**ingress-nginx 介绍**
简单点说这货就是将nginx打包成为一个docker镜像,镜像里运行着一个nginx服务,另外还运行着一个nginx-controller的服务,这个nginx-controller会调用k8s的API去查询servie后端的pod变换,然后将pod加入到nginx的upstream代理,并且能重启nginx。这样就完成了自动感知pod变化,实现服务的反向代理。为啥要比traefik多一个nginx-controller服务?因为traefik可以直接调用K8S的API,而Nginx不能,所有需要这个nginx-controller调用K8S的API,再去生成nginx配置文件。这里解决了nginx upstream后端节点的变动问题,但nginx还少了一个监听的域名,所以需要ingress去定义域名到内部service的对应关系,最后nginx-controller根据ingress规则,和对k8s的pod感知,生成出了域名到pod的upstream配置,一个完整的配置文件就诞生了。
**ingress-nginx安装**
选择2台node节点以DaemonSet方式部署
[官网地址](https://github.com/kubernetes/ingress-nginx/tree/master/deploy)
下载需要的7个yaml文件:
~~~
cd && mkdir ingress-nginx && cd ingress-nginx
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/default-backend.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/namespace.yaml -O 1-namespace.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/rbac.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/tcp-services-configmap.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/udp-services-configmap.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/with-rbac.yaml
~~~
注:项目下的mandatory.yaml是将上面7个文件合成一个了,建议使用分开的7个文件方便修改configMap。
**修改with-rbac.yaml**
~~~
vim with-rbac.yaml
kind: Deployment #修改为DaemonSet;
replicas: 1 #注销此行,DaemonSet不需要此参数;
hostNetwork: true #添加该字段让docker使用物理机网络,在物理机暴露服务端口(80),注意物理机80端口提前不能被占用;
dnsPolicy: ClusterFirstWithHostNet #使用hostNetwork后容器会使用物理机网络包括DNS,会无法解析内部service,使用此参数让容器使用K8S的DNS。
nodeSelector:custom/ingress-controller-ready: "true" #添加节点标签;
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.15.0 #阿里云镜像地址
~~~
**修改default-backend.yaml**
~~~
vim default-backend.yaml
image: registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend:1.4 #阿里云镜像地址
~~~
**给运行nginx的节点打标签**
~~~
kubectl label nodes 192.168.50.101 custom/ingress-controller-ready=true
kubectl label nodes 192.168.50.102 custom/ingress-controller-ready=true
~~~
**启动服务**
~~~
kubectl apply -f .
kubectl get all -n ingress-nginx
~~~
**创建ingress规则**
服务正常启动后,需要创建ingress转发规则,将对应的域名或路径转发到后端某个服务。
~~~
cd && mkdir ingress && cd ingress
vim ingress-default.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-default
namespace: default
spec:
rules:
- host: nginx01.test.com
http:
paths:
- backend:
serviceName: nginx-test-01
servicePort: 80
path: /
- host: nginx02.test.com
http:
paths:
- backend:
serviceName: nginx-test-02
servicePort: 80
path: /
~~~
`kubectl apply -f ingress-default.yaml`
namespace: 每个ingress文件只能作用于一个namespace
host:访问的域名
path:访问域名后面的路径
serviceName:对应的内部service服务
servicePort: 80 这里是容器开放的端口,非service和nodeport端口
**创建两组服务进行测试**
~~~
vim server01.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-dp-01
spec:
replicas: 1
template:
metadata:
labels:
run: nginx-pod-01
spec:
containers:
- name: nginx-pod-01
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-test-01
spec:
ports:
- port: 8888
targetPort: 80
selector:
run: nginx-pod-01
~~~
~~~
vim server02.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-dp-02
spec:
replicas: 1
template:
metadata:
labels:
run: nginx-pod-02
spec:
containers:
- name: nginx-pod-02
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-test-02
spec:
ports:
- port: 8888
targetPort: 80
selector:
run: nginx-pod-02
~~~
~~~
kubectl create -f server01.yaml
kubectl create -f server02.yaml
~~~
**创建阿里云公网SLB**
创建一个阿里云公网SLB,为ingress-nginx的2台节点创建4层负载,以TCP方式监听80端口,后端为2节点80端口。
**添加公网DNS解析**
~~~
SLB的ip nginx01.test.com
SLB的ip nginx02.test.com
~~~
访问 nginx01.test.com 和 nginx02.test.com测试;
若不创建SLB可现在本机hosts中添加域名解析;
**修改nginx配置文件方法**
nginx的配置文件可以进入到容器中查看/etc/nginx/nginx.conf,修改配置文件方法查看[官方文档](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/index.md )
**configmap.yaml修改示例**
~~~
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
enable-vts-status: "true"
proxy-read-timeout: "300"
proxy-send-timeout: "300"
proxy-body-size: "10m"
~~~
- 部署介绍
- 一,系统初始化操作
- 二,创建TLS证书
- 三,创建kubeconfig文件
- 四,安装etcd集群
- 五,部署master节点
- 六,部署node节点
- 附,新增node节点
- 七,网络插件calico
- 八,安装DNS组件
- 九,安装dashboard
- 十,服务发布nginx-ingress
- 十一,prometheus监控部署
- 十二,prometheus自定义监控和报警
- 十三,Harbor私有仓库
- 十四,NFS数据持久化
- 其他
- linux相关文档
- centos7.4搭建openvpn
- docker-compose搭建ldap
- docker-compose搭建openvpn
- docker-compose搭建superset
- docker-compose搭建jenkins