导航：首页 > 服务器 >

k8s集群中的ingress----基于nginx实现

发表于：2025-01-31 作者：千家信息网编辑

千家信息网最后更新 2025年01月31日，基于nginx创建ingress1、创建基于nginx的ingress控制器pod及svc$ docker pull registry.cn-hangzhou.aliyuncs.com/google_

千家信息网最后更新 2025年01月31日k8s集群中的ingress----基于nginx实现

基于nginx创建ingress
1、创建基于nginx的ingress控制器pod及svc
$ docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.25.0
$ wget https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/mandatory.yaml
$ mv mandatory.yaml nginx-ingress-controller.yaml
$ vim nginx-ingress-controller.yaml

apiVersion: v1kind: Namespacemetadata:  name: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---kind: ConfigMapapiVersion: v1metadata:  name: nginx-configuration  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---kind: ConfigMapapiVersion: v1metadata:  name: tcp-services  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---kind: ConfigMapapiVersion: v1metadata:  name: udp-services  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---apiVersion: v1kind: ServiceAccountmetadata:  name: nginx-ingress-serviceaccount  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRolemetadata:  name: nginx-ingress-clusterrole  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxrules:  - apiGroups:      - ""    resources:      - configmaps      - endpoints      - nodes      - pods      - secrets    verbs:      - list      - watch  - apiGroups:      - ""    resources:      - nodes    verbs:      - get  - apiGroups:      - ""    resources:      - services    verbs:      - get      - list      - watch  - apiGroups:      - ""    resources:      - events    verbs:      - create      - patch  - apiGroups:      - "extensions"      - "networking.k8s.io"    resources:      - ingresses    verbs:      - get      - list      - watch  - apiGroups:      - "extensions"      - "networking.k8s.io"    resources:      - ingresses/status    verbs:      - update---apiVersion: rbac.authorization.k8s.io/v1beta1kind: Rolemetadata:  name: nginx-ingress-role  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxrules:  - apiGroups:      - ""    resources:      - configmaps      - pods      - secrets      - namespaces    verbs:      - get  - apiGroups:      - ""    resources:      - configmaps    resourceNames:      - "ingress-controller-leader-nginx"    verbs:      - get      - update  - apiGroups:      - ""    resources:      - configmaps    verbs:      - create  - apiGroups:      - ""    resources:      - endpoints    verbs:      - get---apiVersion: rbac.authorization.k8s.io/v1beta1kind: RoleBindingmetadata:  name: nginx-ingress-role-nisa-binding  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: nginx-ingress-rolesubjects:  - kind: ServiceAccount    name: nginx-ingress-serviceaccount    namespace: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name: nginx-ingress-clusterrole-nisa-binding  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: nginx-ingress-clusterrolesubjects:  - kind: ServiceAccount    name: nginx-ingress-serviceaccount    namespace: ingress-nginx---apiVersion: apps/v1kind: Deploymentmetadata:  name: nginx-ingress-controller  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxspec:  replicas: 1  selector:    matchLabels:      app.kubernetes.io/name: ingress-nginx      app.kubernetes.io/part-of: ingress-nginx  template:    metadata:      labels:        app.kubernetes.io/name: ingress-nginx        app.kubernetes.io/part-of: ingress-nginx      annotations:        prometheus.io/port: "10254"        prometheus.io/scrape: "true"    spec:      serviceAccountName: nginx-ingress-serviceaccount      containers:        - name: nginx-ingress-controller          image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.25.0          #修改镜像文件                    args:            - /nginx-ingress-controller            - --configmap=$(POD_NAMESPACE)/nginx-configuration            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services            - --publish-service=$(POD_NAMESPACE)/ingress-nginx            - --annotations-prefix=nginx.ingress.kubernetes.io          securityContext:            allowPrivilegeEscalation: true            capabilities:              drop:                - ALL              add:                - NET_BIND_SERVICE            runAsUser: 33          env:            - name: POD_NAME              valueFrom:                fieldRef:                  fieldPath: metadata.name            - name: POD_NAMESPACE              valueFrom:                fieldRef:                  fieldPath: metadata.namespace          ports:            - name: http              containerPort: 80              hostPort: 80        #增加hostPort            - name: https              containerPort: 443          livenessProbe:            failureThreshold: 3            httpGet:              path: /healthz              port: 10254              scheme: HTTP            initialDelaySeconds: 10            periodSeconds: 10            successThreshold: 1            timeoutSeconds: 10          readinessProbe:            failureThreshold: 3            httpGet:              path: /healthz              port: 10254              scheme: HTTP            periodSeconds: 10            successThreshold: 1            timeoutSeconds: 10

$ kubectl get pod -n ingress-nginx -o wide |grep ingress
使用命令创建svc
$ kubectl expose deployment nginx-ingress-controller --name=ingress-nginx --type=NodePort -n ingress-nginx
$ kubectl get svc -n ingress-nginx |grep ingress

2、创建应用pod及svc
$ kubectl run nginx1 --image=nginx --port=80
$ kubectl run nginx3 --image=nginx --port=80
$ kubectl run nginx5 --image=nginx --port=80
$ kubectl expose deployment nginx1 --name=nginx1
$ kubectl expose deployment nginx3 --name=nginx3
$ kubectl expose deployment nginx5 --name=nginx5
$ kubectl get pod |grep nginx
$ kubectl exec nginx1-6697bccbf9-gdcxd -it bash
/# cd /usr/share/nginx/html/
/# echo 11111 > index.html
$ kubectl exec nginx3-b869cb8df-5vfgg -it bash
/# cd /usr/share/nginx/html/
/# mkdir rhce
/# echo 33333 > rhce/index.html
$ kubectl exec nginx5-76c7c85869-4ttrr -it bash
/# cd /usr/share/nginx/html/
/# echo 55555 > index.html

3、为应用pod及svc创建ingress策略

apiVersion: extensions/v1beta1kind: Ingressmetadata:  name: myingressspec:  rules:  - host: www.rhce.cc    http:      paths:      - path: /     #网页文件必须在/usr/share/nginx/html/内        backend:          serviceName: nginx1          servicePort: 80      - path: /rhce     #网页文件必须在/usr/share/nginx/html/rhce/内        backend:          serviceName: nginx3          servicePort: 80  - host: www5.rhce.cc    http:      paths:      - path: /        backend:          serviceName: nginx5          servicePort: 80

$ kubectl get ingressmyingress         www.example.cc,www5.example.cc             80      81d4、访问测试查看ingress控制器pod在哪个node上$ kubectl get pod -n ingress-nginx -o wide在server241.example.com上模拟dns$ vim /etc/hosts192.168.1.241        www.example.cc192.168.1.241        www5.example.cchttp://www.example.cc ----访问nginx1http://www.example.cc/rhce ----访问nginx3http://www5.example.cc ----访问nginx5

很赞哦！