Ingress
Ingress-Nginx github地址： https://github.com/kubernetes/ingress-nginx
Ingress-Nginx 官网：https://kubernetes.github.io/ingress-nginx/

nginx 一般以 NoPort 形式部署

部署Ingress-Nginx

# 创建文件夹
mkdir -p /usr/local/install-k8s/plugin/ingress
cd /usr/local/install-k8s/plugin/ingress
# 下载 yaml文件，这里下载失败，网上复制新建文件粘贴解决
# 创建
kubectl apply -f mandatory.yaml
# 创建以下文件，然后执行
kubectl apply -f service-nodeport.yaml

service-nodeport.yaml 文件

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

执行完以上操作后，nginx就被对外暴露了

Ingress HTTP 代理访问

deployment、service、Ingress Yaml 文件

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-dm
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
      - name: nginx
        image: wangyanglinux/myapp:v1
        imagePullPolicy: IfNotPresent
        ports:
          - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
    - host: www1.atguigu.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

Ingress HTTPS 代理访问

创建证书，以及cert 存储方式

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
kubectl create secret tls tls-secret --key tls.key --cert tls.crt

deployment、Service、Ingress Yaml文件

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  tls:
    - hosts:
      - foo.bar.com
      secretName: tls-secret
  rules:
    - host: foo.bar.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

Nginx 进行 BasicAuth

yum -y install httpd
htpasswd -c auth foo     # 文件为 auth， 用户名为 foo ，设置密码为：123456
kubectl create secret generic basic-auth --from-file=auth

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required-foo'
spec:
  rules:
    - host: foo2.bar.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

Nginx 进行重写

名称	描述	值
nginx.ingress.kubernetes.io/rewrite-target	-必须重定向流量的目标URI	串
nginx.ingress.kubernetes.io/ssl-redirect	指示位置部分是否仅可访问SSL（当lngress包含证书时默认为True	布尔
nginx.ingress.kubernetes.io/force-ssl-redirect	即使ingress未启用TLS，也强制重定向到HTTPS	布尔
nginx.ingress.kubernetes.io/app-root	定义Controller必须重定向的应用程序根，如果它在 ‘/ ‘上下文中	串
nginx.ingress.kubernetes.io/use-regex	指示Ingres上定义的路径是否使用正则表达式	布尔

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: http://foo.bar.com:31795/hostname.html
spec:
  rules:
    - host: foo10.bar.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

k8s -- Service Ingress

部署Ingress-Nginx

Ingress HTTP 代理访问

Ingress HTTPS 代理访问

Nginx 进行 BasicAuth

Nginx 进行重写