ingress controller安装

k8s集群版本:1.15+

官方文档:

https://kubernetes.github.io/ingress-nginx/

创建基础配置

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

 Using NodePort:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

以上执行完成后,查看ingress-controller已经运行起来了

[root@k8s-master ~]# kubectl get pods -n ingress-nginx

NAME                                        READY   STATUS    RESTARTS   AGE

nginx-ingress-controller-689498bc7c-tvhv5   1/1     Running   3          16d

[root@k8s-master ~]#

查看service信息,nodeport端口31380,31390

[root@k8s-master ~]# kubectl get svc -n ingress-nginx

NAME            TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE

ingress-nginx   NodePort   10.108.101.78   <none>        80:31380/TCP,443:31390/TCP   14d

[root@k8s-master ~]#

 至此ingress-controller安装完成

What is Ingress?

  internet

        |

   [ Ingress ]

   --|-----|--

   [ Services ]

  

ingress使用

本次通过安装kubernetes的dashboard来演示ingress的使用

dashboard的安装

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
[root@k8s-master jtdeploy]# cat kubernetes-dashboard.yaml

# Copyright 2017 The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-certs

  namespace: kube-system

type: Opaque

---

# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

rules:

  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.

- apiGroups: [""]

  resources: ["secrets"]

  verbs: ["create"]

  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  verbs: ["create"]

  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.

- apiGroups: [""]

  resources: ["secrets"]

  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]

  verbs: ["get", "update", "delete"]

  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  resourceNames: ["kubernetes-dashboard-settings"]

  verbs: ["get", "update"]

  # Allow Dashboard to get metrics from heapster.

- apiGroups: [""]

  resources: ["services"]

  resourceNames: ["heapster"]

  verbs: ["proxy"]

- apiGroups: [""]

  resources: ["services/proxy"]

  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]

  verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: kubernetes-dashboard-minimal

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Deployment ------------------- #

kind: Deployment

apiVersion: apps/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  replicas: 1

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      k8s-app: kubernetes-dashboard

  template:

    metadata:

      labels:

        k8s-app: kubernetes-dashboard

    spec:

      containers:

      - name: kubernetes-dashboard

        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

        ports:

        - containerPort: 9090

          protocol: TCP

        args:

          - --enable-skip-login

          # Uncomment the following line to manually specify Kubernetes API server Host

          # If not specified, Dashboard will attempt to auto discover the API server and connect

          # to it. Uncomment only if the default does not work.

          # - --apiserver-host=http://my-address:port

        volumeMounts:

        - name: kubernetes-dashboard-certs

          mountPath: /certs

          # Create on-disk volume to store exec logs

        - mountPath: /tmp

          name: tmp-volume

        livenessProbe:

          httpGet:

            scheme: HTTP

            path: /

            port: 9090

          initialDelaySeconds: 30

          timeoutSeconds: 30

      volumes:

      - name: kubernetes-dashboard-certs

        secret:

          secretName: kubernetes-dashboard-certs

      - name: tmp-volume

        emptyDir: {}

      serviceAccountName: kubernetes-dashboard

      # Comment the following tolerations if Dashboard must not be deployed on master

      tolerations:

      - key: node-role.kubernetes.io/master

        effect: NoSchedule

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: kubernetes-dashboard

  labels:

    k8s-app: kubernetes-dashboard

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Service ------------------- #

kind: Service

apiVersion: v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  type: NodePort

  ports:

    - port: 9090

      targetPort: 9090

  selector:

    k8s-app: kubernetes-dashboard

[root@k8s-master jtdeploy]#

配置文件修改原模板containerPort 端口

args:
- --enable-skip-login 表示不认证

使用以上配置文件即可创建

查看pods

[root@k8s-master jtdeploy]# kubectl get pods -n kube-system

NAME                                    READY   STATUS    RESTARTS   AGE

calico-node-2srnw                       2/2     Running   8          20d

calico-node-ppnjh                       2/2     Running   8          20d

coredns-86c58d9df4-ptth2                1/1     Running   4          20d

coredns-86c58d9df4-wxldx                1/1     Running   4          20d

etcd-k8s-master                         1/1     Running   4          20d

kube-apiserver-k8s-master               1/1     Running   4          20d

kube-controller-manager-k8s-master      1/1     Running   4          20d

kube-proxy-4kwj6                        1/1     Running   4          20d

kube-proxy-hfmqn                        1/1     Running   4          20d

kube-scheduler-k8s-master               1/1     Running   4          20d

kubernetes-dashboard-784b868d9d-hc77v   1/1     Running   3          16d

tiller-deploy-dbb85cb99-srbch           1/1     Running   4          20d

[root@k8s-master jtdeploy]#

查看svc

[root@k8s-master jtdeploy]# kubectl get svc -n kube-system

NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE

calico-typha           ClusterIP   10.105.54.12   <none>        5473/TCP        20d

kube-dns               ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP   20d

kubernetes-dashboard   ClusterIP   10.106.65.78   <none>        9090/TCP        16d

tiller-deploy          ClusterIP   10.97.33.192   <none>        44134/TCP       20d

[root@k8s-master jtdeploy]#

这里没有使用nodeport ,所有使用ingress来配置外网访问.

  

haproxy安装

root@xuliang-PC:~/haproxy# cat docker-compose.yml

version: "2"

services:

  haproxy:

    image: haproxy:1.8

    ports:

      - 80:31380

      - 443:31390

      - 8181:8181

    restart: always

    volumes:

      - /root/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg

    network_mode: host

#    networks:

#    #      - haproxy_lb

#

#    #networks:

#    #  haproxy_lb:

#    #    driver: bridge

root@xuliang-PC:~/haproxy#

 haproxy配置文件

root@xuliang-PC:~/haproxy# cat haproxy.cfg

global

   stats timeout 30s

   maxconn 1000

defaults

   mode tcp

   option dontlognull

   retries 3

   timeout http-request    30s

   timeout queue           1m

   timeout connect         30s

   timeout client          1m

   timeout server          1m

   timeout http-keep-alive 30s

   timeout check           30s

   option redispatch

   option srvtcpka

   option clitcpka

## HTTP

frontend http_front

   bind *:80

   default_backend http_backend

backend http_backend

   server k8s-master 192.168.100.101:31380 check

   server k8s-node1 192.168.1.102:31380 check

   #server k8s-node3 192.168.1.103:31380 check

## HTTPS

frontend https_front

   bind *:443

   default_backend https_backend

backend https_backend

   server k8s-master 192.168.100.101:31390 check

   server k8s-node1 192.168.100.102:31390 check

   #server k8s-node4 192.168.1.103:31390 check

# HAProxy stats

listen stats

   bind *:8181

   mode http

   stats enable

   stats uri /

   stats realm Haproxy\ Statistics

   stats auth haproxy:haproxy

root@xuliang-PC:~/haproxy#

 

在本机添加hosts,有域名的可以配置域名解析

root@xuliang-PC:~/haproxy# cat /etc/hosts

192.168.100.29 myapp.test.com

root@xuliang-PC:~/haproxy#

测试解析

root@xuliang-PC:~/haproxy# ping myapp.test.com

PING myapp.test.com (192.168.100.29) 56(84) bytes of data.

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=1 ttl=64 time=0.024 ms

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=2 ttl=64 time=0.024 ms

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=3 ttl=64 time=0.028 ms

^C

--- myapp.test.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2032ms

rtt min/avg/max/mdev = 0.024/0.025/0.028/0.004 ms

root@xuliang-PC:~/haproxy#

配置ingress

[root@k8s-master ~]# cat ingress-dashboard.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: ingress-dashboard

  namespace: kube-system

  annotations:

    kubernetes.io/ingress.class: "nginx"

spec:

  rules:

  - host: myapp.test.com

    http:

      paths:

      - path: /

        backend:

          serviceName: kubernetes-dashboard

          servicePort: 9090

---

apiVersion: v1

kind: Service

metadata:

  name: ingress-nginx

  namespace: ingress-nginx

  labels:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

spec:

  type: NodePort

  ports:

    - name: http

      port: 80

      targetPort: 80

      protocol: TCP

      nodePort: 31380

    - name: https

      port: 443

      targetPort: 443

      protocol: TCP

      nodePort: 31390

  selector:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

---

[root@k8s-master ~]#

此处注意一定要配置:

annotations:

    kubernetes.io/ingress.class: "nginx"

查看ingress
[root@k8s-master dashboard]# kubectl get ingress -n kube-system

NAME                HOSTS            ADDRESS         PORTS   AGE

ingress-dashboard   myapp.test.com   10.108.73.126   80      147m

[root@k8s-master dashboard]#

至此可以通过域名访问

 

ingress controller 和ingress使用实例的更多相关文章

  1. Kubernetes 学习11 kubernetes ingress及ingress controller

    一.上集回顾 1.Service 3种模型:userspace,iptables,ipvs 2.Service类型 ClusterIP,NodePort NodePort:client -> N ...

  2. 实操教程丨如何在K8S集群中部署Traefik Ingress Controller

    注:本文使用的Traefik为1.x的版本 在生产环境中,我们常常需要控制来自互联网的外部进入集群中,而这恰巧是Ingress的职责. Ingress的主要目的是将HTTP和HTTPS从集群外部暴露给 ...

  3. Kubernetes Ingress Controller的使用及高可用落地

    Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...

  4. Kubernetes 服务入口管理与 Nginx Ingress Controller

    Kubernetes 具有强大的副本,动态扩容等特性,每一次 Pod 的变化 IP 地址都会发生变化,所以 Kubernetes 引进了 Service 的概念.Kubernetes 中使用 Serv ...

  5. Kubernetes学习之路(十五)之Ingress和Ingress Controller

    目录 一.什么是Ingress? 1.Pod 漂移问题 2.端口管理问题 3.域名分配及动态更新问题 二.如何创建Ingress资源 三.Ingress资源类型 1.单Service资源型Ingres ...

  6. 11. Ingress及Ingress Controller(主nginx ingress controller)

    11. Ingress,Ingress Controller拥有七层代理调度能力 什么是Ingress: Ingress是授权入站连接到达集群服务的规则集合 Ingress是一个Kubernetes资 ...

  7. traefik ingress Controller使用

    Kubernetes Ingress Kubernetes Ingress是路由规则的集合,这些规则控制外部用户如何访问Kubernetes集群中运行的服务. 在Kubernetes中,有三种方式可以 ...

  8. 浅谈 k8s ingress controller 选型

    大家好,先简单自我介绍下,我叫厉辉,来自腾讯云.业余时间比较喜欢开源,现在是Apache APISIX PPMC.今天我来简单给大家介绍下 K8S Ingress 控制器的选型经验,今天我讲的这些内容 ...

  9. 为 Rainbond Ingress Controller 设置负载均衡

    Rainbond 作为一款云原生应用管理平台,天生带有引导南北向网络流量的分布式网关 rbd-gateway.rbd-gateway 组件,实际上是好雨科技团队开发的一种 Ingress Contro ...

随机推荐

  1. ImageApparate(幻影)镜像加速服务让镜像分发效率提升 5-10 倍

    作者介绍 李昂,腾讯高级开发工程师,主要关注容器存储和镜像存储相关领域,目前主要负责腾讯容器镜像服务和镜像存储加速系统的研发和设计工作. 李志宇,腾讯云后台开发工程师.负责腾讯云 TKE 集群节点和运 ...

  2. 使用EF的Code First模式创建模型

    Entity Framework Core Entity Framework (EF) Core 是轻量化.可扩展.开源和跨平台版的常用 Entity Framework 数据访问技术. EF Cor ...

  3. Python插入排序

    升序 import random l = [] for i in range(8): l.append(random.randint(0,9)) print(l) for cur in range(1 ...

  4. 剑指 Offer 14- I. 剪绳子 + 动态规划 + 数论

    剑指 Offer 14- I. 剪绳子 题目链接 还是343. 整数拆分的官方题解写的更清楚 本题说的将绳子剪成m段,m是大于1的任意一个正整数,也就是必须剪这个绳子,至于剪成几段,每一段多长,才能使 ...

  5. Mybatis系列全解(八):Mybatis的9大动态SQL标签你知道几个?提前致女神!

    封面:洛小汐 作者:潘潘 2021年,仰望天空,脚踏实地. 这算是春节后首篇 Mybatis 文了~ 跨了个年感觉写了有半个世纪 ... 借着女神节 ヾ(◍°∇°◍)ノ゙ 提前祝男神女神们越靓越富越嗨 ...

  6. java校招笔试题

    基础: Java 反射?反射有什么缺点?你是怎么理解反射的(为什么框架需要反射)? 谈谈对 Java 注解的理解,解决了什么问题? 内部类了解吗?匿名内部类了解吗? BIO和NIO区别,4核cpu,1 ...

  7. jdk8的安装与环境搭建

    jdk8的安装与环境搭建 jdk8下载网址:https://www.oracle.com/cn/java/technologies/javase/javase-jdk8-downloads.html ...

  8. 翻译:《实用的Python编程》04_02_Inheritance

    目录 | 上一节 (4.1 类) | 下一节 (4.3 特殊方法) 4.2 继承 继承(inheritance)是编写可扩展程序程序的常用手段.本节对继承的思想(idea)进行探讨. 简介 继承用于特 ...

  9. python基础(9)增强型赋值与使用普通赋值的区别

    前言 增强型赋值语句是经常被使用到的,因为从各种学习渠道中,我们能够得知i += 1的效率往往要比 i = i + 1 更高一些(这里以 += 为例,实际上增强型赋值语句不仅限于此).所以我们会乐此不 ...

  10. Python读写配置文件模块--Configobj

    一.介绍 我们在项目的开发过程中应该会遇到这样的问题:我们的项目读取某个配置文件,然后才能按照配置的信息正常运行服务,当我们需要对修改服务的某些信息时,可以直接修改这个配置文件,重启服务即可,不用再去 ...