Ingress作为一种API对象,用来管理从外部对集群内服务器的访问。Ingress可以提供负载均衡、SSL截止和虚拟主机服务等。
基于NGINX的Ingress Controller有两个版本,一个是NGINX公司做的,还有个是kubernetes社区做的,他们的区别可以在这里查看。本文将介绍nginx公司制作的NGINX Ingress Controller。
创建Namespace及Service Account
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/master/install/common/ns-and-sa.yaml
创建TLS证书及私钥,以下使用了示例的证书和私钥,建议自己生成
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/master/install/common/default-server-secret.yaml
创建Config Map
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/master/install/common/nginx-config.yaml
创建RBAC
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/master/install/rbac/rbac.yaml
部署Ingress Controller,下载image
docker pull nginx/nginx-ingress:alpine
Ingress Controller有两种部署方式:
- Deployment:使用Deployment可以动态调整Ingress Controller的replica数量
- DaemonSet:使用DaemonSet可以使Ingress Controller运行在每台node或一组node之中
1.使用Deployment部署
cat <<EOF | kubectl create -f - apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-ingress namespace: nginx-ingress spec: replicas: 1 selector: matchLabels: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: serviceAccountName: nginx-ingress containers: - image: nginx/nginx-ingress:alpine imagePullPolicy: Always name: nginx-ingress ports: - name: http containerPort: 80 - name: https containerPort: 443 env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name args: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret EOF
2.使用DaemonSet部署
cat <<EOF | kubectl create -f - apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: nginx-ingress namespace: nginx-ingress spec: selector: matchLabels: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: serviceAccountName: nginx-ingress containers: - image: nginx/nginx-ingress:alpine imagePullPolicy: Always name: nginx-ingress ports: - name: http containerPort: 80 hostPort: 80 - name: https containerPort: 443 hostPort: 443 env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name args: - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret EOF
确认Ingress Controller运行状态
kubectl get pods --namespace=nginx-ingress
如果部署方式是DaemonSet,则Ingress Controller的80和443端口将映射到Node的相同端口,访问Ingress Controller时,使用任意Node的IP加端口即可访问。
如果部署方式是Deployment,则需要创建基于NodePort的Service来访问(也可以使用LoadBalancer),方法如下:
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/master/install/service/nodeport.yaml
若要卸载Ingress Controller,直接删除整个命名空间即可
kubectl delete namespace nginx-ingress
Pingback引用通告: Kubernetes Dashboard安装 | eBanBan Studio
-bash: POD_NAMESPACE: command not found
-bash: POD_NAMESPACE: command not found
Error from server (AlreadyExists): error when creating “STDIN”: daemonsets.extensions “nginx-ingress” already exists
使用daemonset.yaml运行后会报错
要把旧的删除
Pingback引用通告: Kubernetes社区的Ingress Controller部署 | eBanBan Studio