使用yaml来实现ingress-nginx
创建一个ingress-nginx
[root@k8s-master ingress]# cat ingress-nginx.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
serviceAccountName: nginx-ingress-serviceaccount
hostNetwork: true
containers:
- name: nginx-ingress-controller
image: lizhenliang/nginx-ingress-controller:0.20.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
---
这里有的执行完毕之后,可以ingress出现off状态,这里需要在你的kube-proxy配置文件添加--masquerade-all=true \
这里我是自己搭建的二进制k8s集群是这么添加的,其他的环境这里不做太多阐述
node节点都需要重启并添加参数
[root@k8s-node1 ~]# vim /opt/kubernetes/cfg/kube-proxy
KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.30.22 \
--cluster-cidr=10.0.0.0/24 \
--masquerade-all=true \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
重启kube-proxy和kube-apiserver就可以了,查看ingress
[root@k8s-master ~]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-bbb66b76b-2jszm 1/1 Running 0 48m
使用yaml来实现ingress-nginx的更多相关文章
- 云原生之旅 - 8)云原生时代的网关 Ingress Nginx
前言 当我们在Kubernetes部署的服务需要暴露给外部用户使用时,有三种选择:LoadBalancer,NodePort, Ingress. LoadBalancer类型得结合各个Cloud Pr ...
- 基于k8s集群部署prometheus监控ingress nginx
目录 基于k8s集群部署prometheus监控ingress nginx 1.背景和环境概述 2.修改prometheus配置 3.检查是否生效 4.配置grafana图形 基于k8s集群部署pro ...
- 调试 Ingress Nginx
由于 Ingress Nginx 是最受欢迎的 Ingress 控制器,因此接下来我们将介绍一些有关调试 ingress-nginx 的技巧. 调试 Ingress Nginx Ingress-ngi ...
- yaml文件实例:nginx+ingress
[root@lab3 nginx]# cat nginx-test.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: nam ...
- ingress nginx https配置
3.https配置第一步:制作自签证书 [root@master demo]# openssl genrsa -out tls.key 2048 [root@master demo]# openssl ...
- Kubernetes 服务入口管理与 Nginx Ingress Controller
Kubernetes 具有强大的副本,动态扩容等特性,每一次 Pod 的变化 IP 地址都会发生变化,所以 Kubernetes 引进了 Service 的概念.Kubernetes 中使用 Serv ...
- Kubernetes 部署 Nginx Ingress Controller 之 nginxinc/kubernetes-ingress
更新:这里用的是 nginxinc/kubernetes-ingress ,还有个 kubernetes/ingress-nginx ,它们的区别见 Differences Between nginx ...
- Kubernetes Ingress Controller的使用及高可用落地
Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...
- 部署ingress及使用
一.下载yaml文件 wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.y ...
- Ingress 原理及实例
什么是Ingress 在Kubernetes中,Service和Pod的IP地址只能在集群内部网络中路由,所有到达“边界路由器”(Edge Router)的网络流量要么被丢弃,要么被转发到别处,从概念 ...
随机推荐
- rman catalog配置
1.创建表空间 create tablespace rman_tbs datafile '/u01/app/oracle/oradata/PROD1/rman_tbs01.dbf' size 200m ...
- gnuplot设置字体及大小
set term png font 'times.ttf,14'set fontpath '/home/peter/.fonts'set output 'vel-cost.eps'set gridse ...
- 淘宝|蚂蚁|菜鸟|盒马|嘀嘀|饿了么面经(已拿多个offer)
上一篇的同学拿到了bigo和腾讯的offer,这一次的分享来自两位同学的面试综合,他们分别拿到了菜鸟.嘀嘀.盒马的多个offer,由于面试的时间跨度时间太长,且面试的部门太多,只能回忆到具体的面试题, ...
- mysql: SOURCE error 2?
mysql: SOURCE error 2? mysql -uroot -p ****** # 路径输入错误,会抛出这个异常 mysql> source /var/lib/ambari-serv ...
- vue在html使用
1.Vue: 定义:渐进式JavaScript框架 渐进式: 定义:声明渲染 组件系统 客户端路由 集中式状态管理 项目构建 2.MVVM 定义 M Model(服务器上的业务逻辑操作) V View ...
- Tomcat文件包含漏洞的搭建与复现:CVE-2020-1938
Tomcat文件包含漏洞的搭建与复现:CVE-2020-1938 漏洞描述 2020年2月20日,国家信息安全漏洞共享平台(CNVD)发布了Apache Tomcat文件包含漏洞(CNVD-2020- ...
- matlab随机系数矩阵产生以及矩阵的可视化函数
clc; clear all; close all; n = 100;%所产生矩阵的大小 A= sprandsym(n,0.015,0.1,1);%产生系数矩阵函数: spy(A)矩阵图形化相当于im ...
- Docker部署tomcat+nginx+mysql,创建一个tomcat集群
Docker的部署可以选择虚拟机或者云服务器,我自己选择的是本机安装centos7虚拟机: 1.虚拟机安装登录成功后开始部署docker: 首先了解docker是一个开源应用容器引擎,基于Go语言遵循 ...
- Git 仓库拆分
方案对比 subtree 使用命令 git subtree split -P dirPath -b branchName 将目标文件夹的代码都保存到指定分支.试了下,该方案虽然保留了 commit,但 ...
- input输入框输入中文时,监听的input事件 屏蔽拼音状态
$(function () { $('#jh').off().on({ //中文输入开始 compositionstart: function () { cpLock = false; }, //中文 ...