K8s-Ingress - 图1

1.安装Ingress

  1. #下载yaml文件-但是最好用下面修改后镜像的
  2. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml -O
  3. #修改镜像
  4. vi deploy.yaml
  5. #将image的值改为如下值:
  6. registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
  7. #安装命令
  8. kubectl apply -f deploy.yaml
  9. # 检查安装的结果
  10. kubectl get pod,svc -n ingress-nginx
  11. # 最后别忘记把svc暴露的端口要放行

image.png
image.png

  1. apiVersion: v1
  2. kind: Namespace
  3. metadata:
  4. name: ingress-nginx
  5. labels:
  6. app.kubernetes.io/name: ingress-nginx
  7. app.kubernetes.io/instance: ingress-nginx
  8. ---
  9. # Source: ingress-nginx/templates/controller-serviceaccount.yaml
  10. apiVersion: v1
  11. kind: ServiceAccount
  12. metadata:
  13. labels:
  14. helm.sh/chart: ingress-nginx-3.33.0
  15. app.kubernetes.io/name: ingress-nginx
  16. app.kubernetes.io/instance: ingress-nginx
  17. app.kubernetes.io/version: 0.47.0
  18. app.kubernetes.io/managed-by: Helm
  19. app.kubernetes.io/component: controller
  20. name: ingress-nginx
  21. namespace: ingress-nginx
  22. automountServiceAccountToken: true
  23. ---
  24. # Source: ingress-nginx/templates/controller-configmap.yaml
  25. apiVersion: v1
  26. kind: ConfigMap
  27. metadata:
  28. labels:
  29. helm.sh/chart: ingress-nginx-3.33.0
  30. app.kubernetes.io/name: ingress-nginx
  31. app.kubernetes.io/instance: ingress-nginx
  32. app.kubernetes.io/version: 0.47.0
  33. app.kubernetes.io/managed-by: Helm
  34. app.kubernetes.io/component: controller
  35. name: ingress-nginx-controller
  36. namespace: ingress-nginx
  37. data:
  38. ---
  39. # Source: ingress-nginx/templates/clusterrole.yaml
  40. apiVersion: rbac.authorization.k8s.io/v1
  41. kind: ClusterRole
  42. metadata:
  43. labels:
  44. helm.sh/chart: ingress-nginx-3.33.0
  45. app.kubernetes.io/name: ingress-nginx
  46. app.kubernetes.io/instance: ingress-nginx
  47. app.kubernetes.io/version: 0.47.0
  48. app.kubernetes.io/managed-by: Helm
  49. name: ingress-nginx
  50. rules:
  51. - apiGroups:
  52. - ''
  53. resources:
  54. - configmaps
  55. - endpoints
  56. - nodes
  57. - pods
  58. - secrets
  59. verbs:
  60. - list
  61. - watch
  62. - apiGroups:
  63. - ''
  64. resources:
  65. - nodes
  66. verbs:
  67. - get
  68. - apiGroups:
  69. - ''
  70. resources:
  71. - services
  72. verbs:
  73. - get
  74. - list
  75. - watch
  76. - apiGroups:
  77. - extensions
  78. - networking.k8s.io # k8s 1.14+
  79. resources:
  80. - ingresses
  81. verbs:
  82. - get
  83. - list
  84. - watch
  85. - apiGroups:
  86. - ''
  87. resources:
  88. - events
  89. verbs:
  90. - create
  91. - patch
  92. - apiGroups:
  93. - extensions
  94. - networking.k8s.io # k8s 1.14+
  95. resources:
  96. - ingresses/status
  97. verbs:
  98. - update
  99. - apiGroups:
  100. - networking.k8s.io # k8s 1.14+
  101. resources:
  102. - ingressclasses
  103. verbs:
  104. - get
  105. - list
  106. - watch
  107. ---
  108. # Source: ingress-nginx/templates/clusterrolebinding.yaml
  109. apiVersion: rbac.authorization.k8s.io/v1
  110. kind: ClusterRoleBinding
  111. metadata:
  112. labels:
  113. helm.sh/chart: ingress-nginx-3.33.0
  114. app.kubernetes.io/name: ingress-nginx
  115. app.kubernetes.io/instance: ingress-nginx
  116. app.kubernetes.io/version: 0.47.0
  117. app.kubernetes.io/managed-by: Helm
  118. name: ingress-nginx
  119. roleRef:
  120. apiGroup: rbac.authorization.k8s.io
  121. kind: ClusterRole
  122. name: ingress-nginx
  123. subjects:
  124. - kind: ServiceAccount
  125. name: ingress-nginx
  126. namespace: ingress-nginx
  127. ---
  128. # Source: ingress-nginx/templates/controller-role.yaml
  129. apiVersion: rbac.authorization.k8s.io/v1
  130. kind: Role
  131. metadata:
  132. labels:
  133. helm.sh/chart: ingress-nginx-3.33.0
  134. app.kubernetes.io/name: ingress-nginx
  135. app.kubernetes.io/instance: ingress-nginx
  136. app.kubernetes.io/version: 0.47.0
  137. app.kubernetes.io/managed-by: Helm
  138. app.kubernetes.io/component: controller
  139. name: ingress-nginx
  140. namespace: ingress-nginx
  141. rules:
  142. - apiGroups:
  143. - ''
  144. resources:
  145. - namespaces
  146. verbs:
  147. - get
  148. - apiGroups:
  149. - ''
  150. resources:
  151. - configmaps
  152. - pods
  153. - secrets
  154. - endpoints
  155. verbs:
  156. - get
  157. - list
  158. - watch
  159. - apiGroups:
  160. - ''
  161. resources:
  162. - services
  163. verbs:
  164. - get
  165. - list
  166. - watch
  167. - apiGroups:
  168. - extensions
  169. - networking.k8s.io # k8s 1.14+
  170. resources:
  171. - ingresses
  172. verbs:
  173. - get
  174. - list
  175. - watch
  176. - apiGroups:
  177. - extensions
  178. - networking.k8s.io # k8s 1.14+
  179. resources:
  180. - ingresses/status
  181. verbs:
  182. - update
  183. - apiGroups:
  184. - networking.k8s.io # k8s 1.14+
  185. resources:
  186. - ingressclasses
  187. verbs:
  188. - get
  189. - list
  190. - watch
  191. - apiGroups:
  192. - ''
  193. resources:
  194. - configmaps
  195. resourceNames:
  196. - ingress-controller-leader-nginx
  197. verbs:
  198. - get
  199. - update
  200. - apiGroups:
  201. - ''
  202. resources:
  203. - configmaps
  204. verbs:
  205. - create
  206. - apiGroups:
  207. - ''
  208. resources:
  209. - events
  210. verbs:
  211. - create
  212. - patch
  213. ---
  214. # Source: ingress-nginx/templates/controller-rolebinding.yaml
  215. apiVersion: rbac.authorization.k8s.io/v1
  216. kind: RoleBinding
  217. metadata:
  218. labels:
  219. helm.sh/chart: ingress-nginx-3.33.0
  220. app.kubernetes.io/name: ingress-nginx
  221. app.kubernetes.io/instance: ingress-nginx
  222. app.kubernetes.io/version: 0.47.0
  223. app.kubernetes.io/managed-by: Helm
  224. app.kubernetes.io/component: controller
  225. name: ingress-nginx
  226. namespace: ingress-nginx
  227. roleRef:
  228. apiGroup: rbac.authorization.k8s.io
  229. kind: Role
  230. name: ingress-nginx
  231. subjects:
  232. - kind: ServiceAccount
  233. name: ingress-nginx
  234. namespace: ingress-nginx
  235. ---
  236. # Source: ingress-nginx/templates/controller-service-webhook.yaml
  237. apiVersion: v1
  238. kind: Service
  239. metadata:
  240. labels:
  241. helm.sh/chart: ingress-nginx-3.33.0
  242. app.kubernetes.io/name: ingress-nginx
  243. app.kubernetes.io/instance: ingress-nginx
  244. app.kubernetes.io/version: 0.47.0
  245. app.kubernetes.io/managed-by: Helm
  246. app.kubernetes.io/component: controller
  247. name: ingress-nginx-controller-admission
  248. namespace: ingress-nginx
  249. spec:
  250. type: ClusterIP
  251. ports:
  252. - name: https-webhook
  253. port: 443
  254. targetPort: webhook
  255. selector:
  256. app.kubernetes.io/name: ingress-nginx
  257. app.kubernetes.io/instance: ingress-nginx
  258. app.kubernetes.io/component: controller
  259. ---
  260. # Source: ingress-nginx/templates/controller-service.yaml
  261. apiVersion: v1
  262. kind: Service
  263. metadata:
  264. annotations:
  265. labels:
  266. helm.sh/chart: ingress-nginx-3.33.0
  267. app.kubernetes.io/name: ingress-nginx
  268. app.kubernetes.io/instance: ingress-nginx
  269. app.kubernetes.io/version: 0.47.0
  270. app.kubernetes.io/managed-by: Helm
  271. app.kubernetes.io/component: controller
  272. name: ingress-nginx-controller
  273. namespace: ingress-nginx
  274. spec:
  275. type: NodePort
  276. ports:
  277. - name: http
  278. port: 80
  279. protocol: TCP
  280. targetPort: http
  281. - name: https
  282. port: 443
  283. protocol: TCP
  284. targetPort: https
  285. selector:
  286. app.kubernetes.io/name: ingress-nginx
  287. app.kubernetes.io/instance: ingress-nginx
  288. app.kubernetes.io/component: controller
  289. ---
  290. # Source: ingress-nginx/templates/controller-deployment.yaml
  291. apiVersion: apps/v1
  292. kind: Deployment
  293. metadata:
  294. labels:
  295. helm.sh/chart: ingress-nginx-3.33.0
  296. app.kubernetes.io/name: ingress-nginx
  297. app.kubernetes.io/instance: ingress-nginx
  298. app.kubernetes.io/version: 0.47.0
  299. app.kubernetes.io/managed-by: Helm
  300. app.kubernetes.io/component: controller
  301. name: ingress-nginx-controller
  302. namespace: ingress-nginx
  303. spec:
  304. selector:
  305. matchLabels:
  306. app.kubernetes.io/name: ingress-nginx
  307. app.kubernetes.io/instance: ingress-nginx
  308. app.kubernetes.io/component: controller
  309. revisionHistoryLimit: 10
  310. minReadySeconds: 0
  311. template:
  312. metadata:
  313. labels:
  314. app.kubernetes.io/name: ingress-nginx
  315. app.kubernetes.io/instance: ingress-nginx
  316. app.kubernetes.io/component: controller
  317. spec:
  318. dnsPolicy: ClusterFirst
  319. containers:
  320. - name: controller
  321. image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
  322. imagePullPolicy: IfNotPresent
  323. lifecycle:
  324. preStop:
  325. exec:
  326. command:
  327. - /wait-shutdown
  328. args:
  329. - /nginx-ingress-controller
  330. - --election-id=ingress-controller-leader
  331. - --ingress-class=nginx
  332. - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
  333. - --validating-webhook=:8443
  334. - --validating-webhook-certificate=/usr/local/certificates/cert
  335. - --validating-webhook-key=/usr/local/certificates/key
  336. securityContext:
  337. capabilities:
  338. drop:
  339. - ALL
  340. add:
  341. - NET_BIND_SERVICE
  342. runAsUser: 101
  343. allowPrivilegeEscalation: true
  344. env:
  345. - name: POD_NAME
  346. valueFrom:
  347. fieldRef:
  348. fieldPath: metadata.name
  349. - name: POD_NAMESPACE
  350. valueFrom:
  351. fieldRef:
  352. fieldPath: metadata.namespace
  353. - name: LD_PRELOAD
  354. value: /usr/local/lib/libmimalloc.so
  355. livenessProbe:
  356. failureThreshold: 5
  357. httpGet:
  358. path: /healthz
  359. port: 10254
  360. scheme: HTTP
  361. initialDelaySeconds: 10
  362. periodSeconds: 10
  363. successThreshold: 1
  364. timeoutSeconds: 1
  365. readinessProbe:
  366. failureThreshold: 3
  367. httpGet:
  368. path: /healthz
  369. port: 10254
  370. scheme: HTTP
  371. initialDelaySeconds: 10
  372. periodSeconds: 10
  373. successThreshold: 1
  374. timeoutSeconds: 1
  375. ports:
  376. - name: http
  377. containerPort: 80
  378. protocol: TCP
  379. - name: https
  380. containerPort: 443
  381. protocol: TCP
  382. - name: webhook
  383. containerPort: 8443
  384. protocol: TCP
  385. volumeMounts:
  386. - name: webhook-cert
  387. mountPath: /usr/local/certificates/
  388. readOnly: true
  389. resources:
  390. requests:
  391. cpu: 100m
  392. memory: 90Mi
  393. nodeSelector:
  394. kubernetes.io/os: linux
  395. serviceAccountName: ingress-nginx
  396. terminationGracePeriodSeconds: 300
  397. volumes:
  398. - name: webhook-cert
  399. secret:
  400. secretName: ingress-nginx-admission
  401. ---
  402. # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
  403. # before changing this value, check the required kubernetes version
  404. # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
  405. apiVersion: admissionregistration.k8s.io/v1
  406. kind: ValidatingWebhookConfiguration
  407. metadata:
  408. labels:
  409. helm.sh/chart: ingress-nginx-3.33.0
  410. app.kubernetes.io/name: ingress-nginx
  411. app.kubernetes.io/instance: ingress-nginx
  412. app.kubernetes.io/version: 0.47.0
  413. app.kubernetes.io/managed-by: Helm
  414. app.kubernetes.io/component: admission-webhook
  415. name: ingress-nginx-admission
  416. webhooks:
  417. - name: validate.nginx.ingress.kubernetes.io
  418. matchPolicy: Equivalent
  419. rules:
  420. - apiGroups:
  421. - networking.k8s.io
  422. apiVersions:
  423. - v1beta1
  424. operations:
  425. - CREATE
  426. - UPDATE
  427. resources:
  428. - ingresses
  429. failurePolicy: Fail
  430. sideEffects: None
  431. admissionReviewVersions:
  432. - v1
  433. - v1beta1
  434. clientConfig:
  435. service:
  436. namespace: ingress-nginx
  437. name: ingress-nginx-controller-admission
  438. path: /networking/v1beta1/ingresses
  439. ---
  440. # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
  441. apiVersion: v1
  442. kind: ServiceAccount
  443. metadata:
  444. name: ingress-nginx-admission
  445. annotations:
  446. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  447. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  448. labels:
  449. helm.sh/chart: ingress-nginx-3.33.0
  450. app.kubernetes.io/name: ingress-nginx
  451. app.kubernetes.io/instance: ingress-nginx
  452. app.kubernetes.io/version: 0.47.0
  453. app.kubernetes.io/managed-by: Helm
  454. app.kubernetes.io/component: admission-webhook
  455. namespace: ingress-nginx
  456. ---
  457. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
  458. apiVersion: rbac.authorization.k8s.io/v1
  459. kind: ClusterRole
  460. metadata:
  461. name: ingress-nginx-admission
  462. annotations:
  463. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  464. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  465. labels:
  466. helm.sh/chart: ingress-nginx-3.33.0
  467. app.kubernetes.io/name: ingress-nginx
  468. app.kubernetes.io/instance: ingress-nginx
  469. app.kubernetes.io/version: 0.47.0
  470. app.kubernetes.io/managed-by: Helm
  471. app.kubernetes.io/component: admission-webhook
  472. rules:
  473. - apiGroups:
  474. - admissionregistration.k8s.io
  475. resources:
  476. - validatingwebhookconfigurations
  477. verbs:
  478. - get
  479. - update
  480. ---
  481. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
  482. apiVersion: rbac.authorization.k8s.io/v1
  483. kind: ClusterRoleBinding
  484. metadata:
  485. name: ingress-nginx-admission
  486. annotations:
  487. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  488. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  489. labels:
  490. helm.sh/chart: ingress-nginx-3.33.0
  491. app.kubernetes.io/name: ingress-nginx
  492. app.kubernetes.io/instance: ingress-nginx
  493. app.kubernetes.io/version: 0.47.0
  494. app.kubernetes.io/managed-by: Helm
  495. app.kubernetes.io/component: admission-webhook
  496. roleRef:
  497. apiGroup: rbac.authorization.k8s.io
  498. kind: ClusterRole
  499. name: ingress-nginx-admission
  500. subjects:
  501. - kind: ServiceAccount
  502. name: ingress-nginx-admission
  503. namespace: ingress-nginx
  504. ---
  505. # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
  506. apiVersion: rbac.authorization.k8s.io/v1
  507. kind: Role
  508. metadata:
  509. name: ingress-nginx-admission
  510. annotations:
  511. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  512. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  513. labels:
  514. helm.sh/chart: ingress-nginx-3.33.0
  515. app.kubernetes.io/name: ingress-nginx
  516. app.kubernetes.io/instance: ingress-nginx
  517. app.kubernetes.io/version: 0.47.0
  518. app.kubernetes.io/managed-by: Helm
  519. app.kubernetes.io/component: admission-webhook
  520. namespace: ingress-nginx
  521. rules:
  522. - apiGroups:
  523. - ''
  524. resources:
  525. - secrets
  526. verbs:
  527. - get
  528. - create
  529. ---
  530. # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
  531. apiVersion: rbac.authorization.k8s.io/v1
  532. kind: RoleBinding
  533. metadata:
  534. name: ingress-nginx-admission
  535. annotations:
  536. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  537. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  538. labels:
  539. helm.sh/chart: ingress-nginx-3.33.0
  540. app.kubernetes.io/name: ingress-nginx
  541. app.kubernetes.io/instance: ingress-nginx
  542. app.kubernetes.io/version: 0.47.0
  543. app.kubernetes.io/managed-by: Helm
  544. app.kubernetes.io/component: admission-webhook
  545. namespace: ingress-nginx
  546. roleRef:
  547. apiGroup: rbac.authorization.k8s.io
  548. kind: Role
  549. name: ingress-nginx-admission
  550. subjects:
  551. - kind: ServiceAccount
  552. name: ingress-nginx-admission
  553. namespace: ingress-nginx
  554. ---
  555. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
  556. apiVersion: batch/v1
  557. kind: Job
  558. metadata:
  559. name: ingress-nginx-admission-create
  560. annotations:
  561. helm.sh/hook: pre-install,pre-upgrade
  562. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  563. labels:
  564. helm.sh/chart: ingress-nginx-3.33.0
  565. app.kubernetes.io/name: ingress-nginx
  566. app.kubernetes.io/instance: ingress-nginx
  567. app.kubernetes.io/version: 0.47.0
  568. app.kubernetes.io/managed-by: Helm
  569. app.kubernetes.io/component: admission-webhook
  570. namespace: ingress-nginx
  571. spec:
  572. template:
  573. metadata:
  574. name: ingress-nginx-admission-create
  575. labels:
  576. helm.sh/chart: ingress-nginx-3.33.0
  577. app.kubernetes.io/name: ingress-nginx
  578. app.kubernetes.io/instance: ingress-nginx
  579. app.kubernetes.io/version: 0.47.0
  580. app.kubernetes.io/managed-by: Helm
  581. app.kubernetes.io/component: admission-webhook
  582. spec:
  583. containers:
  584. - name: create
  585. image: docker.io/jettech/kube-webhook-certgen:v1.5.1
  586. imagePullPolicy: IfNotPresent
  587. args:
  588. - create
  589. - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
  590. - --namespace=$(POD_NAMESPACE)
  591. - --secret-name=ingress-nginx-admission
  592. env:
  593. - name: POD_NAMESPACE
  594. valueFrom:
  595. fieldRef:
  596. fieldPath: metadata.namespace
  597. restartPolicy: OnFailure
  598. serviceAccountName: ingress-nginx-admission
  599. securityContext:
  600. runAsNonRoot: true
  601. runAsUser: 2000
  602. ---
  603. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
  604. apiVersion: batch/v1
  605. kind: Job
  606. metadata:
  607. name: ingress-nginx-admission-patch
  608. annotations:
  609. helm.sh/hook: post-install,post-upgrade
  610. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  611. labels:
  612. helm.sh/chart: ingress-nginx-3.33.0
  613. app.kubernetes.io/name: ingress-nginx
  614. app.kubernetes.io/instance: ingress-nginx
  615. app.kubernetes.io/version: 0.47.0
  616. app.kubernetes.io/managed-by: Helm
  617. app.kubernetes.io/component: admission-webhook
  618. namespace: ingress-nginx
  619. spec:
  620. template:
  621. metadata:
  622. name: ingress-nginx-admission-patch
  623. labels:
  624. helm.sh/chart: ingress-nginx-3.33.0
  625. app.kubernetes.io/name: ingress-nginx
  626. app.kubernetes.io/instance: ingress-nginx
  627. app.kubernetes.io/version: 0.47.0
  628. app.kubernetes.io/managed-by: Helm
  629. app.kubernetes.io/component: admission-webhook
  630. spec:
  631. containers:
  632. - name: patch
  633. image: docker.io/jettech/kube-webhook-certgen:v1.5.1
  634. imagePullPolicy: IfNotPresent
  635. args:
  636. - patch
  637. - --webhook-name=ingress-nginx-admission
  638. - --namespace=$(POD_NAMESPACE)
  639. - --patch-mutating=false
  640. - --secret-name=ingress-nginx-admission
  641. - --patch-failure-policy=Fail
  642. env:
  643. - name: POD_NAMESPACE
  644. valueFrom:
  645. fieldRef:
  646. fieldPath: metadata.namespace
  647. restartPolicy: OnFailure
  648. serviceAccountName: ingress-nginx-admission
  649. securityContext:
  650. runAsNonRoot: true
  651. runAsUser: 2000

2.使用

官网地址:https://kubernetes.github.io/ingress-nginx/ 就是nginx做的

访问地址

image.png http://139.198.165.111:32568 https://139.198.165.111:30124

2.1环境准备

image.png
image.png

  1. #hello-server-dep.yaml hello-server-service.yaml nginx-demo-dep.yaml nginx-demo-service.yaml
  2. #kubectl apply -f xxx.yaml
  3. apiVersion: apps/v1
  4. kind: Deployment
  5. metadata:
  6. name: hello-server
  7. spec:
  8. replicas: 2
  9. selector:
  10. matchLabels:
  11. app: hello-server
  12. template:
  13. metadata:
  14. labels:
  15. app: hello-server
  16. spec:
  17. containers:
  18. - name: hello-server
  19. image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server
  20. ports:
  21. - containerPort: 9000
  22. ---
  23. apiVersion: apps/v1
  24. kind: Deployment
  25. metadata:
  26. labels:
  27. app: nginx-demo
  28. name: nginx-demo
  29. spec:
  30. replicas: 2
  31. selector:
  32. matchLabels:
  33. app: nginx-demo
  34. template:
  35. metadata:
  36. labels:
  37. app: nginx-demo
  38. spec:
  39. containers:
  40. - image: nginx
  41. name: nginx
  42. ---
  43. apiVersion: v1
  44. kind: Service
  45. metadata:
  46. labels:
  47. app: nginx-demo
  48. name: nginx-demo
  49. spec:
  50. selector:
  51. app: nginx-demo
  52. ports:
  53. - port: 8000
  54. protocol: TCP
  55. targetPort: 80
  56. ---
  57. apiVersion: v1
  58. kind: Service
  59. metadata:
  60. labels:
  61. app: hello-server
  62. name: hello-server
  63. spec:
  64. selector:
  65. app: hello-server
  66. ports:
  67. - port: 8000
  68. protocol: TCP
  69. targetPort: 9000

2.2域名访问

  1. 创建ingress-rule.yaml

    1. #vi xxx.yaml
    2. apiVersion: networking.k8s.io/v1
    3. kind: Ingress
    4. metadata:
    5. name: ingress-host-bar
    6. spec:
    7. ingressClassName: nginx
    8. rules:
    9. - host: "hello.atguigu.com"
    10. http:
    11. paths:
    12. - pathType: Prefix
    13. path: "/"
    14. backend:
    15. service:
    16. name: hello-server
    17. port:
    18. number: 8000
    19. - host: "demo.atguigu.com"
    20. http:
    21. paths:
    22. - pathType: Prefix
    23. path: "/nginx" # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404
    24. backend:
    25. service:
    26. name: nginx-demo ## java,比如使用路径重写,去掉前缀nginx
    27. port:
    28. number: 8000
  2. 配置生效

    1. kubectl apply -f xxxx
  3. 配置查看

    1. kubectl get ingress

    image.png

  4. 尝试访问

image.png
http://demo.atguigu.com:32568/nginx
image.png
http://hello.atguigu.com:32568/
image.png

2.3路径重写

  1. # vi ingress-rule2.yaml
  2. # kubectl apply -f xx.yaml
  3. apiVersion: networking.k8s.io/v1
  4. kind: Ingress
  5. metadata:
  6. annotations:
  7. nginx.ingress.kubernetes.io/rewrite-target: /$2
  8. name: ingress-host-bar
  9. spec:
  10. ingressClassName: nginx
  11. rules:
  12. - host: "hello.atguigu.com"
  13. http:
  14. paths:
  15. - pathType: Prefix
  16. path: "/"
  17. backend:
  18. service:
  19. name: hello-server
  20. port:
  21. number: 8000
  22. - host: "demo.atguigu.com"
  23. http:
  24. paths:
  25. - pathType: Prefix
  26. path: "/nginx(/|$)(.*)" # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404
  27. backend:
  28. service:
  29. name: nginx-demo ## java,比如使用路径重写,去掉前缀nginx
  30. port:
  31. number: 8000

image.png

2.4流量限制

  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4. name: ingress-limit-rate
  5. annotations:
  6. nginx.ingress.kubernetes.io/limit-rps: "1"
  7. spec:
  8. ingressClassName: nginx
  9. rules:
  10. - host: "haha.atguigu.com"
  11. http:
  12. paths:
  13. - pathType: Exact
  14. path: "/"
  15. backend:
  16. service:
  17. name: nginx-demo
  18. port:
  19. number: 8000

http://haha.atguigu.com:32568/
image.png