[!TIP]
记录k8s部署ingress-nginx服务
- 并且添加
nginx-errors服务。也就是default-backend- 并且部署
nginx服务- 最后配置
ingress通过ingress-controller访问到nginx转载请注明出处:https://janrs.com
需要注意的是:Ingress Nginx Controller跟Nginx Ingress Controller不一样。
前者是k8s社区维护的,后者是Nginx社区维护的。新人刚开始学习会混淆,比如我
使用到的版本:
k8sv1.23.9nginxv1.23.1ingress-nginx-controllerv1.3.0default-backendv1.3.0
文中所有使用到的镜像都是阿里私人镜像
构建私人阿里镜像仓库查看教程:(https://janrs.com/?p=10)
整整花了两天时间算是ingress nginx controller入门了
下面是关于一些知识的记录:
externaltrafficpolicy说明:https://blog.csdn.net/qq_25281861/article/details/115555112
ServiceType区别:https://www.cnblogs.com/binghe001/p/13166641.html
hostNetwork
说明:https://kubernetes.github.io/ingress-nginx/deploy/baremetal>
k8s部署ingress-nginx
1.创建命名空间
创建ingress-nginx和web-nginx命名空间
#创建ingress-nginx的命名空间
kubectl create ns ingress-nginx
#创建 web-nginx 的命名空间
kubectl create ns web-nginx查看创建结果
kubectl get ns显示
NAME STATUS AGE
default Active 22h
ingress-nginx Active 82m
kube-node-lease Active 22h
kube-public Active 22h
kube-system Active 22h
kuboard Active 21h
monitoring Active 9h
nfs Active 21h
web-nginx Active 52m2.设置镜像拉取密钥
创建密钥
密码修改为自己的
#创建 ingress-nginx 的密钥
kubectl --namespace ingress-nginx create secret docker-registry aliimagesecret --docker-server=registry.cn-shenzhen.aliyuncs.com --docker-username=yjy86868@163.com --docker-password=${PASSWORD} --docker-email=yjy86868@163.com
#创建 web-nginx 的密钥
kubectl --namespace web-nginx create secret docker-registry aliimagesecret --docker-server=registry.cn-shenzhen.aliyuncs.com --docker-username=yjy86868@163.com --docker-password=${PASSWORD} --docker-email=yjy86868@163.com查看创建结果
kubectl get secret -n ingress-nginx &&
kubectl get secret -n web-nginx显示
NAME TYPE DATA AGE
aliimagesecret kubernetes.io/dockerconfigjson 1 86m
default-token-k785n kubernetes.io/service-account-token 3 86m
ingress-nginx-admission Opaque 3 84m
ingress-nginx-admission-token-nghvp kubernetes.io/service-account-token 3 84m
ingress-nginx-token-d6rcs kubernetes.io/service-account-token 3 84m
[root@k8s-master01 home]# kubectl get secret -n ingress-nginx &&
> kubectl get secret -n web-nginx
NAME TYPE DATA AGE
aliimagesecret kubernetes.io/dockerconfigjson 1 86m
default-token-k785n kubernetes.io/service-account-token 3 86m
ingress-nginx-admission Opaque 3 85m
ingress-nginx-admission-token-nghvp kubernetes.io/service-account-token 3 85m
ingress-nginx-token-d6rcs kubernetes.io/service-account-token 3 85m
NAME TYPE DATA AGE
aliimagesecret kubernetes.io/dockerconfigjson 1 55m
default-token-t7psl kubernetes.io/service-account-token 3 56m3.部署nginx-errors服务
创建yaml
vim nginx-errors.yaml添加以下yaml
---
apiVersion: v1
kind: Service
metadata:
name: nginx-errors
namespace: ingress-nginx
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
ports:
- port: 80
targetPort: 8080
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-errors
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
nodeSelector:
node-label-nginx-errors: 'true'
imagePullSecrets:
- name: aliimagesecret
containers:
- name: nginx-error-server
image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-controller-nginx-errors:v1.3.0
#image: registry.k8s.io/ingress-nginx/nginx-errors:1.3.0
ports:
- containerPort: 8080执行创建
kubectl apply -f nginx-errors.yaml查看创建结果
kubectl get pods -n ingress-nginx显示
NAME READY STATUS RESTARTS AGE
nginx-errors-5c6dd76c59-xnb4b 1/1 Running 0 113m4.部署ingress-nginx
4-1.下载官方yaml文件
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml4-2.打label标签
[!NOTE]
关于nodeSelector以及label的教程自行谷歌
给指定的节点打上label
kubectl label nodes k8s-node01 node-label-ingress-nginx=true查看
kubectl get nodes --show-labels | grep node-label-ingress-nginx显示
k8s-node01 Ready <none> 21h v1.23.9 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node01,kubernetes.io/os=linux,node-label-ingress-nginx-monitoring=true,node-label-ingress-nginx=true,node-label-metrics=true,node-label-nfs=true,node-label-nginx-errors=true,node-label-web-nginx=true4-3.编辑yaml
[!NOTE]
修改该文件主要有几个地方:
- 设置使用阿里私人镜像
- 设置私人镜像密钥
- 修改部署方式为
Daemonset。及使用宿主机网络- 使用
hostNetwork=true的对外暴漏服务的方式- 指定
nodeSelector把pod部署到指定的节点。也就是打标签
删除部分
[!NOTE]
因为使用的是Daemonset的方式部署,可以不需要Service对外暴露服务
所以在下面的yaml中,我把官方自带的Service删除了
而且官方自带的Service为LoadBalancer的方式,除非生产用。个人学习不需要
有关该说明查看官方文档:地址: https://kubernetes.github.io/ingress-nginx/deploy/baremetal/
修改后的完整yaml如下
完整的yaml已经包含了nginx-errors服务。也就是旧版本的default-backend
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- ingress-controller-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- ingress-controller-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- "extensions"
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
custom-http-errors: 404,503
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-controller
namespace: ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: metrics
containerPort: 10254
ports:
- appProtocol: https
name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: ClusterIP
---
apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 40000
protocol: TCP
- name: https
port: 443
nodePort: 50000
targetPort: 443
protocol: TCP
- name: http-metrics
port: 10254
targetPort: 10254
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
spec:
hostNetwork: true
nodeSelector:
node-label-ingress-nginx: 'true'
imagePullSecrets:
- name: aliimagesecret
containers:
- args:
- /nginx-ingress-controller
#- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --report-node-internal-ip-address
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --default-backend-service=ingress-nginx/nginx-errors
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-controller:v1.3.0
#image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 101
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
node-label-ingress-nginx: 'true'
# kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission-create
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission-create
spec:
imagePullSecrets:
- name: aliimagesecret
containers:
- args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-kube-webhook-certgen:v1.1.1
#image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
imagePullPolicy: IfNotPresent
name: create
securityContext:
allowPrivilegeEscalation: false
nodeSelector:
node-label-ingress-nginx: 'true'
#kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission-patch
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission-patch
spec:
imagePullSecrets:
- name: aliimagesecret
containers:
- args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-kube-webhook-certgen:v1.1.1
#image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
imagePullPolicy: IfNotPresent
name: patch
securityContext:
allowPrivilegeEscalation: false
nodeSelector:
node-label-ingress-nginx: 'true'
# kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: nginx
spec:
controller: k8s.io/ingress-nginx
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.3.0
name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: ingress-nginx-controller-admission
namespace: ingress-nginx
path: /networking/v1/ingresses
failurePolicy: Fail
matchPolicy: Equivalent
name: validate.nginx.ingress.kubernetes.io
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
sideEffects: None4-4.执行创建
执行创建
kubectl apply -f deploy.yaml查看创建结果
kubectl get pods -n ingress-nginx显示结果
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-hxh9h 0/1 Completed 0 108m
ingress-nginx-admission-patch-5hh89 0/1 Completed 0 108m
ingress-nginx-controller-g8wdx 1/1 Running 0 108m
nginx-errors-5c6dd76c59-xnb4b 1/1 Running 0 109m5.部署nginx
5-1.创建命名空间
在教程一开始就创建好了
5-2.创建deployment
创建
vim web-nginx-po.yaml添加以下内容
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: web-nginx
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
node-label-web-nginx: 'true'
imagePullSecrets:
- name: aliimagesecret
containers:
- name: nginx
image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/nginx:v1.23.1
ports:
- containerPort: 80执行创建
kubectl apply -f web-nginx-po.yaml查看创建结果
kubectl get pods -n web-nginx显示
NAME READY STATUS RESTARTS AGE
nginx-7b4fcc97f5-59njv 1/1 Running 0 56m5-3.创建Service
创建
vim web-nginx-svc.yaml添加以下内容
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: web-nginx
spec:
selector:
app: nginx
ports:
- port: 80
protocol: TCP
targetPort: 80执行创建
kubectl apply -f web-nginx-svc.yaml查看创建结果
kubectl get svc -n web-nginx显示
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-svc ClusterIP 10.99.98.99 <none> 80/TCP 58m5-4.创建Ingress
创建
vim web-nginx-ingress.yaml添加以下yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-nginx-ingress
namespace: web-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: k8s.janrs.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc
port:
number: 80执行创建
kubectl apply -f web-nginx-ingress.yaml查看创建结果
kubectl get ingress -n web-nginx显示
[!NOTE]
下面显示的域名是我自己的域名。并且已经在阿里做了解析
NAME CLASS HOSTS ADDRESS PORTS AGE
web-nginx-ingress nginx k8s.janrs.com 172.31.235.118 80 58m5-5.访问nginx服务
通过Ingress规则,可以在浏览器直接访问到进群内的nginx服务
截图
发表回复