Janrs.com | 杨建勇
Janrs.com | 杨建勇

k8s部署ingress controller

[!TIP]
记录k8s部署ingress-nginx服务

  • 并且添加nginx-errors服务。也就是default-backend
  • 并且部署nginx服务
  • 最后配置ingress通过ingress-controller访问到nginx

转载请注明出处:https://janrs.com


需要注意的是:Ingress Nginx ControllerNginx Ingress Controller不一样。

前者是k8s社区维护的,后者是Nginx社区维护的。新人刚开始学习会混淆,比如我

使用到的版本:

  • k8sv1.23.9
  • nginxv1.23.1
  • ingress-nginx-controllerv1.3.0
  • default-backendv1.3.0

文中所有使用到的镜像都是阿里私人镜像

构建私人阿里镜像仓库查看教程:(https://janrs.com/?p=10)

整整花了两天时间算是ingress nginx controller入门了

下面是关于一些知识的记录:

externaltrafficpolicy说明:https://blog.csdn.net/qq_25281861/article/details/115555112

ServiceType区别:https://www.cnblogs.com/binghe001/p/13166641.html

hostNetwork
说明:https://kubernetes.github.io/ingress-nginx/deploy/baremetal>


k8s部署ingress-nginx

1.创建命名空间

创建ingress-nginxweb-nginx命名空间


#创建ingress-nginx的命名空间
kubectl create ns ingress-nginx

#创建 web-nginx 的命名空间
kubectl create ns web-nginx

查看创建结果

kubectl get ns

显示

NAME              STATUS   AGE
default           Active   22h
ingress-nginx     Active   82m
kube-node-lease   Active   22h
kube-public       Active   22h
kube-system       Active   22h
kuboard           Active   21h
monitoring        Active   9h
nfs               Active   21h
web-nginx         Active   52m

2.设置镜像拉取密钥

创建密钥

密码修改为自己的

#创建 ingress-nginx 的密钥
kubectl --namespace ingress-nginx create secret docker-registry aliimagesecret --docker-server=registry.cn-shenzhen.aliyuncs.com --docker-username=yjy86868@163.com --docker-password=${PASSWORD} --docker-email=yjy86868@163.com

#创建 web-nginx 的密钥
kubectl --namespace web-nginx create secret docker-registry aliimagesecret --docker-server=registry.cn-shenzhen.aliyuncs.com --docker-username=yjy86868@163.com --docker-password=${PASSWORD} --docker-email=yjy86868@163.com

查看创建结果

kubectl get secret -n ingress-nginx &&
kubectl get secret -n web-nginx

显示

NAME                                  TYPE                                  DATA   AGE
aliimagesecret                        kubernetes.io/dockerconfigjson        1      86m
default-token-k785n                   kubernetes.io/service-account-token   3      86m
ingress-nginx-admission               Opaque                                3      84m
ingress-nginx-admission-token-nghvp   kubernetes.io/service-account-token   3      84m
ingress-nginx-token-d6rcs             kubernetes.io/service-account-token   3      84m
[root@k8s-master01 home]# kubectl get secret -n ingress-nginx &&
> kubectl get secret -n web-nginx
NAME                                  TYPE                                  DATA   AGE
aliimagesecret                        kubernetes.io/dockerconfigjson        1      86m
default-token-k785n                   kubernetes.io/service-account-token   3      86m
ingress-nginx-admission               Opaque                                3      85m
ingress-nginx-admission-token-nghvp   kubernetes.io/service-account-token   3      85m
ingress-nginx-token-d6rcs             kubernetes.io/service-account-token   3      85m
NAME                  TYPE                                  DATA   AGE
aliimagesecret        kubernetes.io/dockerconfigjson        1      55m
default-token-t7psl   kubernetes.io/service-account-token   3      56m

3.部署nginx-errors服务

创建yaml

vim  nginx-errors.yaml

添加以下yaml

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-errors
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: nginx-errors
    app.kubernetes.io/part-of: ingress-nginx
spec:
  selector:
    app.kubernetes.io/name: nginx-errors
    app.kubernetes.io/part-of: ingress-nginx
  ports:
  - port: 80
    targetPort: 8080
    name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-errors
  labels:
    app.kubernetes.io/name: nginx-errors
    app.kubernetes.io/part-of: ingress-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: nginx-errors
      app.kubernetes.io/part-of: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: nginx-errors
        app.kubernetes.io/part-of: ingress-nginx
    spec:
      nodeSelector:
        node-label-nginx-errors: 'true'
      imagePullSecrets:
        - name: aliimagesecret
      containers:
      - name: nginx-error-server
        image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-controller-nginx-errors:v1.3.0
        #image: registry.k8s.io/ingress-nginx/nginx-errors:1.3.0
        ports:
        - containerPort: 8080

执行创建

kubectl apply -f nginx-errors.yaml

查看创建结果

kubectl get pods -n ingress-nginx

显示

NAME                                   READY   STATUS      RESTARTS   AGE
nginx-errors-5c6dd76c59-xnb4b          1/1     Running     0          113m

4.部署ingress-nginx

4-1.下载官方yaml文件

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml

4-2.打label标签

[!NOTE]
关于nodeSelector以及label的教程自行谷歌

给指定的节点打上label

kubectl label nodes k8s-node01 node-label-ingress-nginx=true

查看

kubectl get nodes --show-labels | grep node-label-ingress-nginx

显示

k8s-node01     Ready    <none>                 21h   v1.23.9   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node01,kubernetes.io/os=linux,node-label-ingress-nginx-monitoring=true,node-label-ingress-nginx=true,node-label-metrics=true,node-label-nfs=true,node-label-nginx-errors=true,node-label-web-nginx=true

4-3.编辑yaml

[!NOTE]
修改该文件主要有几个地方:

  • 设置使用阿里私人镜像
  • 设置私人镜像密钥
  • 修改部署方式为Daemonset。及使用宿主机网络
  • 使用hostNetwork=true的对外暴漏服务的方式
  • 指定nodeSelectorpod部署到指定的节点。也就是打标签

删除部分

[!NOTE]
因为使用的是Daemonset的方式部署,可以不需要Service对外暴露服务
所以在下面的yaml中,我把官方自带的Service删除了
而且官方自带的ServiceLoadBalancer的方式,除非生产用。个人学习不需要
有关该说明查看官方文档:

地址: https://kubernetes.github.io/ingress-nginx/deploy/baremetal/

修改后的完整yaml如下

完整的yaml已经包含了nginx-errors服务。也就是旧版本的default-backend

apiVersion: v1
kind: Namespace
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - secrets
  - endpoints
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resourceNames:
  - ingress-controller-leader
  resources:
  - configmaps
  verbs:
  - get
  - update
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - create
- apiGroups:
  - coordination.k8s.io
  resourceNames:
  - ingress-controller-leader
  resources:
  - leases
  verbs:
  - get
  - update
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods
  - secrets
  - namespaces
  verbs:
  - list
  - watch
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - "extensions"
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - "extensions"
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission
rules:
- apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
  - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: v1
data:
  allow-snippet-annotations: "true"
  custom-http-errors: 404,503
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
spec:
  ports:
    - name: http
      containerPort: 80
    - name: https
      containerPort: 443
    - name: metrics
      containerPort: 10254
  ports:
  - appProtocol: https
    name: https-webhook
    port: 443
    targetPort: webhook
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: ClusterIP
---
apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      nodePort: 40000
      protocol: TCP
    - name: https
      port: 443
      nodePort: 50000
      targetPort: 443
      protocol: TCP
    - name: http-metrics
      port: 10254
      targetPort: 10254
spec:
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
    spec:
      hostNetwork: true
      nodeSelector:
        node-label-ingress-nginx: 'true'
      imagePullSecrets:
        - name: aliimagesecret
      containers:
      - args:
        - /nginx-ingress-controller
        #- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
        - --report-node-internal-ip-address
        - --election-id=ingress-controller-leader
        - --controller-class=k8s.io/ingress-nginx
        - --ingress-class=nginx
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        - --default-backend-service=ingress-nginx/nginx-errors
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
        image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-controller:v1.3.0
        #image: registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - /wait-shutdown
        livenessProbe:
          failureThreshold: 5
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: controller
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
        - containerPort: 8443
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          requests:
            cpu: 100m
            memory: 90Mi
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - ALL
          runAsUser: 101
        volumeMounts:
        - mountPath: /usr/local/certificates/
          name: webhook-cert
          readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
        node-label-ingress-nginx: 'true'
      #  kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
      - name: webhook-cert
        secret:
          secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.0
      name: ingress-nginx-admission-create
    spec:
      imagePullSecrets:
        - name: aliimagesecret
      containers:
      - args:
        - create
        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
        - --namespace=$(POD_NAMESPACE)
        - --secret-name=ingress-nginx-admission
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-kube-webhook-certgen:v1.1.1
        #image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        node-label-ingress-nginx: 'true'
        #kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.0
      name: ingress-nginx-admission-patch
    spec:
      imagePullSecrets:
        - name: aliimagesecret
      containers:
      - args:
        - patch
        - --webhook-name=ingress-nginx-admission
        - --namespace=$(POD_NAMESPACE)
        - --patch-mutating=false
        - --secret-name=ingress-nginx-admission
        - --patch-failure-policy=Fail
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/ingress-nginx-kube-webhook-certgen:v1.1.1
        #image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        node-label-ingress-nginx: 'true'
      #  kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: nginx
spec:
  controller: k8s.io/ingress-nginx
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.0
  name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: ingress-nginx-controller-admission
      namespace: ingress-nginx
      path: /networking/v1/ingresses
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: validate.nginx.ingress.kubernetes.io
  rules:
  - apiGroups:
    - networking.k8s.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ingresses
  sideEffects: None

4-4.执行创建

执行创建

kubectl apply -f deploy.yaml

查看创建结果

kubectl get pods -n ingress-nginx

显示结果

NAME                                   READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-hxh9h   0/1     Completed   0          108m
ingress-nginx-admission-patch-5hh89    0/1     Completed   0          108m
ingress-nginx-controller-g8wdx         1/1     Running     0          108m
nginx-errors-5c6dd76c59-xnb4b          1/1     Running     0          109m

5.部署nginx

5-1.创建命名空间

在教程一开始就创建好了

5-2.创建deployment

创建

vim web-nginx-po.yaml

添加以下内容

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: web-nginx
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      nodeSelector:
        node-label-web-nginx: 'true'
      imagePullSecrets:
        - name: aliimagesecret
      containers:
      - name: nginx
        image: registry.cn-shenzhen.aliyuncs.com/yjy_k8s/nginx:v1.23.1
        ports:
        - containerPort: 80

执行创建

kubectl apply -f web-nginx-po.yaml

查看创建结果

kubectl get pods -n web-nginx

显示

NAME                     READY   STATUS    RESTARTS   AGE
nginx-7b4fcc97f5-59njv   1/1     Running   0          56m

5-3.创建Service

创建

vim web-nginx-svc.yaml

添加以下内容

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
  namespace: web-nginx
spec:
  selector:
    app: nginx
  ports:
    - port: 80
      protocol: TCP
      targetPort: 80

执行创建

kubectl apply -f web-nginx-svc.yaml

查看创建结果

kubectl get svc -n web-nginx

显示

NAME        TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
nginx-svc   ClusterIP   10.99.98.99   <none>        80/TCP    58m

5-4.创建Ingress

创建

vim web-nginx-ingress.yaml

添加以下yaml

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-nginx-ingress
  namespace: web-nginx
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: k8s.janrs.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-svc
            port:
              number: 80

执行创建

kubectl apply -f web-nginx-ingress.yaml

查看创建结果

kubectl get ingress -n web-nginx

显示

[!NOTE]
下面显示的域名是我自己的域名。并且已经在阿里做了解析

NAME                CLASS   HOSTS           ADDRESS          PORTS   AGE
web-nginx-ingress   nginx   k8s.janrs.com   172.31.235.118   80      58m

5-5.访问nginx服务

通过Ingress规则,可以在浏览器直接访问到进群内的nginx服务

截图
https://cdn.janrs.com/wp-content/uploads/2023/02/ingress-01.png


至此。k8s部署ingress nginx完成

如果你有任何问题,欢迎在底部留言。或者点击加入微信技术交流群 | 我的GitHub

码仔

文章作者

Janrs.com

发表回复

textsms
account_circle
email

Janrs.com | 杨建勇

k8s部署ingress controller
[!TIP] 记录k8s部署ingress-nginx服务 并且添加nginx-errors服务。也就是default-backend 并且部署nginx服务 最后配置ingress通过ingress-controller访问到nginx 转载请注明出处:https…
扫描二维码继续阅读
2022-06-19