千家信息网

请输入关键字词

热门搜索排行

最新搜索排行

导航: 首页 > 服务器 >

ingress-nginx的部署和配置

发表于:2025-02-05 作者:千家信息网编辑
千家信息网最后更新 2025年02月05日,一、Ingress-Nginx工作原理1.ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化,2.然后读取它,按照自定义的规则,规则就
千家信息网最后更新 2025年02月05日ingress-nginx的部署和配置

一、Ingress-Nginx工作原理

1.ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化,

2.然后读取它,按照自定义的规则,规则就是写明了哪个域名对应哪个service,生成一段nginx配置,

3.再写到nginx-ingress-control的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器会把生成的nginx配置写入/etc/nginx.conf文件中,

4.然后reload一下使配置生效。以此达到域名分配置和动态更新的问题。

更多相关内容:

使用ingress-nginx进行前后端分离的示例

k8s ingress-nginx 0.25.1 最新版部署和例子

二、配置

源文件:https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/mandatory.yaml

可以通过wget下载后作修改!

主要改动:
hostNetwork: true
bitnami/nginx-ingress-controller:0.26.2

apiVersion: v1kind: Namespacemetadata:  name: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---kind: ConfigMapapiVersion: v1metadata:  name: nginx-configuration  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---kind: ConfigMapapiVersion: v1metadata:  name: tcp-services  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---kind: ConfigMapapiVersion: v1metadata:  name: udp-services  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---apiVersion: v1kind: ServiceAccountmetadata:  name: nginx-ingress-serviceaccount  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRolemetadata:  name: nginx-ingress-clusterrole  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxrules:  - apiGroups:      - ""    resources:      - configmaps      - endpoints      - nodes      - pods      - secrets    verbs:      - list      - watch  - apiGroups:      - ""    resources:      - nodes    verbs:      - get  - apiGroups:      - ""    resources:      - services    verbs:      - get      - list      - watch  - apiGroups:      - ""    resources:      - events    verbs:      - create      - patch  - apiGroups:      - "extensions"      - "networking.k8s.io"    resources:      - ingresses    verbs:      - get      - list      - watch  - apiGroups:      - "extensions"      - "networking.k8s.io"    resources:      - ingresses/status    verbs:      - update---apiVersion: rbac.authorization.k8s.io/v1beta1kind: Rolemetadata:  name: nginx-ingress-role  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxrules:  - apiGroups:      - ""    resources:      - configmaps      - pods      - secrets      - namespaces    verbs:      - get  - apiGroups:      - ""    resources:      - configmaps    resourceNames:      # Defaults to "-"      # Here: "-"      # This has to be adapted if you change either parameter      # when launching the nginx-ingress-controller.      - "ingress-controller-leader-nginx"    verbs:      - get      - update  - apiGroups:      - ""    resources:      - configmaps    verbs:      - create  - apiGroups:      - ""    resources:      - endpoints    verbs:      - get---apiVersion: rbac.authorization.k8s.io/v1beta1kind: RoleBindingmetadata:  name: nginx-ingress-role-nisa-binding  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: nginx-ingress-rolesubjects:  - kind: ServiceAccount    name: nginx-ingress-serviceaccount    namespace: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name: nginx-ingress-clusterrole-nisa-binding  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: nginx-ingress-clusterrolesubjects:  - kind: ServiceAccount    name: nginx-ingress-serviceaccount    namespace: ingress-nginx---apiVersion: apps/v1kind: Deploymentmetadata:  name: nginx-ingress-controller  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxspec:  replicas: 1  selector:    matchLabels:      app.kubernetes.io/name: ingress-nginx      app.kubernetes.io/part-of: ingress-nginx  template:    metadata:      labels:        app.kubernetes.io/name: ingress-nginx        app.kubernetes.io/part-of: ingress-nginx      annotations:        prometheus.io/port: "10254"        prometheus.io/scrape: "true"    spec:      # wait up to five minutes for the drain of connections      hostNetwork: true      terminationGracePeriodSeconds: 300      serviceAccountName: nginx-ingress-serviceaccount      nodeSelector:        kubernetes.io/os: linux      containers:        - name: nginx-ingress-controller          image: bitnami/nginx-ingress-controller:0.26.2          args:            - /nginx-ingress-controller            - --configmap=$(POD_NAMESPACE)/nginx-configuration            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services            - --publish-service=$(POD_NAMESPACE)/ingress-nginx            - --annotations-prefix=nginx.ingress.kubernetes.io          securityContext:            allowPrivilegeEscalation: true            capabilities:              drop:                - ALL              add:                - NET_BIND_SERVICE            # www-data -> 33            runAsUser: 33          env:            - name: POD_NAME              valueFrom:                fieldRef:                  fieldPath: metadata.name            - name: POD_NAMESPACE              valueFrom:                fieldRef:                  fieldPath: metadata.namespace          ports:            - name: http              containerPort: 80              protocol: TCP            - name: https              containerPort: 443              protocol: TCP          livenessProbe:            failureThreshold: 3            httpGet:              path: /healthz              port: 10254              scheme: HTTP            initialDelaySeconds: 10            periodSeconds: 10            successThreshold: 1            timeoutSeconds: 10          readinessProbe:            failureThreshold: 3            httpGet:              path: /healthz              port: 10254              scheme: HTTP            periodSeconds: 10            successThreshold: 1            timeoutSeconds: 10          lifecycle:            preStop:              exec:                command:                  - /wait-shutdown---apiVersion: v1kind: LimitRangemetadata:  name: ingress-nginx  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxspec:  limits:  - default:    min:      memory: 90Mi      cpu: 100m    type: Container
很赞哦!
配置 规则 动态 域名 生成 例子 内容 原理 可以通过 就是 控制器 文件 明了 更多 最新版 源文件 示例 问题 集群 变化 数据库的安全要保护哪些东西 数据库安全各自的含义是什么 生产安全数据库录入 数据库的安全性及管理 数据库安全策略包含哪些 海淀数据库安全审计系统 建立农村房屋安全信息数据库 易用的数据库客户端支持安全管理 连接数据库失败ssl安全错误 数据库的锁怎样保障安全 网络安全国家强制标准 pdb蛋白数据库蛋白结构 oracle数据库和表空间 高效软件开发方法 数据库用什么格式可以看gbk 丽水大中小型视频系统服务器 回收服务器主板上门回收公司 深圳微信软件开发机构 linux数据库备份日期查询 我国实行网络安全分层保护 软件开发项目预算依据 lol外服开脚本不封号的服务器 网络安全备课 内存数据库和配置文件 mysql循环数据库 首款网络安全保险 云南省网络安全管理制度 艾尔登法环链接服务器闪退 软件开发应该如何学习 如何提高s数据库速度 服务器主板插槽式供电 网信意识形态与网络安全 软件开发专业哪些学校比较好 app软件开发的参考文献 数据库第七版第五章课后习题答案 mysql数据库第四章上机 2018税务网络安全宣传 神泣9数据库连接 mysql循环数据库 前端录入数据库实例

相关文章

0