ingress controller安装

k8s集群版本:1.15+

官方文档:

https://kubernetes.github.io/ingress-nginx/

创建基础配置

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

 Using NodePort:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

以上执行完成后,查看ingress-controller已经运行起来了

[root@k8s-master ~]# kubectl get pods -n ingress-nginx

NAME                                        READY   STATUS    RESTARTS   AGE

nginx-ingress-controller-689498bc7c-tvhv5   1/1     Running   3          16d

[root@k8s-master ~]#

查看service信息,nodeport端口31380,31390

[root@k8s-master ~]# kubectl get svc -n ingress-nginx

NAME            TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE

ingress-nginx   NodePort   10.108.101.78   <none>        80:31380/TCP,443:31390/TCP   14d

[root@k8s-master ~]#

 至此ingress-controller安装完成

What is Ingress?

  internet

        |

   [ Ingress ]

   --|-----|--

   [ Services ]

  

ingress使用

本次通过安装kubernetes的dashboard来演示ingress的使用

dashboard的安装

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
[root@k8s-master jtdeploy]# cat kubernetes-dashboard.yaml

# Copyright 2017 The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-certs

  namespace: kube-system

type: Opaque

---

# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

rules:

  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.

- apiGroups: [""]

  resources: ["secrets"]

  verbs: ["create"]

  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  verbs: ["create"]

  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.

- apiGroups: [""]

  resources: ["secrets"]

  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]

  verbs: ["get", "update", "delete"]

  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  resourceNames: ["kubernetes-dashboard-settings"]

  verbs: ["get", "update"]

  # Allow Dashboard to get metrics from heapster.

- apiGroups: [""]

  resources: ["services"]

  resourceNames: ["heapster"]

  verbs: ["proxy"]

- apiGroups: [""]

  resources: ["services/proxy"]

  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]

  verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: kubernetes-dashboard-minimal

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Deployment ------------------- #

kind: Deployment

apiVersion: apps/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  replicas: 1

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      k8s-app: kubernetes-dashboard

  template:

    metadata:

      labels:

        k8s-app: kubernetes-dashboard

    spec:

      containers:

      - name: kubernetes-dashboard

        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

        ports:

        - containerPort: 9090

          protocol: TCP

        args:

          - --enable-skip-login

          # Uncomment the following line to manually specify Kubernetes API server Host

          # If not specified, Dashboard will attempt to auto discover the API server and connect

          # to it. Uncomment only if the default does not work.

          # - --apiserver-host=http://my-address:port

        volumeMounts:

        - name: kubernetes-dashboard-certs

          mountPath: /certs

          # Create on-disk volume to store exec logs

        - mountPath: /tmp

          name: tmp-volume

        livenessProbe:

          httpGet:

            scheme: HTTP

            path: /

            port: 9090

          initialDelaySeconds: 30

          timeoutSeconds: 30

      volumes:

      - name: kubernetes-dashboard-certs

        secret:

          secretName: kubernetes-dashboard-certs

      - name: tmp-volume

        emptyDir: {}

      serviceAccountName: kubernetes-dashboard

      # Comment the following tolerations if Dashboard must not be deployed on master

      tolerations:

      - key: node-role.kubernetes.io/master

        effect: NoSchedule

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: kubernetes-dashboard

  labels:

    k8s-app: kubernetes-dashboard

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Service ------------------- #

kind: Service

apiVersion: v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  type: NodePort

  ports:

    - port: 9090

      targetPort: 9090

  selector:

    k8s-app: kubernetes-dashboard

[root@k8s-master jtdeploy]#

配置文件修改原模板containerPort 端口

args:
- --enable-skip-login 表示不认证

使用以上配置文件即可创建

查看pods

[root@k8s-master jtdeploy]# kubectl get pods -n kube-system

NAME                                    READY   STATUS    RESTARTS   AGE

calico-node-2srnw                       2/2     Running   8          20d

calico-node-ppnjh                       2/2     Running   8          20d

coredns-86c58d9df4-ptth2                1/1     Running   4          20d

coredns-86c58d9df4-wxldx                1/1     Running   4          20d

etcd-k8s-master                         1/1     Running   4          20d

kube-apiserver-k8s-master               1/1     Running   4          20d

kube-controller-manager-k8s-master      1/1     Running   4          20d

kube-proxy-4kwj6                        1/1     Running   4          20d

kube-proxy-hfmqn                        1/1     Running   4          20d

kube-scheduler-k8s-master               1/1     Running   4          20d

kubernetes-dashboard-784b868d9d-hc77v   1/1     Running   3          16d

tiller-deploy-dbb85cb99-srbch           1/1     Running   4          20d

[root@k8s-master jtdeploy]#

查看svc

[root@k8s-master jtdeploy]# kubectl get svc -n kube-system

NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE

calico-typha           ClusterIP   10.105.54.12   <none>        5473/TCP        20d

kube-dns               ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP   20d

kubernetes-dashboard   ClusterIP   10.106.65.78   <none>        9090/TCP        16d

tiller-deploy          ClusterIP   10.97.33.192   <none>        44134/TCP       20d

[root@k8s-master jtdeploy]#

这里没有使用nodeport ,所有使用ingress来配置外网访问.

  

haproxy安装

root@xuliang-PC:~/haproxy# cat docker-compose.yml

version: "2"

services:

  haproxy:

    image: haproxy:1.8

    ports:

      - 80:31380

      - 443:31390

      - 8181:8181

    restart: always

    volumes:

      - /root/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg

    network_mode: host

#    networks:

#    #      - haproxy_lb

#

#    #networks:

#    #  haproxy_lb:

#    #    driver: bridge

root@xuliang-PC:~/haproxy#

 haproxy配置文件

root@xuliang-PC:~/haproxy# cat haproxy.cfg

global

   stats timeout 30s

   maxconn 1000

defaults

   mode tcp

   option dontlognull

   retries 3

   timeout http-request    30s

   timeout queue           1m

   timeout connect         30s

   timeout client          1m

   timeout server          1m

   timeout http-keep-alive 30s

   timeout check           30s

   option redispatch

   option srvtcpka

   option clitcpka

## HTTP

frontend http_front

   bind *:80

   default_backend http_backend

backend http_backend

   server k8s-master 192.168.100.101:31380 check

   server k8s-node1 192.168.1.102:31380 check

   #server k8s-node3 192.168.1.103:31380 check

## HTTPS

frontend https_front

   bind *:443

   default_backend https_backend

backend https_backend

   server k8s-master 192.168.100.101:31390 check

   server k8s-node1 192.168.100.102:31390 check

   #server k8s-node4 192.168.1.103:31390 check

# HAProxy stats

listen stats

   bind *:8181

   mode http

   stats enable

   stats uri /

   stats realm Haproxy\ Statistics

   stats auth haproxy:haproxy

root@xuliang-PC:~/haproxy#

 

在本机添加hosts,有域名的可以配置域名解析

root@xuliang-PC:~/haproxy# cat /etc/hosts

192.168.100.29 myapp.test.com

root@xuliang-PC:~/haproxy#

测试解析

root@xuliang-PC:~/haproxy# ping myapp.test.com

PING myapp.test.com (192.168.100.29) 56(84) bytes of data.

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=1 ttl=64 time=0.024 ms

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=2 ttl=64 time=0.024 ms

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=3 ttl=64 time=0.028 ms

^C

--- myapp.test.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2032ms

rtt min/avg/max/mdev = 0.024/0.025/0.028/0.004 ms

root@xuliang-PC:~/haproxy#

配置ingress

[root@k8s-master ~]# cat ingress-dashboard.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: ingress-dashboard

  namespace: kube-system

  annotations:

    kubernetes.io/ingress.class: "nginx"

spec:

  rules:

  - host: myapp.test.com

    http:

      paths:

      - path: /

        backend:

          serviceName: kubernetes-dashboard

          servicePort: 9090

---

apiVersion: v1

kind: Service

metadata:

  name: ingress-nginx

  namespace: ingress-nginx

  labels:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

spec:

  type: NodePort

  ports:

    - name: http

      port: 80

      targetPort: 80

      protocol: TCP

      nodePort: 31380

    - name: https

      port: 443

      targetPort: 443

      protocol: TCP

      nodePort: 31390

  selector:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

---

[root@k8s-master ~]#

此处注意一定要配置:

annotations:

    kubernetes.io/ingress.class: "nginx"

查看ingress
[root@k8s-master dashboard]# kubectl get ingress -n kube-system

NAME                HOSTS            ADDRESS         PORTS   AGE

ingress-dashboard   myapp.test.com   10.108.73.126   80      147m

[root@k8s-master dashboard]#

至此可以通过域名访问

 

ingress controller 和ingress使用实例的更多相关文章

  1. Kubernetes 学习11 kubernetes ingress及ingress controller

    一.上集回顾 1.Service 3种模型:userspace,iptables,ipvs 2.Service类型 ClusterIP,NodePort NodePort:client -> N ...

  2. 实操教程丨如何在K8S集群中部署Traefik Ingress Controller

    注:本文使用的Traefik为1.x的版本 在生产环境中,我们常常需要控制来自互联网的外部进入集群中,而这恰巧是Ingress的职责. Ingress的主要目的是将HTTP和HTTPS从集群外部暴露给 ...

  3. Kubernetes Ingress Controller的使用及高可用落地

    Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...

  4. Kubernetes 服务入口管理与 Nginx Ingress Controller

    Kubernetes 具有强大的副本,动态扩容等特性,每一次 Pod 的变化 IP 地址都会发生变化,所以 Kubernetes 引进了 Service 的概念.Kubernetes 中使用 Serv ...

  5. Kubernetes学习之路(十五)之Ingress和Ingress Controller

    目录 一.什么是Ingress? 1.Pod 漂移问题 2.端口管理问题 3.域名分配及动态更新问题 二.如何创建Ingress资源 三.Ingress资源类型 1.单Service资源型Ingres ...

  6. 11. Ingress及Ingress Controller(主nginx ingress controller)

    11. Ingress,Ingress Controller拥有七层代理调度能力 什么是Ingress: Ingress是授权入站连接到达集群服务的规则集合 Ingress是一个Kubernetes资 ...

  7. traefik ingress Controller使用

    Kubernetes Ingress Kubernetes Ingress是路由规则的集合,这些规则控制外部用户如何访问Kubernetes集群中运行的服务. 在Kubernetes中,有三种方式可以 ...

  8. 浅谈 k8s ingress controller 选型

    大家好,先简单自我介绍下,我叫厉辉,来自腾讯云.业余时间比较喜欢开源,现在是Apache APISIX PPMC.今天我来简单给大家介绍下 K8S Ingress 控制器的选型经验,今天我讲的这些内容 ...

  9. 为 Rainbond Ingress Controller 设置负载均衡

    Rainbond 作为一款云原生应用管理平台,天生带有引导南北向网络流量的分布式网关 rbd-gateway.rbd-gateway 组件,实际上是好雨科技团队开发的一种 Ingress Contro ...

随机推荐

  1. SpringBoot(七):SpringBoot中如何使用过滤器(Filter)?

    方式一: 通过注解方式实现: 1.编写一个Servlet3的注解过滤器(和上一章Servlet相似) 贴代码: package com.example.springbootweb.filter; im ...

  2. 后端程序员之路 55、go redis

    redigo有点像hiredis,只提供了最基本的连接和执行命令接口. 找到个不错的redis库: https://github.com/go-redis/redis func ExampleNewC ...

  3. nc替代ping

    linux nc介绍: 语 法:nc [-hlnruz][-g<网关...>][-G<指向器数目>][-i<延迟秒数>][-o<输出文件>][-p< ...

  4. XXL-JOB v2.3.0 发布 | 易用性增强

    转: XXL-JOB v2.3.0 发布 | 易用性增强 v2.3.0 Release Notes 1.[新增]调度过期策略:调度中心错过调度时间的补偿处理策略,包括:忽略.立即补偿触发一次等: 2. ...

  5. Linux ctrl+z挂起的进程恢复与杀死

    Linux系统下,不小心按了ctrl+z命令后,退出了当前进程的执行界面,程序没有结束,只是被挂起了.通过ps命令可以查看进程信息,这里不做详细介绍,可通过jobs命令查看被挂起的进程号 #jobs ...

  6. 番外----python入门----pip相关

    pip 是 Python 包管理工具,该工具提供了对Python 包的查找.下载.安装.卸载的功能. 但是,由于pip使用的pip仓库默认为:http://pypi.python.org/ 是国外的 ...

  7. 漏洞复现-CVE-2018-8715-Appweb

          0x00 实验环境 攻击机:Win 10 0x01 影响版本 嵌入式HTTP Web服务器,<7.0.3版本 0x02 漏洞复现 (1)实验环境: 打开后出现此弹框登录界面: (2) ...

  8. Navicat 121版本激活工具

    以下是工具的链接: https://github.com/DoubleLabyrinth/navicat-keygen/blob/windows/README_FOR_WINDOWS.zh-CN.md ...

  9. Jmeter +Jenkins +Ant 集成发送邮件报告

    [TOC] 一.什么是接口测试? 接口测试是测试系统组件间接口的一种测试.接口测试主要用于检测外部系统与系统之间以及内部各个子系统之间的交互点.测试的重点是要检查数据的交换,传递和控制管理过程,以及系 ...

  10. 题解 CF746D 【Green and Black Tea】

    # 题目分析这道题表面上看上去挺简单,其实仔细研究一下还是值得钻研的.我本人做这道题使用的任然是$ DFS01 $背包.不过呢,与往常背包不同的是,这次递归中需要加许多参数.就数据强度来看,栈问题不大 ...