介绍

Ingress 公开了从集群外部到集群内服务的 HTTP 和 HTTPS 路由。流量路由由 Ingress 资源上定义的规则控制。

下面是一个将所有流量都发送到同一 Service 的简单 Ingress 示例:

写入配置文件,并执行

  1. [root@hello ~/yaml]# vim deploy.yaml
  2. [root@hello ~/yaml]#
  3. [root@hello ~/yaml]#
  4. [root@hello ~/yaml]# cat deploy.yaml
  5. apiVersion: v1
  6. kind: Namespace
  7. metadata:
  8.   name: ingress-nginx
  9.   labels:
  10.     app.kubernetes.io/name: ingress-nginx
  11.     app.kubernetes.io/instance: ingress-nginx
  12. ---
  13. # Source: ingress-nginx/templates/controller-serviceaccount.yaml
  14. apiVersion: v1
  15. kind: ServiceAccount
  16. metadata:
  17.   labels:
  18.     helm.sh/chart: ingress-nginx-4.0.10
  19.     app.kubernetes.io/name: ingress-nginx
  20.     app.kubernetes.io/instance: ingress-nginx
  21.     app.kubernetes.io/version: 1.1.0
  22.     app.kubernetes.io/managed-by: Helm
  23.     app.kubernetes.io/component: controller
  24.   name: ingress-nginx
  25.   namespace: ingress-nginx
  26. automountServiceAccountToken: true
  27. ---
  28. # Source: ingress-nginx/templates/controller-configmap.yaml
  29. apiVersion: v1
  30. kind: ConfigMap
  31. metadata:
  32.   labels:
  33.     helm.sh/chart: ingress-nginx-4.0.10
  34.     app.kubernetes.io/name: ingress-nginx
  35.     app.kubernetes.io/instance: ingress-nginx
  36.     app.kubernetes.io/version: 1.1.0
  37.     app.kubernetes.io/managed-by: Helm
  38.     app.kubernetes.io/component: controller
  39.   name: ingress-nginx-controller
  40.   namespace: ingress-nginx
  41. data:
  42.   allow-snippet-annotations: 'true'
  43. ---
  44. # Source: ingress-nginx/templates/clusterrole.yaml
  45. apiVersion: rbac.authorization.k8s.io/v1
  46. kind: ClusterRole
  47. metadata:
  48.   labels:
  49.     helm.sh/chart: ingress-nginx-4.0.10
  50.     app.kubernetes.io/name: ingress-nginx
  51.     app.kubernetes.io/instance: ingress-nginx
  52.     app.kubernetes.io/version: 1.1.0
  53.     app.kubernetes.io/managed-by: Helm
  54.   name: ingress-nginx
  55. rules:
  56.   - apiGroups:
  57.       - ''
  58.     resources:
  59.       - configmaps
  60.       - endpoints
  61.       - nodes
  62.       - pods
  63.       - secrets
  64.       - namespaces
  65.     verbs:
  66.       - list
  67.       - watch
  68.   - apiGroups:
  69.       - ''
  70.     resources:
  71.       - nodes
  72.     verbs:
  73.       - get
  74.   - apiGroups:
  75.       - ''
  76.     resources:
  77.       - services
  78.     verbs:
  79.       - get
  80.       - list
  81.       - watch
  82.   - apiGroups:
  83.       - networking.k8s.io
  84.     resources:
  85.       - ingresses
  86.     verbs:
  87.       - get
  88.       - list
  89.       - watch
  90.   - apiGroups:
  91.       - ''
  92.     resources:
  93.       - events
  94.     verbs:
  95.       - create
  96.       - patch
  97.   - apiGroups:
  98.       - networking.k8s.io
  99.     resources:
  100.       - ingresses/status
  101.     verbs:
  102.       - update
  103.   - apiGroups:
  104.       - networking.k8s.io
  105.     resources:
  106.       - ingressclasses
  107.     verbs:
  108.       - get
  109.       - list
  110.       - watch
  111. ---
  112. # Source: ingress-nginx/templates/clusterrolebinding.yaml
  113. apiVersion: rbac.authorization.k8s.io/v1
  114. kind: ClusterRoleBinding
  115. metadata:
  116.   labels:
  117.     helm.sh/chart: ingress-nginx-4.0.10
  118.     app.kubernetes.io/name: ingress-nginx
  119.     app.kubernetes.io/instance: ingress-nginx
  120.     app.kubernetes.io/version: 1.1.0
  121.     app.kubernetes.io/managed-by: Helm
  122.   name: ingress-nginx
  123. roleRef:
  124.   apiGroup: rbac.authorization.k8s.io
  125.   kind: ClusterRole
  126.   name: ingress-nginx
  127. subjects:
  128.   - kind: ServiceAccount
  129.     name: ingress-nginx
  130.     namespace: ingress-nginx
  131. ---
  132. # Source: ingress-nginx/templates/controller-role.yaml
  133. apiVersion: rbac.authorization.k8s.io/v1
  134. kind: Role
  135. metadata:
  136.   labels:
  137.     helm.sh/chart: ingress-nginx-4.0.10
  138.     app.kubernetes.io/name: ingress-nginx
  139.     app.kubernetes.io/instance: ingress-nginx
  140.     app.kubernetes.io/version: 1.1.0
  141.     app.kubernetes.io/managed-by: Helm
  142.     app.kubernetes.io/component: controller
  143.   name: ingress-nginx
  144.   namespace: ingress-nginx
  145. rules:
  146.   - apiGroups:
  147.       - ''
  148.     resources:
  149.       - namespaces
  150.     verbs:
  151.       - get
  152.   - apiGroups:
  153.       - ''
  154.     resources:
  155.       - configmaps
  156.       - pods
  157.       - secrets
  158.       - endpoints
  159.     verbs:
  160.       - get
  161.       - list
  162.       - watch
  163.   - apiGroups:
  164.       - ''
  165.     resources:
  166.       - services
  167.     verbs:
  168.       - get
  169.       - list
  170.       - watch
  171.   - apiGroups:
  172.       - networking.k8s.io
  173.     resources:
  174.       - ingresses
  175.     verbs:
  176.       - get
  177.       - list
  178.       - watch
  179.   - apiGroups:
  180.       - networking.k8s.io
  181.     resources:
  182.       - ingresses/status
  183.     verbs:
  184.       - update
  185.   - apiGroups:
  186.       - networking.k8s.io
  187.     resources:
  188.       - ingressclasses
  189.     verbs:
  190.       - get
  191.       - list
  192.       - watch
  193.   - apiGroups:
  194.       - ''
  195.     resources:
  196.       - configmaps
  197.     resourceNames:
  198.       - ingress-controller-leader
  199.     verbs:
  200.       - get
  201.       - update
  202.   - apiGroups:
  203.       - ''
  204.     resources:
  205.       - configmaps
  206.     verbs:
  207.       - create
  208.   - apiGroups:
  209.       - ''
  210.     resources:
  211.       - events
  212.     verbs:
  213.       - create
  214.       - patch
  215. ---
  216. # Source: ingress-nginx/templates/controller-rolebinding.yaml
  217. apiVersion: rbac.authorization.k8s.io/v1
  218. kind: RoleBinding
  219. metadata:
  220.   labels:
  221.     helm.sh/chart: ingress-nginx-4.0.10
  222.     app.kubernetes.io/name: ingress-nginx
  223.     app.kubernetes.io/instance: ingress-nginx
  224.     app.kubernetes.io/version: 1.1.0
  225.     app.kubernetes.io/managed-by: Helm
  226.     app.kubernetes.io/component: controller
  227.   name: ingress-nginx
  228.   namespace: ingress-nginx
  229. roleRef:
  230.   apiGroup: rbac.authorization.k8s.io
  231.   kind: Role
  232.   name: ingress-nginx
  233. subjects:
  234.   - kind: ServiceAccount
  235.     name: ingress-nginx
  236.     namespace: ingress-nginx
  237. ---
  238. # Source: ingress-nginx/templates/controller-service-webhook.yaml
  239. apiVersion: v1
  240. kind: Service
  241. metadata:
  242.   labels:
  243.     helm.sh/chart: ingress-nginx-4.0.10
  244.     app.kubernetes.io/name: ingress-nginx
  245.     app.kubernetes.io/instance: ingress-nginx
  246.     app.kubernetes.io/version: 1.1.0
  247.     app.kubernetes.io/managed-by: Helm
  248.     app.kubernetes.io/component: controller
  249.   name: ingress-nginx-controller-admission
  250.   namespace: ingress-nginx
  251. spec:
  252.   type: ClusterIP
  253.   ports:
  254.     - name: https-webhook
  255.       port: 443
  256.       targetPort: webhook
  257.       appProtocol: https
  258.   selector:
  259.     app.kubernetes.io/name: ingress-nginx
  260.     app.kubernetes.io/instance: ingress-nginx
  261.     app.kubernetes.io/component: controller
  262. ---
  263. # Source: ingress-nginx/templates/controller-service.yaml
  264. apiVersion: v1
  265. kind: Service
  266. metadata:
  267.   annotations:
  268.   labels:
  269.     helm.sh/chart: ingress-nginx-4.0.10
  270.     app.kubernetes.io/name: ingress-nginx
  271.     app.kubernetes.io/instance: ingress-nginx
  272.     app.kubernetes.io/version: 1.1.0
  273.     app.kubernetes.io/managed-by: Helm
  274.     app.kubernetes.io/component: controller
  275.   name: ingress-nginx-controller
  276.   namespace: ingress-nginx
  277. spec:
  278.   type: NodePort
  279.   externalTrafficPolicy: Local
  280.   ipFamilyPolicy: SingleStack
  281.   ipFamilies:
  282.     - IPv4
  283.   ports:
  284.     - name: http
  285.       port: 80
  286.       protocol: TCP
  287.       targetPort: http
  288.       appProtocol: http
  289.     - name: https
  290.       port: 443
  291.       protocol: TCP
  292.       targetPort: https
  293.       appProtocol: https
  294.   selector:
  295.     app.kubernetes.io/name: ingress-nginx
  296.     app.kubernetes.io/instance: ingress-nginx
  297.     app.kubernetes.io/component: controller
  298. ---
  299. # Source: ingress-nginx/templates/controller-deployment.yaml
  300. apiVersion: apps/v1
  301. kind: Deployment
  302. metadata:
  303.   labels:
  304.     helm.sh/chart: ingress-nginx-4.0.10
  305.     app.kubernetes.io/name: ingress-nginx
  306.     app.kubernetes.io/instance: ingress-nginx
  307.     app.kubernetes.io/version: 1.1.0
  308.     app.kubernetes.io/managed-by: Helm
  309.     app.kubernetes.io/component: controller
  310.   name: ingress-nginx-controller
  311.   namespace: ingress-nginx
  312. spec:
  313.   selector:
  314.     matchLabels:
  315.       app.kubernetes.io/name: ingress-nginx
  316.       app.kubernetes.io/instance: ingress-nginx
  317.       app.kubernetes.io/component: controller
  318.   revisionHistoryLimit: 10
  319.   minReadySeconds: 0
  320.   template:
  321.     metadata:
  322.       labels:
  323.         app.kubernetes.io/name: ingress-nginx
  324.         app.kubernetes.io/instance: ingress-nginx
  325.         app.kubernetes.io/component: controller
  326.     spec:
  327.       dnsPolicy: ClusterFirst
  328.       containers:
  329.         - name: controller
  330.           image: registry.cn-hangzhou.aliyuncs.com/chenby/controller:v1.1.3 
  331.           imagePullPolicy: IfNotPresent
  332.           lifecycle:
  333.             preStop:
  334.               exec:
  335.                 command:
  336.                   - /wait-shutdown
  337.           args:
  338.             - /nginx-ingress-controller
  339.             - --election-id=ingress-controller-leader
  340.             - --controller-class=k8s.io/ingress-nginx
  341.             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
  342.             - --validating-webhook=:8443
  343.             - --validating-webhook-certificate=/usr/local/certificates/cert
  344.             - --validating-webhook-key=/usr/local/certificates/key
  345.           securityContext:
  346.             capabilities:
  347.               drop:
  348.                 - ALL
  349.               add:
  350.                 - NET_BIND_SERVICE
  351.             runAsUser: 101
  352.             allowPrivilegeEscalation: true
  353.           env:
  354.             - name: POD_NAME
  355.               valueFrom:
  356.                 fieldRef:
  357.                   fieldPath: metadata.name
  358.             - name: POD_NAMESPACE
  359.               valueFrom:
  360.                 fieldRef:
  361.                   fieldPath: metadata.namespace
  362.             - name: LD_PRELOAD
  363.               value: /usr/local/lib/libmimalloc.so
  364.           livenessProbe:
  365.             failureThreshold: 5
  366.             httpGet:
  367.               path: /healthz
  368.               port: 10254
  369.               scheme: HTTP
  370.             initialDelaySeconds: 10
  371.             periodSeconds: 10
  372.             successThreshold: 1
  373.             timeoutSeconds: 1
  374.           readinessProbe:
  375.             failureThreshold: 3
  376.             httpGet:
  377.               path: /healthz
  378.               port: 10254
  379.               scheme: HTTP
  380.             initialDelaySeconds: 10
  381.             periodSeconds: 10
  382.             successThreshold: 1
  383.             timeoutSeconds: 1
  384.           ports:
  385.             - name: http
  386.               containerPort: 80
  387.               protocol: TCP
  388.             - name: https
  389.               containerPort: 443
  390.               protocol: TCP
  391.             - name: webhook
  392.               containerPort: 8443
  393.               protocol: TCP
  394.           volumeMounts:
  395.             - name: webhook-cert
  396.               mountPath: /usr/local/certificates/
  397.               readOnly: true
  398.           resources:
  399.             requests:
  400.               cpu: 100m
  401.               memory: 90Mi
  402.       nodeSelector:
  403.         kubernetes.io/os: linux
  404.       serviceAccountName: ingress-nginx
  405.       terminationGracePeriodSeconds: 300
  406.       volumes:
  407.         - name: webhook-cert
  408.           secret:
  409.             secretName: ingress-nginx-admission
  410. ---
  411. # Source: ingress-nginx/templates/controller-ingressclass.yaml
  412. # We don't support namespaced ingressClass yet
  413. # So a ClusterRole and a ClusterRoleBinding is required
  414. apiVersion: networking.k8s.io/v1
  415. kind: IngressClass
  416. metadata:
  417.   labels:
  418.     helm.sh/chart: ingress-nginx-4.0.10
  419.     app.kubernetes.io/name: ingress-nginx
  420.     app.kubernetes.io/instance: ingress-nginx
  421.     app.kubernetes.io/version: 1.1.0
  422.     app.kubernetes.io/managed-by: Helm
  423.     app.kubernetes.io/component: controller
  424.   name: nginx
  425.   namespace: ingress-nginx
  426. spec:
  427.   controller: k8s.io/ingress-nginx
  428. ---
  429. # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
  430. # before changing this value, check the required kubernetes version
  431. # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
  432. apiVersion: admissionregistration.k8s.io/v1
  433. kind: ValidatingWebhookConfiguration
  434. metadata:
  435.   labels:
  436.     helm.sh/chart: ingress-nginx-4.0.10
  437.     app.kubernetes.io/name: ingress-nginx
  438.     app.kubernetes.io/instance: ingress-nginx
  439.     app.kubernetes.io/version: 1.1.0
  440.     app.kubernetes.io/managed-by: Helm
  441.     app.kubernetes.io/component: admission-webhook
  442.   name: ingress-nginx-admission
  443. webhooks:
  444.   - name: validate.nginx.ingress.kubernetes.io
  445.     matchPolicy: Equivalent
  446.     rules:
  447.       - apiGroups:
  448.           - networking.k8s.io
  449.         apiVersions:
  450.           - v1
  451.         operations:
  452.           - CREATE
  453.           - UPDATE
  454.         resources:
  455.           - ingresses
  456.     failurePolicy: Fail
  457.     sideEffects: None
  458.     admissionReviewVersions:
  459.       - v1
  460.     clientConfig:
  461.       service:
  462.         namespace: ingress-nginx
  463.         name: ingress-nginx-controller-admission
  464.         path: /networking/v1/ingresses
  465. ---
  466. # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
  467. apiVersion: v1
  468. kind: ServiceAccount
  469. metadata:
  470.   name: ingress-nginx-admission
  471.   namespace: ingress-nginx
  472.   annotations:
  473.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  474.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  475.   labels:
  476.     helm.sh/chart: ingress-nginx-4.0.10
  477.     app.kubernetes.io/name: ingress-nginx
  478.     app.kubernetes.io/instance: ingress-nginx
  479.     app.kubernetes.io/version: 1.1.0
  480.     app.kubernetes.io/managed-by: Helm
  481.     app.kubernetes.io/component: admission-webhook
  482. ---
  483. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
  484. apiVersion: rbac.authorization.k8s.io/v1
  485. kind: ClusterRole
  486. metadata:
  487.   name: ingress-nginx-admission
  488.   annotations:
  489.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  490.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  491.   labels:
  492.     helm.sh/chart: ingress-nginx-4.0.10
  493.     app.kubernetes.io/name: ingress-nginx
  494.     app.kubernetes.io/instance: ingress-nginx
  495.     app.kubernetes.io/version: 1.1.0
  496.     app.kubernetes.io/managed-by: Helm
  497.     app.kubernetes.io/component: admission-webhook
  498. rules:
  499.   - apiGroups:
  500.       - admissionregistration.k8s.io
  501.     resources:
  502.       - validatingwebhookconfigurations
  503.     verbs:
  504.       - get
  505.       - update
  506. ---
  507. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
  508. apiVersion: rbac.authorization.k8s.io/v1
  509. kind: ClusterRoleBinding
  510. metadata:
  511.   name: ingress-nginx-admission
  512.   annotations:
  513.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  514.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  515.   labels:
  516.     helm.sh/chart: ingress-nginx-4.0.10
  517.     app.kubernetes.io/name: ingress-nginx
  518.     app.kubernetes.io/instance: ingress-nginx
  519.     app.kubernetes.io/version: 1.1.0
  520.     app.kubernetes.io/managed-by: Helm
  521.     app.kubernetes.io/component: admission-webhook
  522. roleRef:
  523.   apiGroup: rbac.authorization.k8s.io
  524.   kind: ClusterRole
  525.   name: ingress-nginx-admission
  526. subjects:
  527.   - kind: ServiceAccount
  528.     name: ingress-nginx-admission
  529.     namespace: ingress-nginx
  530. ---
  531. # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
  532. apiVersion: rbac.authorization.k8s.io/v1
  533. kind: Role
  534. metadata:
  535.   name: ingress-nginx-admission
  536.   namespace: ingress-nginx
  537.   annotations:
  538.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  539.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  540.   labels:
  541.     helm.sh/chart: ingress-nginx-4.0.10
  542.     app.kubernetes.io/name: ingress-nginx
  543.     app.kubernetes.io/instance: ingress-nginx
  544.     app.kubernetes.io/version: 1.1.0
  545.     app.kubernetes.io/managed-by: Helm
  546.     app.kubernetes.io/component: admission-webhook
  547. rules:
  548.   - apiGroups:
  549.       - ''
  550.     resources:
  551.       - secrets
  552.     verbs:
  553.       - get
  554.       - create
  555. ---
  556. # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
  557. apiVersion: rbac.authorization.k8s.io/v1
  558. kind: RoleBinding
  559. metadata:
  560.   name: ingress-nginx-admission
  561.   namespace: ingress-nginx
  562.   annotations:
  563.     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  564.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  565.   labels:
  566.     helm.sh/chart: ingress-nginx-4.0.10
  567.     app.kubernetes.io/name: ingress-nginx
  568.     app.kubernetes.io/instance: ingress-nginx
  569.     app.kubernetes.io/version: 1.1.0
  570.     app.kubernetes.io/managed-by: Helm
  571.     app.kubernetes.io/component: admission-webhook
  572. roleRef:
  573.   apiGroup: rbac.authorization.k8s.io
  574.   kind: Role
  575.   name: ingress-nginx-admission
  576. subjects:
  577.   - kind: ServiceAccount
  578.     name: ingress-nginx-admission
  579.     namespace: ingress-nginx
  580. ---
  581. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
  582. apiVersion: batch/v1
  583. kind: Job
  584. metadata:
  585.   name: ingress-nginx-admission-create
  586.   namespace: ingress-nginx
  587.   annotations:
  588.     helm.sh/hook: pre-install,pre-upgrade
  589.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  590.   labels:
  591.     helm.sh/chart: ingress-nginx-4.0.10
  592.     app.kubernetes.io/name: ingress-nginx
  593.     app.kubernetes.io/instance: ingress-nginx
  594.     app.kubernetes.io/version: 1.1.0
  595.     app.kubernetes.io/managed-by: Helm
  596.     app.kubernetes.io/component: admission-webhook
  597. spec:
  598.   template:
  599.     metadata:
  600.       name: ingress-nginx-admission-create
  601.       labels:
  602.         helm.sh/chart: ingress-nginx-4.0.10
  603.         app.kubernetes.io/name: ingress-nginx
  604.         app.kubernetes.io/instance: ingress-nginx
  605.         app.kubernetes.io/version: 1.1.0
  606.         app.kubernetes.io/managed-by: Helm
  607.         app.kubernetes.io/component: admission-webhook
  608.     spec:
  609.       containers:
  610.         - name: create
  611.           image: registry.cn-hangzhou.aliyuncs.com/chenby/kube-webhook-certgen:v1.1.1 
  612.           imagePullPolicy: IfNotPresent
  613.           args:
  614.             - create
  615.             - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
  616.             - --namespace=$(POD_NAMESPACE)
  617.             - --secret-name=ingress-nginx-admission
  618.           env:
  619.             - name: POD_NAMESPACE
  620.               valueFrom:
  621.                 fieldRef:
  622.                   fieldPath: metadata.namespace
  623.           securityContext:
  624.             allowPrivilegeEscalation: false
  625.       restartPolicy: OnFailure
  626.       serviceAccountName: ingress-nginx-admission
  627.       nodeSelector:
  628.         kubernetes.io/os: linux
  629.       securityContext:
  630.         runAsNonRoot: true
  631.         runAsUser: 2000
  632. ---
  633. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
  634. apiVersion: batch/v1
  635. kind: Job
  636. metadata:
  637.   name: ingress-nginx-admission-patch
  638.   namespace: ingress-nginx
  639.   annotations:
  640.     helm.sh/hook: post-install,post-upgrade
  641.     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  642.   labels:
  643.     helm.sh/chart: ingress-nginx-4.0.10
  644.     app.kubernetes.io/name: ingress-nginx
  645.     app.kubernetes.io/instance: ingress-nginx
  646.     app.kubernetes.io/version: 1.1.0
  647.     app.kubernetes.io/managed-by: Helm
  648.     app.kubernetes.io/component: admission-webhook
  649. spec:
  650.   template:
  651.     metadata:
  652.       name: ingress-nginx-admission-patch
  653.       labels:
  654.         helm.sh/chart: ingress-nginx-4.0.10
  655.         app.kubernetes.io/name: ingress-nginx
  656.         app.kubernetes.io/instance: ingress-nginx
  657.         app.kubernetes.io/version: 1.1.0
  658.         app.kubernetes.io/managed-by: Helm
  659.         app.kubernetes.io/component: admission-webhook
  660.     spec:
  661.       containers:
  662.         - name: patch
  663.           image: registry.cn-hangzhou.aliyuncs.com/chenby/kube-webhook-certgen:v1.1.1 
  664.           imagePullPolicy: IfNotPresent
  665.           args:
  666.             - patch
  667.             - --webhook-name=ingress-nginx-admission
  668.             - --namespace=$(POD_NAMESPACE)
  669.             - --patch-mutating=false
  670.             - --secret-name=ingress-nginx-admission
  671.             - --patch-failure-policy=Fail
  672.           env:
  673.             - name: POD_NAMESPACE
  674.               valueFrom:
  675.                 fieldRef:
  676.                   fieldPath: metadata.namespace
  677.           securityContext:
  678.             allowPrivilegeEscalation: false
  679.       restartPolicy: OnFailure
  680.       serviceAccountName: ingress-nginx-admission
  681.       nodeSelector:
  682.         kubernetes.io/os: linux
  683.       securityContext:
  684.         runAsNonRoot: true
  685.         runAsUser: 2000
  686. [root@hello ~/yaml]#

启用后端,写入配置文件执行

  1. [root@hello ~/yaml]# vim backend.yaml
  2. [root@hello ~/yaml]# cat backend.yaml
  3. apiVersion: apps/v1
  4. kind: Deployment
  5. metadata:
  6.   name: default-http-backend
  7.   labels:
  8.     app.kubernetes.io/name: default-http-backend
  9.   namespace: kube-system
  10. spec:
  11.   replicas: 1
  12.   selector:
  13.     matchLabels:
  14.       app.kubernetes.io/name: default-http-backend
  15.   template:
  16.     metadata:
  17.       labels:
  18.         app.kubernetes.io/name: default-http-backend
  19.     spec:
  20.       terminationGracePeriodSeconds: 60
  21.       containers:
  22.       - name: default-http-backend
  23.         image: registry.cn-hangzhou.aliyuncs.com/chenby/defaultbackend-amd64:1.5 
  24.         livenessProbe:
  25.           httpGet:
  26.             path: /healthz
  27.             port: 8080
  28.             scheme: HTTP
  29.           initialDelaySeconds: 30
  30.           timeoutSeconds: 5
  31.         ports:
  32.         - containerPort: 8080
  33.         resources:
  34.           limits:
  35.             cpu: 10m
  36.             memory: 20Mi
  37.           requests:
  38.             cpu: 10m
  39.             memory: 20Mi
  40. ---
  41. apiVersion: v1
  42. kind: Service
  43. metadata:
  44.   name: default-http-backend
  45.   namespace: kube-system
  46.   labels:
  47.     app.kubernetes.io/name: default-http-backend
  48. spec:
  49.   ports:
  50.   - port: 80
  51.     targetPort: 8080
  52.   selector:
  53.     app.kubernetes.io/name: default-http-backend
  54. [root@hello ~/yaml]#

安装测试应用

  1. [root@hello ~/yaml]# vim ingress-demo-app.yaml
  2. [root@hello ~/yaml]#
  3. [root@hello ~/yaml]# cat ingress-demo-app.yaml
  4. apiVersion: apps/v1
  5. kind: Deployment
  6. metadata:
  7.   name: hello-server
  8. spec:
  9.   replicas: 2
  10.   selector:
  11.     matchLabels:
  12.       app: hello-server
  13.   template:
  14.     metadata:
  15.       labels:
  16.         app: hello-server
  17.     spec:
  18.       containers:
  19.       - name: hello-server
  20.         image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server
  21.         ports:
  22.         - containerPort: 9000
  23. ---
  24. apiVersion: apps/v1
  25. kind: Deployment
  26. metadata:
  27.   labels:
  28.     app: nginx-demo
  29.   name: nginx-demo
  30. spec:
  31.   replicas: 2
  32.   selector:
  33.     matchLabels:
  34.       app: nginx-demo
  35.   template:
  36.     metadata:
  37.       labels:
  38.         app: nginx-demo
  39.     spec:
  40.       containers:
  41.       - image: nginx
  42.         name: nginx
  43. ---
  44. apiVersion: v1
  45. kind: Service
  46. metadata:
  47.   labels:
  48.     app: nginx-demo
  49.   name: nginx-demo
  50. spec:
  51.   selector:
  52.     app: nginx-demo
  53.   ports:
  54.   - port: 8000
  55.     protocol: TCP
  56.     targetPort: 80
  57. ---
  58. apiVersion: v1
  59. kind: Service
  60. metadata:
  61.   labels:
  62.     app: hello-server
  63.   name: hello-server
  64. spec:
  65.   selector:
  66.     app: hello-server
  67.   ports:
  68.   - port: 8000
  69.     protocol: TCP
  70.     targetPort: 9000
  71. ---
  72. apiVersion: networking.k8s.io/v1
  73. kind: Ingress  
  74. metadata:
  75.   name: ingress-host-bar
  76. spec:
  77.   ingressClassName: nginx
  78.   rules:
  79.   - host: "hello.chenby.cn"
  80.     http:
  81.       paths:
  82.       - pathType: Prefix
  83.         path: "/"
  84.         backend:
  85.           service:
  86.             name: hello-server
  87.             port:
  88.               number: 8000
  89.   - host: "demo.chenby.cn"
  90.     http:
  91.       paths:
  92.       - pathType: Prefix
  93.         path: "/nginx"  
  94.         backend:
  95.           service:
  96.             name: nginx-demo
  97.             port:
  98.               number: 8000
  99. [root@hello ~/yaml]#
  100. [root@hello ~/yaml]# kubectl  get ingress
  101. NAME               CLASS    HOSTS                            ADDRESS        PORTS   AGE
  102. ingress-demo-app   <none>   app.demo.com                     192.168.1.11   80      20m
  103. ingress-host-bar   nginx    hello.chenby.cn,demo.chenby.cn   192.168.1.11   80      2m17s
  104. [root@hello ~/yaml]#

执行部署

  1. root@hello:~# kubectl  apply -f deploy.yaml 
  2. namespace/ingress-nginx created
  3. serviceaccount/ingress-nginx created
  4. configmap/ingress-nginx-controller created
  5. clusterrole.rbac.authorization.k8s.io/ingress-nginx created
  6. clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
  7. role.rbac.authorization.k8s.io/ingress-nginx created
  8. rolebinding.rbac.authorization.k8s.io/ingress-nginx created
  9. service/ingress-nginx-controller-admission created
  10. service/ingress-nginx-controller created
  11. deployment.apps/ingress-nginx-controller created
  12. ingressclass.networking.k8s.io/nginx created
  13. validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
  14. serviceaccount/ingress-nginx-admission created
  15. clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
  16. clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
  17. role.rbac.authorization.k8s.io/ingress-nginx-admission created
  18. rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
  19. job.batch/ingress-nginx-admission-create created
  20. job.batch/ingress-nginx-admission-patch created
  21. root@hello:~# 
  22. root@hello:~# kubectl  apply -f backend.yaml 
  23. deployment.apps/default-http-backend created
  24. service/default-http-backend created
  25. root@hello:~# 
  26. root@hello:~# kubectl  apply -f ingress-demo-app.yaml 
  27. deployment.apps/hello-server created
  28. deployment.apps/nginx-demo created
  29. service/nginx-demo created
  30. service/hello-server created
  31. ingress.networking.k8s.io/ingress-host-bar created
  32. root@hello:~#

过滤查看ingress端口

  1. [root@hello ~/yaml]# kubectl  get svc -| grep ingress
  2. default         ingress-demo-app                     ClusterIP   10.68.231.41    <none>        80/TCP                       51m
  3. ingress-nginx   ingress-nginx-controller             NodePort    10.68.93.71     <none>        80:32746/TCP,443:30538/TCP   32m
  4. ingress-nginx   ingress-nginx-controller-admission   ClusterIP   10.68.146.23    <none>        443/TCP                      32m
  5. [root@hello ~/yaml]#

https://www.oiox.cn/
https://www.chenby.cn/
https://cby-chen.github.io/
https://blog.csdn.net/qq_33921750
https://my.oschina.net/u/3981543
https://www.zhihu.com/people/chen-bu-yun-2
https://segmentfault.com/u/hppyvyv6/articles
https://juejin.cn/user/3315782802482007
https://cloud.tencent.com/developer/column/93230
https://www.jianshu.com/u/0f894314ae2c
https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/
CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、今日头条、个人博客、全网可搜《小陈运维》

在k8s(kubernetes)上安装 ingress V1.1.3的更多相关文章

  1. Kubernetes上安装Metrics-Server

    操作场景 metrics-server 可实现 Kubernetes 的 Resource Metrics API(metrics.k8s.io),通过此 API 可以查询 Pod 与 Node 的部 ...

  2. 3.在 Kubernetes 上安装 Gitlab CI Runner

    结合文章:1. 在 Kubernetes 上安装 Gitlab ,地址:https://www.cnblogs.com/sanduzxcvbnm/p/13852854.html 总结: 结合开头的文章 ...

  3. 2. 在 Kubernetes 上安装 Gitlab

    总结: 所需要的三个yaml文件的下载地址:https://files.cnblogs.com/files/sanduzxcvbnm/k8s-gitlab.zip Gitlab官方提供了 Helm 的 ...

  4. kubernetes上安装MongoDB-3.6.5集群副本集方式

    一.安装部署: 想直接一步创建集群的小伙伴直接按以下步骤安装(再往后是记录自己出过的错): 1.生成docker镜像: docker build -t 144.202.127.156/library/ ...

  5. 在GCP的Kubernetes上安装dapr

    1 简介 我们之前使用了dapr的本地托管模式,但在生产中我们一般使用Kubernetes托管,本文介绍如何在GKE(GCP Kubernetes)安装dapr. 相关文章: dapr本地托管的服务调 ...

  6. 在 Kubernetes 上安装 Gitlab CI Runner Gitlab CI 基本概念以及 Runner 的安装

    简介 从 Gitlab 8.0 开始,Gitlab CI 就已经集成在 Gitlab 中,我们只要在项目中添加一个.gitlab-ci.yml文件,然后添加一个Runner,即可进行持续集成.在介绍 ...

  7. 在Kubernetes上安装Percona XtraDB集群

    官方文档地址:https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html 一.简介 Percona XtraDB C ...

  8. 在Kuboard上安装 Ingress Controller

    快速安装 # 只在 master 节点执行 kubectl apply -f https://kuboard.cn/install-script/v1.18.x/nginx-ingress.yaml ...

  9. 在Kubernetes上安装MySQL-PXC集群

    官方部署文档地址:https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html 一.部署方式 示例在k8s集群(至少3 ...

  10. 实例演示:如何在Kubernetes上大规模运行CI/CD

    本周四晚上8:30,第二期k3s在线培训如约开播!本期课程将介绍k3s的核心架构,如高可用架构以及containerd.一起来进阶探索k3s吧! 报名及观看链接:http://z-mz.cn/PmwZ ...

随机推荐

  1. 记一次pushgateway因文件句柄数太多未回收的问题

    1. 问题描述: Flink上报metrics到pushGateway,pushGwateway因打开在多文件而拒绝Flink TaskManager上报数据的连接.查看pushGateway的日志如 ...

  2. Array of products

    refer to: https://www.algoexpert.io/questions/Array%20Of%20Products Problem Statement Sample input A ...

  3. Ext.form.ComboBox 中如何移除事件,如何添加事件,动态设置事件

    Ext.form.ComboBox 中如何移除事件,如何添加事件 背景: 希望Ext.form.ComboBox动态设置forceSelection属性,动态控制Combobox的可读可写状态,是否允 ...

  4. toLua文件夹结构

    写在前面 本文是我对toLua(1.0.8.591版本)文件夹内容理解的记录. 文件夹结构 总览 下图是toLua的Unity工程视图: BaseType 基础类型的Wrap文件,有些是自动生成(即用 ...

  5. C++ Primer 15.9文本查找程序

    可以通过查询语句的组合进行检索,VS2015. main函数,读取存有数据的文件,进行检索.提供两种入口.查词,与按照表达式查询. 1 #include <iostream> 2 #inc ...

  6. html超链接相关代码

    1. <IDOCTYPE html>< html><head><title>图像和超链接</title><meta http-equi ...

  7. [Cisco] Policy Based Routing

    在某些情況下,會希望指定特定的來源及目的走特定的出口,卻又不是全部的網段都希望套用,這時就可以透過PBR來達成這個需求. 如以下拓樸 1.1.1.0/24的網路往5.5.5.0的封包需要指定e0/1當 ...

  8. JavaScript for in循环,for of循环

    一.JavaScript for/in 语句循环遍历对象的属性 var person={fname:"Bill",lname:"Gates",age:56}; ...

  9. pod控制器

    Pod控制器介绍 Pod是kubernetes的最小管理单元,在kubernetes中,按照pod的创建方式可以将其分为两类: 自主式pod:kubernetes直接创建出来的Pod,这种pod删除后 ...

  10. python-魔法函数-__str__ __repr__ 的一次异常

    # encoding: utf-8import loggingERROR_NOT_FOUNDED_FILE = "error_not_founded_file"class Gene ...