ingress controller安装

k8s集群版本:1.15+

官方文档:

https://kubernetes.github.io/ingress-nginx/

创建基础配置

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

 Using NodePort:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

以上执行完成后,查看ingress-controller已经运行起来了

[root@k8s-master ~]# kubectl get pods -n ingress-nginx

NAME                                        READY   STATUS    RESTARTS   AGE

nginx-ingress-controller-689498bc7c-tvhv5   1/1     Running   3          16d

[root@k8s-master ~]#

查看service信息,nodeport端口31380,31390

[root@k8s-master ~]# kubectl get svc -n ingress-nginx

NAME            TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE

ingress-nginx   NodePort   10.108.101.78   <none>        80:31380/TCP,443:31390/TCP   14d

[root@k8s-master ~]#

 至此ingress-controller安装完成

What is Ingress?

  internet

        |

   [ Ingress ]

   --|-----|--

   [ Services ]

  

ingress使用

本次通过安装kubernetes的dashboard来演示ingress的使用

dashboard的安装

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
[root@k8s-master jtdeploy]# cat kubernetes-dashboard.yaml

# Copyright 2017 The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-certs

  namespace: kube-system

type: Opaque

---

# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

rules:

  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.

- apiGroups: [""]

  resources: ["secrets"]

  verbs: ["create"]

  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  verbs: ["create"]

  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.

- apiGroups: [""]

  resources: ["secrets"]

  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]

  verbs: ["get", "update", "delete"]

  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  resourceNames: ["kubernetes-dashboard-settings"]

  verbs: ["get", "update"]

  # Allow Dashboard to get metrics from heapster.

- apiGroups: [""]

  resources: ["services"]

  resourceNames: ["heapster"]

  verbs: ["proxy"]

- apiGroups: [""]

  resources: ["services/proxy"]

  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]

  verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: kubernetes-dashboard-minimal

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Deployment ------------------- #

kind: Deployment

apiVersion: apps/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  replicas: 1

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      k8s-app: kubernetes-dashboard

  template:

    metadata:

      labels:

        k8s-app: kubernetes-dashboard

    spec:

      containers:

      - name: kubernetes-dashboard

        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

        ports:

        - containerPort: 9090

          protocol: TCP

        args:

          - --enable-skip-login

          # Uncomment the following line to manually specify Kubernetes API server Host

          # If not specified, Dashboard will attempt to auto discover the API server and connect

          # to it. Uncomment only if the default does not work.

          # - --apiserver-host=http://my-address:port

        volumeMounts:

        - name: kubernetes-dashboard-certs

          mountPath: /certs

          # Create on-disk volume to store exec logs

        - mountPath: /tmp

          name: tmp-volume

        livenessProbe:

          httpGet:

            scheme: HTTP

            path: /

            port: 9090

          initialDelaySeconds: 30

          timeoutSeconds: 30

      volumes:

      - name: kubernetes-dashboard-certs

        secret:

          secretName: kubernetes-dashboard-certs

      - name: tmp-volume

        emptyDir: {}

      serviceAccountName: kubernetes-dashboard

      # Comment the following tolerations if Dashboard must not be deployed on master

      tolerations:

      - key: node-role.kubernetes.io/master

        effect: NoSchedule

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: kubernetes-dashboard

  labels:

    k8s-app: kubernetes-dashboard

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Service ------------------- #

kind: Service

apiVersion: v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  type: NodePort

  ports:

    - port: 9090

      targetPort: 9090

  selector:

    k8s-app: kubernetes-dashboard

[root@k8s-master jtdeploy]#

配置文件修改原模板containerPort 端口

args:
- --enable-skip-login 表示不认证

使用以上配置文件即可创建

查看pods

[root@k8s-master jtdeploy]# kubectl get pods -n kube-system

NAME                                    READY   STATUS    RESTARTS   AGE

calico-node-2srnw                       2/2     Running   8          20d

calico-node-ppnjh                       2/2     Running   8          20d

coredns-86c58d9df4-ptth2                1/1     Running   4          20d

coredns-86c58d9df4-wxldx                1/1     Running   4          20d

etcd-k8s-master                         1/1     Running   4          20d

kube-apiserver-k8s-master               1/1     Running   4          20d

kube-controller-manager-k8s-master      1/1     Running   4          20d

kube-proxy-4kwj6                        1/1     Running   4          20d

kube-proxy-hfmqn                        1/1     Running   4          20d

kube-scheduler-k8s-master               1/1     Running   4          20d

kubernetes-dashboard-784b868d9d-hc77v   1/1     Running   3          16d

tiller-deploy-dbb85cb99-srbch           1/1     Running   4          20d

[root@k8s-master jtdeploy]#

查看svc

[root@k8s-master jtdeploy]# kubectl get svc -n kube-system

NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE

calico-typha           ClusterIP   10.105.54.12   <none>        5473/TCP        20d

kube-dns               ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP   20d

kubernetes-dashboard   ClusterIP   10.106.65.78   <none>        9090/TCP        16d

tiller-deploy          ClusterIP   10.97.33.192   <none>        44134/TCP       20d

[root@k8s-master jtdeploy]#

这里没有使用nodeport ,所有使用ingress来配置外网访问.

  

haproxy安装

root@xuliang-PC:~/haproxy# cat docker-compose.yml

version: "2"

services:

  haproxy:

    image: haproxy:1.8

    ports:

      - 80:31380

      - 443:31390

      - 8181:8181

    restart: always

    volumes:

      - /root/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg

    network_mode: host

#    networks:

#    #      - haproxy_lb

#

#    #networks:

#    #  haproxy_lb:

#    #    driver: bridge

root@xuliang-PC:~/haproxy#

 haproxy配置文件

root@xuliang-PC:~/haproxy# cat haproxy.cfg

global

   stats timeout 30s

   maxconn 1000

defaults

   mode tcp

   option dontlognull

   retries 3

   timeout http-request    30s

   timeout queue           1m

   timeout connect         30s

   timeout client          1m

   timeout server          1m

   timeout http-keep-alive 30s

   timeout check           30s

   option redispatch

   option srvtcpka

   option clitcpka

## HTTP

frontend http_front

   bind *:80

   default_backend http_backend

backend http_backend

   server k8s-master 192.168.100.101:31380 check

   server k8s-node1 192.168.1.102:31380 check

   #server k8s-node3 192.168.1.103:31380 check

## HTTPS

frontend https_front

   bind *:443

   default_backend https_backend

backend https_backend

   server k8s-master 192.168.100.101:31390 check

   server k8s-node1 192.168.100.102:31390 check

   #server k8s-node4 192.168.1.103:31390 check

# HAProxy stats

listen stats

   bind *:8181

   mode http

   stats enable

   stats uri /

   stats realm Haproxy\ Statistics

   stats auth haproxy:haproxy

root@xuliang-PC:~/haproxy#

 

在本机添加hosts,有域名的可以配置域名解析

root@xuliang-PC:~/haproxy# cat /etc/hosts

192.168.100.29 myapp.test.com

root@xuliang-PC:~/haproxy#

测试解析

root@xuliang-PC:~/haproxy# ping myapp.test.com

PING myapp.test.com (192.168.100.29) 56(84) bytes of data.

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=1 ttl=64 time=0.024 ms

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=2 ttl=64 time=0.024 ms

64 bytes from myapp.test.com (192.168.100.29): icmp_seq=3 ttl=64 time=0.028 ms

^C

--- myapp.test.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2032ms

rtt min/avg/max/mdev = 0.024/0.025/0.028/0.004 ms

root@xuliang-PC:~/haproxy#

配置ingress

[root@k8s-master ~]# cat ingress-dashboard.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: ingress-dashboard

  namespace: kube-system

  annotations:

    kubernetes.io/ingress.class: "nginx"

spec:

  rules:

  - host: myapp.test.com

    http:

      paths:

      - path: /

        backend:

          serviceName: kubernetes-dashboard

          servicePort: 9090

---

apiVersion: v1

kind: Service

metadata:

  name: ingress-nginx

  namespace: ingress-nginx

  labels:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

spec:

  type: NodePort

  ports:

    - name: http

      port: 80

      targetPort: 80

      protocol: TCP

      nodePort: 31380

    - name: https

      port: 443

      targetPort: 443

      protocol: TCP

      nodePort: 31390

  selector:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

---

[root@k8s-master ~]#

此处注意一定要配置:

annotations:

    kubernetes.io/ingress.class: "nginx"

查看ingress
[root@k8s-master dashboard]# kubectl get ingress -n kube-system

NAME                HOSTS            ADDRESS         PORTS   AGE

ingress-dashboard   myapp.test.com   10.108.73.126   80      147m

[root@k8s-master dashboard]#

至此可以通过域名访问

 

ingress controller 和ingress使用实例的更多相关文章

  1. Kubernetes 学习11 kubernetes ingress及ingress controller

    一.上集回顾 1.Service 3种模型:userspace,iptables,ipvs 2.Service类型 ClusterIP,NodePort NodePort:client -> N ...

  2. 实操教程丨如何在K8S集群中部署Traefik Ingress Controller

    注:本文使用的Traefik为1.x的版本 在生产环境中,我们常常需要控制来自互联网的外部进入集群中,而这恰巧是Ingress的职责. Ingress的主要目的是将HTTP和HTTPS从集群外部暴露给 ...

  3. Kubernetes Ingress Controller的使用及高可用落地

    Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...

  4. Kubernetes 服务入口管理与 Nginx Ingress Controller

    Kubernetes 具有强大的副本,动态扩容等特性,每一次 Pod 的变化 IP 地址都会发生变化,所以 Kubernetes 引进了 Service 的概念.Kubernetes 中使用 Serv ...

  5. Kubernetes学习之路(十五)之Ingress和Ingress Controller

    目录 一.什么是Ingress? 1.Pod 漂移问题 2.端口管理问题 3.域名分配及动态更新问题 二.如何创建Ingress资源 三.Ingress资源类型 1.单Service资源型Ingres ...

  6. 11. Ingress及Ingress Controller(主nginx ingress controller)

    11. Ingress,Ingress Controller拥有七层代理调度能力 什么是Ingress: Ingress是授权入站连接到达集群服务的规则集合 Ingress是一个Kubernetes资 ...

  7. traefik ingress Controller使用

    Kubernetes Ingress Kubernetes Ingress是路由规则的集合,这些规则控制外部用户如何访问Kubernetes集群中运行的服务. 在Kubernetes中,有三种方式可以 ...

  8. 浅谈 k8s ingress controller 选型

    大家好,先简单自我介绍下,我叫厉辉,来自腾讯云.业余时间比较喜欢开源,现在是Apache APISIX PPMC.今天我来简单给大家介绍下 K8S Ingress 控制器的选型经验,今天我讲的这些内容 ...

  9. 为 Rainbond Ingress Controller 设置负载均衡

    Rainbond 作为一款云原生应用管理平台,天生带有引导南北向网络流量的分布式网关 rbd-gateway.rbd-gateway 组件,实际上是好雨科技团队开发的一种 Ingress Contro ...

随机推荐

  1. CentOS7安装Kafka2.6.0

    1:下载 wget https://mirror.bit.edu.cn/apache/kafka/2.6.0/kafka_2.12-2.6.0.tgz 点击前往官网 2:解压 tar -zxvf ka ...

  2. Prometheus+Grafana+Alertmanager搭建全方位的监控告警系统

    prometheus安装和配置 prometheus组件介绍 1.Prometheus Server: 用于收集和存储时间序列数据. 2.Client Library: 客户端库,检测应用程序代码,当 ...

  3. DRF 视图家族及路由层补充

    目录 视图家族 一.views视图类 1.APIView类 2.GenericAPIView类(generics中) 二.mixins类:视图辅助工具 1.RetrieveModelMixin 2.L ...

  4. Go的结构体

    目录 结构体 一.什么是结构体? 二.结构体的声明 三.创建结构体 1.创建有名结构体 2.结构体初始化 2.1 按位置传参 2.2 按关键字传 3.创建匿名结构体 四.结构体的类型 五.结构体的默认 ...

  5. 死磕Spring之IoC篇 - Bean 的创建过程

    该系列文章是本人在学习 Spring 的过程中总结下来的,里面涉及到相关源码,可能对读者不太友好,请结合我的源码注释 Spring 源码分析 GitHub 地址 进行阅读 Spring 版本:5.1. ...

  6. Spirent Tester二层裸流配置

    1.OLT配置 配一个VLAN,若GE口打Tag,不需要打PVID,打Untag,配PVID. 在ONU上配一个Other Bridge Wan链接. 2.TestCenter配置 选定两个TestC ...

  7. Java实现贪吃蛇

    游戏界面基本布局 贪吃蛇是基于JFrame的一款小游戏.它主要有两部分组成,一个是显示区域,一个是按钮区域.这两个区域都用JPanel来实现. 首先需要创建一个基于JFrame的类,例如创建一个MyF ...

  8. 剑指 Offer 29. 顺时针打印矩阵 + 蛇形矩阵 + 模拟 + 思维题

    剑指 Offer 29. 顺时针打印矩阵 Offer_29 题目描述: 题解分析: 题目的初衷是将这道题当做一个简单题处理 这道题一开始想的太复杂了,其实可以参考迷宫广度优先搜索的过程,只不过在选定一 ...

  9. OpenCV计算机视觉学习(13)——图像特征点检测(Harris角点检测,sift算法)

    如果需要处理的原图及代码,请移步小编的GitHub地址 传送门:请点击我 如果点击有误:https://github.com/LeBron-Jian/ComputerVisionPractice 前言 ...

  10. Java 哈希表(google 公司的上机题)

    1 哈希表(散列)-Google 上机题 1) 看一个实际需求,google 公司的一个上机题: 2) 有一个公司,当有新的员工来报道时,要求将该员工的信息加入(id,性别,年龄,住址..),当输入该 ...