首页 > 系统相关 >kubernetes ingress-nginx 入门实践

kubernetes ingress-nginx 入门实践

时间:2024-08-06 16:43:00浏览次数:6  
标签:ingress kubernetes rocky01 -- app nginx myapp root

Ingress-Nginx deploy

ingress.png

https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md

[root@rocky01 ~]# ip addr | grep ens3
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.5.31/24 brd 192.168.5.255 scope global dynamic noprefixroute ens34
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.5.239/24 brd 192.168.5.255 scope global dynamic noprefixroute ens37
[root@rocky01 ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.1/deploy/static/provider/cloud/deploy.yaml
[root@rocky01 ~]# vim deploy.yaml
...
Kind: Service
spec:
  #externalTrafficPolicy: Local
  externalTrafficPolicy: Cluster  # change to Cluster for local test
  externalIPs: ['192.168.5.239']  # any Node ip is fine, master node for example
...
[root@rocky01 ~]# kubectl apply -f deploy.yaml
[root@rocky01 ~]# kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-svjf7        0/1     Completed   0          8h
ingress-nginx-admission-patch-mrt99         0/1     Completed   1          8h
ingress-nginx-controller-77667b9d9b-f9v8t   1/1     Running     0          8h
[root@rocky01 ~]# kubectl get svc -n ingress-nginx
NAME                                 TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.68.236.92   192.168.5.239   80:30822/TCP,443:32132/TCP   8h
ingress-nginx-controller-admission   ClusterIP      10.68.192.67   <none>          443/TCP                      8h

root@iStoreOS ~ # grep app /etc/dnsmasq.conf
address=/*.app/192.168.5.239
root@iStoreOS ~ # nslookup v1.app
Server:		127.0.0.1
Address:	127.0.0.1:53

Name:	v1.app
Address: 192.168.5.239

Create kubernetes Ingress-Nginx resource

[root@rocky01 ~]# kubectl create ingress NAME --rule=host/path=service:port[,tls[=secret]] [options]
[root@rocky01 ~]# kubectl create deployment --image ikubernetes/myapp:v2 --replicas 2 myappv2
[root@rocky01 ~]# kubectl create deployment --image ikubernetes/myapp:v1 --replicas 2 myappv1
[root@rocky01 ~]# kubectl create svc clusterip myappv1 --tcp 80:80
[root@rocky01 ~]# kubectl create svc clusterip myappv2 --tcp 80:80
单域名匹配
# 单域名
[root@rocky01 ~]# kubectl create ingress myappv1 --class=nginx --rule="v1.app/=myappv1:80"
[root@rocky01 ~]# curl v1.app
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@rocky01 ~]# curl v1.app/hostname.html   # 无法访问
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
单域名支持子路径
[root@rocky01 ~]# kubectl create ingress myappv2 --class=nginx --rule="v2.app/*=myappv2:80" # 注意*的位置和上个实例区别
[root@rocky01 ~]# curl v2.app
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@rocky01 ~]# curl v2.app/hostname.html 
myappv2-c5889974d-l86ht
单域名多URL匹配:
[root@rocky01 ~]# kubectl create ingress myapp --class=nginx --rule="myapp.app/v1=myappv1:80" --rule="myapp.app/v2=myappv2:80"
[root@rocky01 ~]# kubectl get ingress -o wide
NAME      CLASS   HOSTS       ADDRESS         PORTS   AGE
myapp     nginx   myapp.app   192.168.5.239   80      10m
[root@rocky01 ~]# curl -o /dev/null -s -w "%{http_code}\n" myapp.app/v1
404
[root@rocky01 ~]# curl -o /dev/null -s -w "%{http_code}\n" myapp.app/v2
404
# 此时一定在好奇到底那里除了问题为何404,其实配置没有问题,只需要稍微的修改并加上:
# --annotation=nginx.ingress.kubernetes.io/rewrite-target=/ 表示代理后端服务器的/,而非代理到后端服务的子URL /v1和/v2
[root@rocky01 ~]# kubectl create ingress myapp --class=nginx --rule="myapp.app/v1=myappv1:80" --rule="myapp.app/v2=myappv2:80" --annotation=nginx.ingress.kubernetes.io/rewrite-target=/
[root@rocky01 ~]# curl  myapp.app/v2
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@rocky01 ~]# curl  myapp.app/v1
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
二级子域名匹配

User–>http://myapp.app/v2/hostname/–>svc : myappv2:80–>backend: POD_IP:80/hostname

[root@rocky01 ~]# kubectl create ingress myapp --class=nginx --rule="myapp.app/v1(/|$)(.*)=myappv1:80" --rule="myapp.app/v2(/|$)(.*)=myappv2:80" --annotation=nginx.ingress.kubernetes.io/rewrite-target="/$2"
[root@rocky01 ~]# curl myapp.app/v2/hostname
[root@rocky01 ~]# curl myapp.app/v2 
[root@rocky01 ~]# kubectl get ingress
NAME    CLASS   HOSTS       ADDRESS         PORTS   AGE
myapp   nginx   myapp.app   192.168.5.239   80      17m
[root@rocky01 ~]# curl myapp.app/v1/
kubernetes pod-test v0.1!! ClientIP: 172.20.59.9, ServerName: myappv1-846945d675-qtxww, ServerIP: 172.20.59.14!
[root@rocky01 ~]# curl myapp.app/v1/hostname    # 应该显示部分相应的信息,但是不知为何我这里有问题
kubernetes pod-test v0.1!! ClientIP: 172.20.59.9, ServerName: myappv1-846945d675-n5sxs, ServerIP: 172.20.189.78!
子域名匹配
[root@rocky01 ~]# kubectl create ingress myapp --class=nginx --rule="v1.app/=myappv1:80" --rule="v2.app/=myappv2:80"
[root@rocky01 ~]# kubectl get ingress
NAME    CLASS   HOSTS           ADDRESS         PORTS   AGE
myapp   nginx   v1.app,v2.app   192.168.5.239   80      68s
[root@rocky01 ~]# curl v1.app
kubernetes pod-test v0.1!! ClientIP: 172.20.59.9, ServerName: myappv1-846945d675-qtxww, ServerIP: 172.20.59.14!
[root@rocky01 ~]# curl v2.app
kubernetes pod-test v0.2!! ClientIP: 172.20.59.9, ServerName: myappv2-5ff5c6f779-z5mxq, ServerIP: 172.20.59.13!
实现HTTPS
# 生成一个 2048 位的私钥
[root@rocky01 ~]# openssl genrsa -out private.key 2048
# 生成自签名证书
[root@rocky01 ~]# openssl req -x509 -new -key private.key -out selfsigned.crt -days 3650 -subj /C=CN/ST=BJ/L=BJ/O=SRE/CN=myapp.app
[root@rocky01 ~]# ll private.key request.csr selfsigned.crt
-rw------- 1 root root 1874 8月   6 16:10 private.key
-rw-r--r-- 1 root root 1180 8月   6 16:11 selfsigned.crt
# k8s中创建secret
[root@rocky01 ~]# kubectl create secret tls tls-app --cert=./selfsigned.crt --key=./private.key
[root@rocky01 ~]# kubectl get secrets
NAME      TYPE                DATA   AGE
tls-app   kubernetes.io/tls   2      22s
[root@rocky01 ~]# kubectl create ingress myapp-tls --class=nginx --rule="v1.app/*=myappv1:80,tls=tls-app" --rule="v2.app/*=myappv2:80,tls=tls-app"
[root@rocky01 ~]# curl -I v1.app
HTTP/1.1 308 Permanent Redirect
Date: Tue, 06 Aug 2024 07:59:03 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://v1.app   # 	已经自动重定向到HTTPS
[root@rocky01 ~]# curl -k https://v1.app
kubernetes pod-test v0.1!! ClientIP: 172.20.59.9, ServerName: myappv1-846945d675-qtxww, ServerIP: 172.20.59.14!
[root@rocky01 ~]# curl -k https://v1.app/hostname
ServerName: myappv1-846945d675-n5sxs

标签:ingress,kubernetes,rocky01,--,app,nginx,myapp,root
From: https://www.cnblogs.com/Jas0n0ss/p/18345492

相关文章

  • 【云原生】恰当运用kubernetes中三种探针,确保应用程序在Kubernetes集群中保持健康、可
    ✨✨欢迎大家来到景天科技苑✨✨......
  • 在 Kubernetes 中部署 Alertmanager
    AlertManager是一个开源警报系统,与Prometheus监控系统配合使用。本博客是PrometheusKubernetes教程系列的一部分。在我们之前的文章中,我们研究了以下内容:在Kubernetes上部署Prometheus部署KubeStateMetrics在本指南中,我将介绍Alertmanager设置及其与Promethe......
  • kubernetes二进制安装 -- 1.30.3
    1、节点规划10.202.99.34master0110.202.99.35master0210.202.99.36master0310.202.99.37node0110.202.99.100vip2、环境准备2.1、关闭防火墙、selinux、swap和NetworkManager#关闭selinux##临时关闭setenforce0##永久关闭sed-i's/enforcing/disabl......
  • 更安全的alist手动安装挂载本机存储并使用nginx反代
    alist的手动安装挂载本机存储并使用nginx反代一、下载最新alist软件包wgethttps://github.com/alist-org/alist/releases/download/v3.36.0/alist-linux-amd64.tar.gz二、手动安装alist1.创建alist目录sudomkdir/opt/alist#创建运行alist的用户sudouseradd-r-s/us......
  • kubernetes面试
    前言  此面经为企鹅侠自己面试遇到和收集其它朋友提供的信息整理而成,给予大家参考,希望能有所帮助。!!!文档有问题请大家及时指出做修改哈k8s是什么?请说出你的了解?  答:Kubenetes是一个针对容器应用,进行自动部署,弹性伸缩和管理的开源系统。主要功能是生产环境中的......
  • 【Kubernetes】应用的部署(一):金丝雀部署
    应用的部署(一):金丝雀部署在项目迭代开发过程中,经常需要对应用进行上线部署。上线部署策略主要有3种:金丝雀部署、蓝绿部署和滚动部署。金丝雀部署也被叫作灰度部署。金丝雀部署过程:先让一部分用户继续使用旧版本,而另一部分用户开始使用新版本;如果新版本没有......
  • kubernetes-存储卷与持久化详解
    目录背景volume介绍emptyDirHostPathNFSconfigMapSecretPersistentVolume介绍PV回收策略PV访问策略基于nfs或nas创建pv创建hostpath类型的pvPV的状态PersistentVolumeClaim创建pvc与pv进行绑定使用pvc动态存储storageclass创建目录nfs添加授权目录创建yaml背景容器部署过程中一......
  • Tomcat与Nginx的区别详解
    目录引言Tomcat概述Tomcat的历史Tomcat的架构Tomcat的功能Nginx概述Nginx的历史Nginx的架构Nginx的功能Tomcat与Nginx的区别架构上的区别......
  • ddns-go手动安装,配置acme获取证书,nginx反代
    ddns-go的手动安装并使用nginx反代一、下载最新ddngo软件包wgethttps://github.com/jeessy2/ddns-go/releases/download/v6.6.7/ddns-go_6.6.7_linux_x86_64.tar.gz二、手动安装ddnsgo1.创建ddnsgo目录sudomkdir/opt/ddnsgo#创建运行ddnsgo的用户sudouseradd-r-s/......
  • linux 安装 nginx
    一、官网下载Nginx官网地址:http://nginx.org/en/download.html我下载的是最新稳定版 二、上传到服务器解压1、上传到指定的服务器地址上传的地址自己决定,我上传到/usr/Nginx。2、解压使用命令:tar-zxvf“你的Nginx压缩包”,我这里是:tar-zxvfnginx-1.24.0.t......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99