k8s ingress 两种部署方式nodePort和hostNetwork
编辑于 2021-09-01 17:06:54 阅读 2528
准备
下载deploy.yaml
https://github.com/kubernetes/ingress-nginx/blob/main/deploy/static/provider/baremetal/deploy.yaml
替换镜像url并 创建资源对象
# 替换镜像url
# 192.168.10.104:5000为本地镜像
将
k8s.gcr.io/ingress-nginx/controller:v1.0.0@sha256:0851b34f69f69352bf168e6ccf30e1e20714a264ab1ecd1933e4d8c0fc3215c6
替换为
192.168.10.104:5000/k8s.gcr.io/ingress-nginx/controller:v1.0.0
将
k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068
替换为
192.168.10.104:5000/k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
# 创建资源对象
kubectl apply -f deploy.yaml
安装
创建应用
kubectl apply -f - <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2 # tells deployment to run 2 pods matching the template
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: nginx
EOF
创建ingress
kubectl apply -f - <<EOF
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: "nginx.cw.net"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: nginx-service
port:
number: 80
EOF
部署方式nodePort
kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx
# 查看 ingress 对应节点的端口
[root@master ingress-nginx]# kubectl get services ingress-nginx-controller --namespace=ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.1.61.167 <none> 80:30447/TCP,443:30976/TCP 4h41m
# 修改hosts
# 192.168.10.90为主节点ip
echo '192.168.10.90 nginx.cw.net'>>/etc/hosts
#我们这里设置了replicas=2,会产生两个容器,分别进入两个容器,增加一个文件
echo 'aaa' >/usr/share/nginx/html/a.html
# 通过浏览器访问 http://nginx.cw.net:30447/a.html
部署方式hostNetwork
1. kind: Deployment => kind: DaemonSet
2.
添加 hostNetwork: true
vi deploy.yaml
...
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
hostNetwork: true
terminationGracePeriodSeconds: 300
...
kubectl apply -f deploy.yaml
# 查看节点的对外ip
[root@master ingress-nginx]# kubectl get po -n ingress-nginx -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-nginx-admission-create--1-h7bvr 0/1 Completed 0 5h59m 10.244.1.4 node1 <none> <none>
ingress-nginx-admission-patch--1-dg4m6 0/1 Completed 3 5h59m 10.244.2.4 node2 <none> <none>
ingress-nginx-controller-cpdqw 1/1 Running 0 6m35s 192.168.10.92 node2 <none> <none>
ingress-nginx-controller-tsdvz 1/1 Running 0 6m35s 192.168.10.91 node1 <none> <none>
# 修改hosts
# 192.168.10.91,192.168.10.92为子节点ip
echo -e '192.168.10.91 nginx.cw.net\n192.168.10.92 nginx.cw.net'>>/etc/hosts
#我们这里设置了replicas=2,会产生两个容器,分别进入两个容器,增加一个文件
echo 'aaa' >/usr/share/nginx/html/a.html
# 通过浏览器访问
http://nginx.cw.net/a.html
HTTPS
证书文件通过阿里云免费申请
#创建secret
kubectl create secret tls test-ingress-secret --cert=nginx.cw.net.pem --key=nginx.cw.net.key
kubectl get secret
kubectl describe secret test-ingress-secret
vi test-ingress.yml
...
spec:
tls:
- hosts:
- nginx.cw.net
secretName: test-ingress-secret
rules:
- host: "nginx.cw.net"
...
kubectl apply -f test-ingress.yml
清理
kubectl delete -f deploy.yaml
kubectl delete -n default deployment nginx-deployment
kubectl delete -n default service nginx-service
kubectl delete -n default ingress test-ingress