一、编写nginx-ingress-controller.yaml文件
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
k8s-app: default-http-backend
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissable as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
image: gcr.io/google_containers/defaultbackend:1.0
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: kube-system
labels:
k8s-app: default-http-backend
spec:
ports:
- port: 80
targetPort: 8080
selector:
k8s-app: default-http-backend
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
labels:
k8s-app: nginx-ingress-controller
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: nginx-ingress-controller
spec:
# hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
# however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
# that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
# like with kubeadm
serviceAccountName: nginx-ingress-serviceaccount
hostNetwork: true
terminationGracePeriodSeconds: 60
containers:
- image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11
name: nginx-ingress-controller
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
二、编写rbac.yaml文件(创建服务账户,赋予nginx-controller的kubernetes api访问权限)
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: kube-system
三、由于文件中使用到grc镜像,需要更改tag标签(可使用脚本或直接运行)
docker pull anjia0532/google-containers.defaultbackend:1.0
docker pull anjia0532/google-containers.nginx-ingress-controller:0.9.0-beta.11
docker tag anjia0532/google-containers.defaultbackend:1.0 gcr.io/google_containers/defaultbackend:1.0
docker tag anjia0532/google-containers.nginx-ingress-controller:0.9.0-beta.11 gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11
四、安装步骤
kubectl apply -f ./*.yaml #注意此目录下只能包含刚刚新建的2分yaml文件,避免引起其他错误
kubectl get pod -n kubesystem -o wide #查看新建的pod状态(此pod可能出现在任意node节点,若master节点不允许创建pod,则一定不会在master上
五、创建ingress指定service便可以使用(参考k8s-service部分)
参考链接:https://blog.csdn.net/xingyuzhe/article/details/80979974
- k8s Ingress和ingress控制器
ingress架构图简介 我们知道service的表现形式为IP:PORT,即工作在第四层传输层(TCP/IP层),那么对于不同的URL地址经常对应用不同的后端服务或者虚拟服务器,这些应用层的转发机制 ...
- k8s Docker 安装
k8s Docker 安装 一.运行环境 Centos 7.7 虚拟机内核为 3.10 基础组件版本: k8s.gcr.io/kube-apiserver:v1.16.0 k8s.gcr.io/kub ...
- K8S ingress控制器
文章转载自: K8S ingress控制器 (一)https://blog.51cto.com/u_13760351/2728917 K8S ingress控制器 (二)https://blog.51 ...
- kubernetes(k8s) helm安装kafka、zookeeper
通过helm在k8s上部署kafka.zookeeper 通过helm方法安装 k8s上安装kafka,可以使用helm,将kafka作为一个应用安装.当然这首先要你的k8s支持使用helm安装.he ...
- 使用k8s operator安装和维护etcd集群
关于Kubernetes Operator这个新生事物,可以参考下文来了解这一技术的来龙去脉: https://yq.aliyun.com/articles/685522?utm_content=g_ ...
- 国内不fq安装K8S四: 安装过程中遇到的问题和解决方法
目录 4 安装过程中遇到的问题和解决方法 4.1 常见问题 4.2 常用的操作命令 4.3 比较好的博客 国内不fq安装K8S一: 安装docker 国内不fq安装K8S二: 安装kubernet 国 ...
- 国内不fq安装K8S二: 安装kubernet
目录 2 安装kubelet 2.1 环境准备 2.2 设置国内的源 2.3 重要的设置 2.4 获取镜像 2.5 使用kubeadm init初始化集群 2.6 安装Pod Network 2.7 ...
- 国内不fq安装K8S一: 安装docker
目录 1.安装docker 1.1 准备工作 1.2 安装docker 1.3 修改cgroup 国内不fq安装K8S一: 安装docker 国内不fq安装K8S二: 安装kubernet 国内不fq ...
- [转帖]容器云之K8s自动化安装方式的选择
容器云之K8s自动化安装方式的选择 时间 2016-12-05 19:10:53 极客头条 原文 http://geek.csdn.net/news/detail/127426 主题 Kubern ...
- 浅谈 k8s ingress controller 选型
大家好,先简单自我介绍下,我叫厉辉,来自腾讯云.业余时间比较喜欢开源,现在是Apache APISIX PPMC.今天我来简单给大家介绍下 K8S Ingress 控制器的选型经验,今天我讲的这些内容 ...
随机推荐
- Pycharm激活方法使用的是(license server)
pycharm所有版本 http://www.jetbrains.com/pycharm/download/previous.html打开激活窗口 选择 Activate new license wi ...
- 前端知识--mulline框架,返回到前一个页面,并且刷新前一个页面
最近在写项目的时候,遇到了这样一个问题,在第二页面修改完了数据之后,点击返回按钮的时候,第一个页面要返显出第一个页面的数据,这想想其实也不是很难,但是,难就难在,这两个页面是同时打开的.关闭了一个页面 ...
- The Secret Life of Types in Swift
At first glance, Swift looked different as a language compared to Objective-C because of the modern ...
- C++的map用法
图,自动建立表示关键字和键值(key - value)之间的对应关系,两者可以是任何数据类型,key唯一并且自动排序,value不唯一. 1.头文件#include<map> 2.map& ...
- codeforces B. A and B 找规律
Educational Codeforces Round 78 (Rated for Div. 2) 1278B - 6 B. A and B time limit per test 1 secon ...
- 在WinDbg中显示和搜索std::map内容
我们希望在WinDbg中自动显示.搜索和过滤std::map对象.std::vectors的脚本相对简单,因为vectors中数据的平面结构:map是更复杂的野兽.具体地说,Visual C++ ST ...
- JS的ES6的Symbol
一.Symbol 1.什么是Symbol: Symbol是ES6新添加的原始类型(ES5已有原始数据类型:String,Number,boolean,function,undefined,object ...
- K8s Service原理介绍
Service的工作方式有三种: 第一种: 是Userspace方式 如下图描述, Client Pod要访问Server Pod时,它先将请求发给本机内核空间中的service规则,由它再将请求, ...
- v-model和 .sync
1.v-model的双向数据绑定其实是一个语法糖,类似于,给子组件传入一个value值,并且监听子组件的input事件,在这个事件里将子组件传过来的新值赋值给父组件的value <Input v ...
- Mybatis27题
1.什么是Mybatis? Mybatis是一个半ORM(对象关系映射)框架,它内部封装了JDBC,开发时只需要关注SQL语句本身,不需要花费精力去处理加载驱动.创建连接.创建statement等繁杂 ...
