本文共 9990 字，大约阅读时间需要 33 分钟。

目录

---

一 手动部署-官网版

1.1 获取资源

1 [root@master01 ~]# mkdir ingress  2 [root@master01 ~]# cd ingress/  3 [root@master01 ingress]# git clone https://github.com/nginxinc/kubernetes-ingress/  4 [root@master01 ingress]# cd kubernetes-ingress/deployments  5 [root@master01 ingress]# git checkout v1.7.0

 

1.2 安装RBAC

1 [root@master01 deployments]# kubectl apply -f common/ns-and-sa.yaml #部署namespace及ServiceAccount  2 [root@master01 deployments]# kubectl apply -f rbac/rbac.yaml #部署RBAC角色及权限等

 

1.3 安装基础资源

1 [root@master01 deployments]# kubectl apply -f common/default-server-secret.yaml

说明：

创建TLS证书和NGINX中默认服务器的secret。默认服务器返回Not Found页面，其中包含404状态代码，用于未定义的所有访问规则请求的返回值。默认包含了一个自签名的证书和生成的密钥。

1 [root@master01 deployments]# kubectl apply -f common/nginx-config.yaml  2 [root@master01 deployments]# kubectl apply -f common/vs-definition.yaml  3 [root@master01 deployments]# kubectl apply -f common/vsr-definition.yaml  4 [root@master01 deployments]# kubectl apply -f common/ts-definition.yaml #创建虚拟主机  5 [root@master01 deployments]# kubectl apply -f common/gc-definition.yaml  6 [root@master01 deployments]# kubectl apply -f common/global-configuration.yaml

 

1.4 安装ingress controllers

1 [root@master01 deployments]# vi daemon-set/nginx-ingress.yaml

1 ……  2           - -global-configuration=$(POD_NAMESPACE)/nginx-configuration  3 ……

1 [root@master01 deployments]# kubectl apply -f daemon-set/nginx-ingress.yaml  2 [root@master01 deployments]# kubectl get pods --namespace=nginx-ingress  3 NAME READY STATUS RESTARTS AGE  4   5 nginx-ingress-cqv2m 1/1 Running 0 43s  6 nginx-ingress-fpmbv 1/1 Running 0 43s  7 nginx-ingress-kdl9p 1/1 Running 0 43s  8 nginx-ingress-lggw9 1/1 Running 0 43s  9 nginx-ingress-lnw28 1/1 Running 0 43s 10 nginx-ingress-z8rn8 1/1 Running 0 43s

1.5 创建ingress controllers service

[root@master01 deployments]# vi service/nodeport.yaml

1 apiVersion: v1  2 kind: Service  3 metadata:  4   name: nginx-ingress  5   namespace: nginx-ingress  6 spec:  7   type: NodePort  8   ports:  9   - port: 80 10     targetPort: 80 11     protocol: TCP 12     name: http 13     nodePort: 30011 14   - port: 443 15     targetPort: 443 16     protocol: TCP 17     name: https 18     nodePort: 30012 19   selector: 20     app: nginx-ingress

1 [root@master01 deployments]# kubectl create -f service/nodeport.yaml  2 [root@master01 deployments]# kubectl get svc nginx-ingress --namespace=nginx-ingress  3 [root@master01 deployments]# kubectl describe svc nginx-ingress --namespace=nginx-ingress

参考文档：https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/。

二 手动部署-github社区版(推荐）

2.1 获取资源

1 [root@master01 ~]# mkdir ingress  2 [root@master01 ~]# cd ingress/  3 [root@master01 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml  4 [root@master01 ingress]# vi deploy.yaml

1 ……  2 apiVersion: apps/v1  3 kind: Deployment  4 ……  5 spec:  6   replicas: 3  7 ……  8             - --default-backend-service=$(POD_NAMESPACE)/default-http-backend  9 …… 10 apiVersion: v1 11 kind: Service 12 …… 13   name: ingress-nginx-controller 14 …… 15 spec: 16   type: NodePort 17   externalTrafficPolicy: Local 18   ports: 19     - name: http 20       port: 80 21       protocol: TCP 22       targetPort: http 23       nodePort: 80 24     - name: https 25       port: 443 26       protocol: TCP 27       targetPort: https 28       nodePort: 443 29 ……

[root@master01 ingress]# kubectl create -f deploy.yaml

提示：添加默认backend需要等待default-backend创建完成controllers才能成功部署。

2.2 创建default backend

[root@master01 ingress]# vi default-backend.yaml

1 ---  2 apiVersion: apps/v1  3 kind: Deployment  4 metadata:  5   name: default-http-backend  6   labels:  7     app.kubernetes.io/name: default-http-backend  8     app.kubernetes.io/part-of: ingress-nginx  9   namespace: ingress-nginx 10 spec: 11   replicas: 1 12   selector: 13     matchLabels: 14       app.kubernetes.io/name: default-http-backend 15       app.kubernetes.io/part-of: ingress-nginx 16   template: 17     metadata: 18       labels: 19         app.kubernetes.io/name: default-http-backend 20         app.kubernetes.io/part-of: ingress-nginx 21     spec: 22       terminationGracePeriodSeconds: 60 23       containers: 24         - name: default-http-backend 25           # Any image is permissible as long as: 26           # 1. It serves a 404 page at / 27           # 2. It serves 200 on a /healthz endpoint 28           image: k8s.gcr.io/defaultbackend-amd64:1.5 29           livenessProbe: 30             httpGet: 31               path: /healthz 32               port: 8080 33               scheme: HTTP 34             initialDelaySeconds: 30 35             timeoutSeconds: 5 36           ports: 37             - containerPort: 8080 38           resources: 39             limits: 40               cpu: 10m 41               memory: 20Mi 42             requests: 43               cpu: 10m 44               memory: 20Mi 45  46 --- 47 apiVersion: v1 48 kind: Service 49 metadata: 50   name: default-http-backend 51   namespace: ingress-nginx 52   labels: 53     app.kubernetes.io/name: default-http-backend 54     app.kubernetes.io/part-of: ingress-nginx 55 spec: 56   ports: 57     - port: 80 58       targetPort: 8080 59   selector: 60     app.kubernetes.io/name: default-http-backend 61     app.kubernetes.io/part-of: ingress-nginx 62 ---

1 [root@master01 ingress]# kubectl create -f default-backend.yaml

2.3 确认验证

1 [root@master01 ingress]# kubectl get pods -n ingress-nginx  2 [root@master01 ingress]# kubectl get svc -n ingress-nginx

参考文档：https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md

三 ingress使用

3.1 创建demo环境

1 [root@master01 ingress]# vi deploy-demo01.yaml #创建第一个用于测试的svc和pod

1 apiVersion: v1  2 kind: Service  3 metadata:  4   name: mydemo01svc  5   namespace: default  6 spec:  7   selector:  8     app: mydemo01  9   ports: 10   - name: http 11     port: 80 12     targetPort: 80 13 --- 14 apiVersion: apps/v1 15 kind: Deployment 16 metadata: 17   name: mydemo01pod 18 spec: 19   replicas: 3 20   selector: 21     matchLabels: 22       app: mydemo01 23   template: 24     metadata: 25       labels: 26         app: mydemo01 27     spec: 28       containers: 29       - name: myapp 30         image: ikubernetes/myapp:v2 31         ports: 32         - name: httpd 33           containerPort: 80

1 [root@master01 ingress]# echo '
Hello world!
' > index.html #创建Tomcat测试页面  2 [root@master01 ingress]# scp index.html root@worker01:/etc/kubernetes/  3 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/  4 [root@master01 ingress]# scp index.html root@worker02:/etc/kubernetes/  5 [root@master01 ingress]# vi deploy-demo02.yaml #创建第二个用于测试的svc和pod

1 apiVersion: v1  2 kind: Service  3 metadata:  4   name: mydemo02svc  5   namespace: default  6 spec:  7   selector:  8     app: mydemo02  9   ports: 10   - name: httpd 11     port: 8080 12     targetPort: 8080 13  14 --- 15 apiVersion: apps/v1 16 kind: Deployment 17 metadata: 18   name: mydemo02pod 19 spec: 20   replicas: 3 21   selector: 22     matchLabels: 23       app: mydemo02 24   template: 25     metadata: 26       labels: 27         app: mydemo02 28     spec: 29       containers: 30       - name: mytomcat 31         image: tomcat:9 32         ports: 33         - name: httpd 34           containerPort: 8080 35         volumeMounts: 36         - mountPath: "/usr/local/tomcat/webapps/ROOT/index.html" 37           name: sample-volume 38           readOnly: true 39       volumes: 40       - name: sample-volume 41         hostPath: 42           type: File 43           path: /etc/kubernetes/index.html

1 [root@master01 ingress]# kubectl apply -f deploy-demo01.yaml  2 [root@master01 ingress]# kubectl apply -f deploy-demo02.yaml  3 [root@master01 ingress]# kubectl get pods -o wide  4 [root@master01 ingress]# kubectl get svc -o wide

3.2 创建ingress策略

1 [root@master01 ingress]# vi deploy-demo-ingress-http.yaml

1 apiVersion: networking.k8s.io/v1beta1  2 kind: Ingress  3 metadata:  4   name: ingress-mydemo  5   namespace: default  6   annotations:  7     kubernetes.io/ingress.class: "nginx"  8 spec:  9   rules: 10   - host: demo01.odocker.com 11     http: 12       paths: 13       - path: 14         backend: 15           serviceName: mydemo01svc 16           servicePort: 80 17   - host: demo02.linuxsb.com 18     http: 19       paths: 20       - path: 21         backend: 22           serviceName: mydemo02svc 23           servicePort: 8080

1 [root@master01 ingress]# kubectl apply -f deploy-demo-ingress-http.yaml  2 [root@master01 ingress]# kubectl get pods -o wide  3 [root@master01 ingress]# kubectl get svc -o wide  4 [root@master01 ingress]# kubectl get ingress -o wide

3.3 确认验证

添加demo01.odocker.com和demo02.odocker.com的解析。分别访问两个地址：

参考：https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/

四 ingress https使用

4.1 创建证书

使用自签名证书，证书创建参考《附008.Kubernetes TLS证书介绍及创建》。

4.2 创建secret

1 [root@master01 ingress]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo02.key -out demo02.crt -subj "/CN=demo02.odocker.com"  2 [root@master01 ingress]# kubectl create secret generic demo02-tls --from-file=demo02.crt --from-file=demo02.key -n default  3 [root@master01 ingress]# kubectl get secret demo02-tls   4 NAME TYPE DATA AGE  5   6 demo02-tls Opaque 2 27s

4.3 创建TLS ingress策略

[root@master01 ingress]# vi deploy-demo-ingress-https.yaml

1 apiVersion: networking.k8s.io/v1beta1  2 kind: Ingress  3 metadata:  4   name: ingress-mydemo02-https  5   namespace: default  6   annotations:  7     kubernets.io/ingress.class: "nginx"  8 spec:  9   tls: 10   - hosts: 11     - demo02.odocker.com 12     secretName: demo02-tls 13   rules: 14   - host: demo02.odocker.com 15     http: 16       paths: 17       - path: 18         backend: 19           serviceName: mydemo02svc 20           servicePort: 8080

[root@master01 ingress]# kubectl apply -f deploy-demo-ingress-https.yaml

4.4 确认验证

浏览器访问：demo02.odocker.com/。

转载地址：http://mogq.baihongyu.com/