内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
风哥提示:
本文档介绍Kubernetes Ingress的配置和使用方法。
Part01-Ingress概述
1.1 Ingress概念
# Kubernetes Ingress概念
[root@k8s-master ~]# cat > /root/k8s-ingress.txt << 'EOF' Kubernetes Ingress ================== 1. Ingress功能 - HTTP/HTTPS路由 - 基于域名和路径的路由 - TLS终止 - 负载均衡 2. Ingress Controller - Nginx Ingress - Traefik - HAProxy - Istio Gateway 3. Ingress资源 - 规则定义 - 后端服务映射 - TLS配置 4. 路由规则 - 基于主机名 - 基于URL路径 - 基于请求头 EOF
[root@k8s-master ~]# cat > /root/k8s-ingress.txt << 'EOF' Kubernetes Ingress ================== 1. Ingress功能 - HTTP/HTTPS路由 - 基于域名和路径的路由 - TLS终止 - 负载均衡 2. Ingress Controller - Nginx Ingress - Traefik - HAProxy - Istio Gateway 3. Ingress资源 - 规则定义 - 后端服务映射 - TLS配置 4. 路由规则 - 基于主机名 - 基于URL路径 - 基于请求头 EOF
Part02-部署Ingress Controller
2.1 安装Nginx Ingress
# 安装Nginx Ingress Controller
[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
# 查看Ingress Controller状态
[root@k8s-master ~]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-abc12 0/1 Completed 0 1m
ingress-nginx-admission-patch-def34 0/1 Completed 0 1m
ingress-nginx-controller-ghi56-abc12 1/1 Running 0 1m
# 查看Ingress Service
[root@k8s-master ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller 更多学习教程公众号风哥教程itpux_com LoadBalancer 10.96.100.200 192.168.1.50 80:31234/TCP,443:31235/TCP 1m
ingress-nginx-controller-admission ClusterIP 10.96.100.201
Part03-创建Ingress规则
3.1 基本Ingress配置
# 创建示例应用
[root@k8s-master ~]# cat > fgedu-app-deployment.yaml << 'EOF' apiVersion: apps/v1 kind: Deployment metadata: name: fgedu-web spec: replicas: 3 selector: matchLabels: app: fgedu-web template: metadata: labels: app: fgedu-web spec: containers: - name: nginx image: nginx:1.25 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: fgedu-web spec: selector: app: fgedu-web ports: - port: 80 targetPort: 80 EOF [root@k8s-master ~]# kubectl apply -f fgedu-app-deployment.yaml deployment.apps/fgedu-web created service/fgedu-web created # 创建Ingress规则 [root@k8s-master ~]# cat > fgedu-ingress.yaml << 'EOF' apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: fgedu-ingress annotations: nginx.学习交流加群风哥微信: itpux-comingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - host: fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: fgedu-web port: number: 80 EOF [root@k8s-master ~]# kubectl apply -f fgedu-ingress.yaml ingress.networking.k8s.io/fgedu-ingress created # 查看Ingress [root@k8s-master ~]# kubectl get ingress NAME CLASS HOSTS ADDRESS PORTS AGE fgedu-ingress nginx fgedu.net.cn 192.168.1.50 80 10s # 查看Ingress详情 [root@k8s-master ~]# kubectl describe ingress fgedu-ingress Name: fgedu-ingress Labels:
Namespace: default
Address: 192.168.1.50
Ingress Class: nginx
Default backend:
Rules:
Host Path Backends
—- —- ——–
fgedu.net.cn
/ fgedu-web:80 (10.244.1.10:80,10.244.2.10:80,10.244.2.11:80)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
—- —— —- —- ——-
Normal Sync 10s (x2 over 30s) nginx-ingress-controller Scheduled for sync
[root@k8s-master ~]# cat > fgedu-app-deployment.yaml << 'EOF' apiVersion: apps/v1 kind: Deployment metadata: name: fgedu-web spec: replicas: 3 selector: matchLabels: app: fgedu-web template: metadata: labels: app: fgedu-web spec: containers: - name: nginx image: nginx:1.25 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: fgedu-web spec: selector: app: fgedu-web ports: - port: 80 targetPort: 80 EOF [root@k8s-master ~]# kubectl apply -f fgedu-app-deployment.yaml deployment.apps/fgedu-web created service/fgedu-web created # 创建Ingress规则 [root@k8s-master ~]# cat > fgedu-ingress.yaml << 'EOF' apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: fgedu-ingress annotations: nginx.学习交流加群风哥微信: itpux-comingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - host: fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: fgedu-web port: number: 80 EOF [root@k8s-master ~]# kubectl apply -f fgedu-ingress.yaml ingress.networking.k8s.io/fgedu-ingress created # 查看Ingress [root@k8s-master ~]# kubectl get ingress NAME CLASS HOSTS ADDRESS PORTS AGE fgedu-ingress nginx fgedu.net.cn 192.168.1.50 80 10s # 查看Ingress详情 [root@k8s-master ~]# kubectl describe ingress fgedu-ingress Name: fgedu-ingress Labels:
Namespace: default
Address: 192.168.1.50
Ingress Class: nginx
Default backend:
Rules:
Host Path Backends
—- —- ——–
fgedu.net.cn
/ fgedu-web:80 (10.244.1.10:80,10.244.2.10:80,10.244.2.11:80)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
—- —— —- —- ——-
Normal Sync 10s (x2 over 30s) nginx-ingress-controller Scheduled for sync
Part04-Ingress高级配置
4.1 多域名与路径路由
# 创建多路径Ingress
[root@k8s-master ~]# cat from PG视频:www.itpux.com> fgedu-ingress-advanced.yaml << 'EOF' apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: fgedu-ingress-advanced annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" nginx.更多视频教程www.fgedu.net.cningress.kubernetes.io/proxy-send-timeout: "60" nginx.ingress.kubernetes.io/proxy-read-timeout: "60" spec: ingressClassName: nginx tls: - hosts: - fgedu.net.cn - api.fgedu.net.cn secretName: fgedu-tls rules: - host: fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: fgedu-web port: number: 80 - path: /api pathType: Prefix backend: service: name: fgedu-api port: number: 8080 - host: api.fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: fgedu-api port: number: 8080 EOF [root@k8s-master ~]# kubectl apply -f fgedu-ingress-advanced.yaml ingress.networking.k8s.io/fgedu-ingress-advanced created # 创建TLS证书Secret [root@k8s-master ~]# kubectl create secret tls fgedu-tls \ --cert=/path/to/tls.crt \ --key=/path/to/tls.key secret/fgedu-tls created # 测试访问 [root@k8s-master ~]# curl -H "Host: fgedu.net.cn" http://192.168.1.50
[root@k8s-master ~]# cat from PG视频:www.itpux.com> fgedu-ingress-advanced.yaml << 'EOF' apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: fgedu-ingress-advanced annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" nginx.更多视频教程www.fgedu.net.cningress.kubernetes.io/proxy-send-timeout: "60" nginx.ingress.kubernetes.io/proxy-read-timeout: "60" spec: ingressClassName: nginx tls: - hosts: - fgedu.net.cn - api.fgedu.net.cn secretName: fgedu-tls rules: - host: fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: fgedu-web port: number: 80 - path: /api pathType: Prefix backend: service: name: fgedu-api port: number: 8080 - host: api.fgedu.net.cn http: paths: - path: / pathType: Prefix backend: service: name: fgedu-api port: number: 8080 EOF [root@k8s-master ~]# kubectl apply -f fgedu-ingress-advanced.yaml ingress.networking.k8s.io/fgedu-ingress-advanced created # 创建TLS证书Secret [root@k8s-master ~]# kubectl create secret tls fgedu-tls \ --cert=/path/to/tls.crt \ --key=/path/to/tls.key secret/fgedu-tls created # 测试访问 [root@k8s-master ~]# curl -H "Host: fgedu.net.cn" http://192.168.1.50
Welcome to nginx!
风哥针对Ingress管理建议:
- 使用TLS加密通信
- 配置合理的超时时间
- 使用注解自定义行为
- 配置健康检查
- 监控Ingress性能
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
