalid>
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-ingress-controller 0/1 1 0 <invalid>
nginx-ingress-default-backend 0/1 1 0 <invalid>
==> v1beta1/PodDisruptionBudget
NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE
nginx-ingress-controller 1 N/A 0 <invalid>
nginx-ingress-default-backend 1 N/A 0 <invalid>
NOTES:
The nginx-ingress controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace inkube-systemet services -o wide -w nginx-ingress-controller'
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
使用externalIP方式对外暴露服务:
helm install stable/nginx-ingress \
-n nginx-ingress \
--namespace kube-system \
--set controller.service.externalIPs[0]=18.16.202.163
查看:
[root@master /]# kubectl get po,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/nginx-ingress-controller-7d4f8b4fbc-rv52j 1/1 Running 0 44m
pod/nginx-ingress-default-backend-59944969d4-df8cl 1/1 Running 0 44m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx-ingress-controller LoadBalancer 10.103.227.228 18.16.202.163 80:30289/TCP,443:30669/TCP 44m
service/nginx-ingress-default-backend ClusterIP 10.106.189.109 <none> 80/TCP 44m
删除nginx-ingress
删除nginx-ingress
[root@master /]# helm delete nginx-ingress
release "nginx-ingress" deleted
[root@master /]# helm ls --all nginx-ingress
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
nginx-ingress 1 Tue Jul 30 14:31:01 2019 DELETED nginx-ingress-0.9.5 0.10.2 kube-system
[root@master /]# helm delete --purge nginx-ingress
release "nginx-ingress" deleted
[root@master /]# helm ls --all nginx-ingress
使用--purge
参数可以彻底删除release不留下记录,否则下一次部署的时候不能使用重名的release。
安装成功查看
查看
[root@master /]# kubectl get po,svc -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-ingress-controller-b89575c7f-2xtkk 1/1 Running 0 13m 18.16.202.163 master <none> <none>
pod/nginx-ingress-default-backend-7b8b45bd49-g4mbz 1/1 Running 0 13m 10.244.0.23 master <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/nginx-ingress-controller LoadBalancer 10.111.25.193 <pending> 80:31577/TCP,443:31246/TCP 13m app=nginx-ingress,component=controller,release=nginx-ingress
service/nginx-ingress-default-backend ClusterIP 10.106.126.222 <none> 80/TCP 13m app=nginx-ingress,component=default-backend,release=nginx-ingress
helm查看:
[root@master /]# helm ls --all nginx-ingress
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
nginx-ingress 1 Tue Jul 30 14:39:58 2019 DEPLOYED nginx-ingress-0.9.5 0.10.2 kube-system
访问验证:
[root@master /]# curl http://18.16.202.163
default backend - 404
http测试:
[root@master /]# curl -I http://18.16.202.163/healthz/
HTTP/1.1 200 OK
Server: openresty/1.15.8.1
Date: Tue, 20 Aug 2019 10:11:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
https:
[root@master /]# curl -kI https://k8s.hongda.com/
HTTP/1.1 200 Connection established
HTTP/1.1 200 OK
Server: openresty/1.15.8.1
Date: Tue, 20 Aug 2019 16:22:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 990
Connection: keep-alive
Vary: Accept-Encoding
Accept-Ranges: bytes
Cache-Control: no-store
Last-Modified: Mon, 17 Dec 2018 09:04:43 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
参考:
利用cert-manager让Ingress启用免费的HTTPS证书
Helm 安装Nginx Ingress的更多相关文章
- [经验交流] Kubernetes Nginx Ingress 安装与使用
Ingress 介绍 Kubernetes 上部署的微服务运行在它的私有网络中, 通过Pod实例的hostPort或Service实例的NodePort可以暴露到主机端口上,便于用户访问.但这样的方法 ...
- 国内不fq安装K8S三: 使用helm安装kubernet-dashboard
目录 3 使用helm安装kubernet-dashboard 3.1 Helm的安装 3.2 使用Helm部署Nginx Ingress 3.3 使用Helm部署dashboard 3.4 使用He ...
- Helm 安装部署Kubernetes的dashboard
Kubernetes Dashboard 是 k8s集群的一个 WEB UI管理工具,代码托管在 github 上,地址:https://github.com/kubernetes/dashboard ...
- Nginx Ingress on TKE 部署最佳实践
概述 开源的 Ingress Controller 的实现使用量最大的莫过于 Nginx Ingress 了,功能强大且性能极高.Nginx Ingress 有多种部署方式,本文将介绍 Nginx I ...
- Kubernetes用Helm安装Ingress并踩一下使用的坑
1 前言 欢迎访问南瓜慢说 www.pkslow.com获取更多精彩文章! Ingress是Kubernetes一个非常重要的Controller,它类似一个路由转发的组件,可以让外界访问Kubern ...
- 使用helm安装ingress,实现用域名的方式访问k8s内部应用
k8s集群版本 k8s集群版本是1.22 提前部署好nginx服务和创建好svc deployment方式部署的nginx服务,1个副本 创建的服务 通过服务可以代理到nginx服务 curl 10. ...
- helm 安装prometheus operator 并监控ingress
1.helm安装 curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.shchmod 7 ...
- kubernetes 1.14安装部署ingress
简单介绍: Ingress是Kubernetes API的标准资源类型之一,它其实就是一组基于DNS名称或URL路径把请求转发至指定的Service资源的规则,用来将集群外部的请求流量转发至集群内部. ...
- 使用helm安装jenkin和gitlab
一.使用服务介绍 存储: 阿里云NAS k8s网络插件: calico k8s版本: 1.15.2 二.helm安装 https://www.cnblogs.com/zhangb8042/p/1020 ...
随机推荐
- 理解Spring中的IoC和DI
什么是IoC和DI IoC(Inversion of Control 控制反转):是一种面向对象编程中的一种设计原则,用来减低计算机代码之间的耦合度.其基本思想是:借助于"第三方" ...
- Alpha冲刺(11/10)——2019.5.3
作业描述 课程 软件工程1916|W(福州大学) 团队名称 修!咻咻! 作业要求 项目Alpha冲刺(团队) 团队目标 切实可行的计算机协会维修预约平台 开发工具 Eclipse 团队信息 队员学号 ...
- [转帖]【mount】Linux根目录空间不足
[mount]Linux根目录空间不足 2019.04.15 21:30:47字数 1094阅读 107 一.问题背景 一台数据库服务器,突然监控告警,报根目录空间不足(no space left o ...
- AntDesign vue学习笔记(五)导航菜单动态加载
一般的后台系统都有一个树形导航菜单,具体实现如下,主要参考https://my.oschina.net/u/4131669/blog/3048416 "menuList": [ { ...
- Effective.Java第23-33条(泛型相关)
23. 类结构层次优于标签类 有时你会碰到一个类,它的实例有一个或多个风格,并且包含一个tag属性表示实例的风格.例如,如下面的类表示一个圆或者矩形: public class Figure { / ...
- 案例:使用logstash收集游戏服务器日志,输出到kafka消息队列中,然后存入ES
gamelogs2kafka.conf input { file { codec => plain { charset => "UTF-8" } path => ...
- N(C)O(S)I(P)P 2019 退役记
N(C)O(S)I(P)P 2019 退役记 day-4 今天下午老师突然咕了,于是一下午欢乐时光 今天上午考试T3线段树维护个区间加,区间乘 一遍过编译,一遍过样例(第一次,俺比较弱(虽然也发现和暴 ...
- Spring Boot 企业级应用开发实战 刘伟东-2018年3月第一版
Spring会自动搜索某些路径下的Java类 并将这些类注册微Bean实例,这样就省去了所有Bean都配置在XML的麻烦 Spring会适当地将显示指定路径下的的类全部注册微Spring Bean . ...
- .NET CORE 动态加载 DLL 的问题
有个系统, 需要适应不同类型的数据库(同时只使用其中一种),如果把数据库操作层提取出来,然后针对不同的数据库使用不同的 DLL, 再根据不同的项目使用不同的库, 在以前的 ASP.NET 中, 直接把 ...
- vue组件5 组件和v-for指令
使用v-for遍历一个数组的时候,并且给定的数组变化时vue不会重复生成所有的元素,而是智能的找到需要更改的元素,并只改变这些元素 key属性可以告诉vue数组中的每个元素都应该与页面上的哪个元素相关 ...