建立公司网站需要什么,网站建设各个模块的功能,宁波建站服务,腾讯微博 wordpressservice的缺点#xff1a;
不支持基于URL等机制对HTTP/HTTPS协议进行高级路由、超时、重试、基于流量的灰度等高级流量治理机制难以将多个service流量统一管理
1.1ingress的概念 ingress是k8s中的一个对象#xff0c;作用是如何将请求转发到service的规则ingress controlle…service的缺点
不支持基于URL等机制对HTTP/HTTPS协议进行高级路由、超时、重试、基于流量的灰度等高级流量治理机制难以将多个service流量统一管理
1.1ingress的概念 ingress是k8s中的一个对象作用是如何将请求转发到service的规则ingress controller是实现反向代理以及负载均衡的程序对ingress定义的规则进行解析根据配置的规则来实现请求转发实现方式多种如nginx、haproxy等
10.2ingress工作原理 编写ingress规则说明请求域名对应kubernetes集群中的那个serviceIngress控制器动态感知Ingress服务规则的变化然后生成一段对应的nginx反向代理配置Ingress控制器会将生成的nginx配置写入到一个运行nginx的服务中并动态更新
1.3 Ingress实验环境的准备
1.3.1 部署Ingress controller
rootk8s-master1:/app/yaml/ingress# cat ingress-control.yaml
apiVersion: v1
kind: Namespace
metadata:name: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginx---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginxnamespace: ingress-nginx
automountServiceAccountToken: true
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginx-controllernamespace: ingress-nginx
data:
---
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmname: ingress-nginx
rules:- apiGroups:- resources:- configmaps- endpoints- nodes- pods- secretsverbs:- list- watch- apiGroups:- resources:- nodesverbs:- get- apiGroups:- resources:- servicesverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- ingressesverbs:- get- list- watch- apiGroups:- resources:- eventsverbs:- create- patch- apiGroups:- networking.k8s.ioresources:- ingresses/statusverbs:- update- apiGroups:- networking.k8s.ioresources:- ingressclassesverbs:- get- list- watch
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmname: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ingress-nginx
subjects:- kind: ServiceAccountname: ingress-nginxnamespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginxnamespace: ingress-nginx
rules:- apiGroups:- resources:- namespacesverbs:- get- apiGroups:- resources:- configmaps- pods- secrets- endpointsverbs:- get- list- watch- apiGroups:- resources:- servicesverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- ingressesverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- ingresses/statusverbs:- update- apiGroups:- networking.k8s.ioresources:- ingressclassesverbs:- get- list- watch- apiGroups:- resources:- configmapsresourceNames:- ingress-controller-leaderverbs:- get- update- apiGroups:- resources:- configmapsverbs:- create- apiGroups:- resources:- eventsverbs:- create- patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginxnamespace: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: ingress-nginx
subjects:- kind: ServiceAccountname: ingress-nginxnamespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginx-controller-admissionnamespace: ingress-nginx
spec:type: ClusterIPports:- name: https-webhookport: 443targetPort: webhookappProtocol: httpsselector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginx-controllernamespace: ingress-nginx
spec:selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/component: controllerrevisionHistoryLimit: 10minReadySeconds: 0template:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/component: controllerspec:hostNetwork: truednsPolicy: ClusterFirstcontainers:- name: controllerimage: registry.cn-beijing.aliyuncs.com/kole_chang/controller:v1.0.0imagePullPolicy: IfNotPresentlifecycle:preStop:exec:command:- /wait-shutdownargs:- /nginx-ingress-controller- --election-idingress-controller-leader- --controller-classk8s.io/ingress-nginx- --configmap$(POD_NAMESPACE)/ingress-nginx-controller- --validating-webhook:8443- --validating-webhook-certificate/usr/local/certificates/cert- --validating-webhook-key/usr/local/certificates/key- --watch-ingress-without-classtruesecurityContext:capabilities:drop:- ALLadd:- NET_BIND_SERVICErunAsUser: 101allowPrivilegeEscalation: trueenv:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: LD_PRELOADvalue: /usr/local/lib/libmimalloc.solivenessProbe:failureThreshold: 5httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 1readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 1ports:- name: httpcontainerPort: 80protocol: TCP- name: httpscontainerPort: 443protocol: TCP- name: webhookcontainerPort: 8443protocol: TCPvolumeMounts:- name: webhook-certmountPath: /usr/local/certificates/readOnly: trueresources:requests:cpu: 100mmemory: 90MinodeSelector:kubernetes.io/os: linuxserviceAccountName: ingress-nginxterminationGracePeriodSeconds: 300volumes:- name: webhook-certsecret:secretName: ingress-nginx-admission
---
# Source: ingress-nginx/templates/controller-ingressclass.yaml
# We dont support namespaced ingressClass yet
# So a ClusterRole and a ClusterRoleBinding is required
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: nginxnamespace: ingress-nginx
spec:controller: k8s.io/ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:labels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhookname: ingress-nginx-admission
webhooks:- name: validate.nginx.ingress.kubernetes.iomatchPolicy: Equivalentrules:- apiGroups:- networking.k8s.ioapiVersions:- v1operations:- CREATE- UPDATEresources:- ingressesfailurePolicy: FailsideEffects: NoneadmissionReviewVersions:- v1clientConfig:service:namespace: ingress-nginxname: ingress-nginx-controller-admissionpath: /networking/v1/ingresses
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: ingress-nginx-admissionnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: ingress-nginx-admissionannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook
rules:- apiGroups:- admissionregistration.k8s.ioresources:- validatingwebhookconfigurationsverbs:- get- update
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: ingress-nginx-admissionannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ingress-nginx-admission
subjects:- kind: ServiceAccountname: ingress-nginx-admissionnamespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:name: ingress-nginx-admissionnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook
rules:- apiGroups:- resources:- secretsverbs:- get- create
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: ingress-nginx-admissionnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: ingress-nginx-admission
subjects:- kind: ServiceAccountname: ingress-nginx-admissionnamespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:name: ingress-nginx-admission-createnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook
spec:template:metadata:name: ingress-nginx-admission-createlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhookspec:containers:- name: createimage: registry.cn-beijing.aliyuncs.com/kole_chang/kube-webhook-certgen:v1.0imagePullPolicy: IfNotPresentargs:- create- --hostingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc- --namespace$(POD_NAMESPACE)- --secret-nameingress-nginx-admissionenv:- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacerestartPolicy: OnFailureserviceAccountName: ingress-nginx-admissionnodeSelector:kubernetes.io/os: linuxsecurityContext:runAsNonRoot: truerunAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:name: ingress-nginx-admission-patchnamespace: ingress-nginxannotations:helm.sh/hook: post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook
spec:template:metadata:name: ingress-nginx-admission-patchlabels:helm.sh/chart: ingress-nginx-4.0.1app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.0.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhookspec:containers:- name: patchimage: registry.cn-beijing.aliyuncs.com/kole_chang/kube-webhook-certgen:v1.0imagePullPolicy: IfNotPresentargs:- patch- --webhook-nameingress-nginx-admission- --namespace$(POD_NAMESPACE)- --patch-mutatingfalse- --secret-nameingress-nginx-admission- --patch-failure-policyFailenv:- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacerestartPolicy: OnFailureserviceAccountName: ingress-nginx-admissionnodeSelector:kubernetes.io/os: linuxsecurityContext:runAsNonRoot: truerunAsUser: 2000#验证rootk8s-master1:/app/yaml/ingress# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create--1-9p52c 0/1 Completed 0 26h
ingress-nginx-admission-patch--1-mhbl8 0/1 Completed 1 26h
ingress-nginx-controller-74ngs 1/1 Running 1 (19h ago) 26h
ingress-nginx-controller-dcql8 1/1 Running 1 (4h7m ago) 26h
ingress-nginx-controller-nd555 1/1 Running 2 (19h ago) 26h
ingress-nginx-controller-wtb4f 1/1 Running 1 (19h ago) 26h
ingress-nginx-controller-x7c9l 1/1 Running 1 (19h ago) 26h10.3.2 部署tomcat服务
rootk8s-master1:/app/yaml/ingress# cat tomcat-app1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: webwork-tomcat-app1-deploy-labelname: webwork-tomcat-app1-deploynamespace: webwork
spec:replicas: 1selector:matchLabels:app: webwork-tomcat-app1template:metadata:labels:app: webwork-tomcat-app1spec:containers:- name: webwork-tomcat-app1-containerimage: harbor.qiange.com/tomcat/tomcat-app1:v1imagePullPolicy: Alwaysports:- containerPort: 8080protocol: TCPname: httpenv:- name: passwordvalue: 123456- name: namevalue: wengsq- name: agevalue: 18resources:limits:cpu: 1memory: 512Mirequests:cpu: 500mmemory: 512Mi
---
apiVersion: v1
kind: Service
metadata:labels:app: webwork-tomcat-app1-service-labelname: webwork-tomcat-app1-servicenamespace: webwork
spec:type: NodePortports:- name: httpport: 80protocol: TCPtargetPort: 8080nodePort: 30066selector:app: webwork-tomcat-app1rootk8s-master1:/app/yaml/ingress# cat tomcat-app2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: webwork-tomcat-app2-deploy-labelname: webwork-tomcat-app2-deploynamespace: webwork
spec:replicas: 1selector:matchLabels:app: webwork-tomcat-app2template:metadata:labels:app: webwork-tomcat-app2spec:containers:- name: webwork-tomcat-app1-containerimage: harbor.qiange.com/tomcat/tomcat-app2:v1imagePullPolicy: Alwaysports:- containerPort: 8080protocol: TCPname: httpenv:- name: passwordvalue: 123456- name: namevalue: wengsq- name: agevalue: 18resources:limits:cpu: 1memory: 512Mirequests:cpu: 500mmemory: 512Mi
---
apiVersion: v1
kind: Service
metadata:labels:app: webwork-tomcat-app2-service-labelname: webwork-tomcat-app2-servicenamespace: webwork
spec:type: NodePortports:- name: httpport: 80protocol: TCPtargetPort: 8080nodePort: 30067selector:app: webwork-tomcat-app2#验证
rootk8s-master1:/app/yaml/ingress# kubectl get pod -n webwork -o wide
webwork-nginx-app1-deploy-68f5f5588c-zsr8d 1/1 Running 0 3h43m 10.200.107.252 172.17.1.109 none none
webwork-nginx-app2-deploy-8699cb49dd-s7s87 1/1 Running 0 3h43m 10.200.36.84 172.17.1.107 none none
webwork-tomcat-app1-deploy-854545898b-j7b9q 1/1 Running 0 147m 10.200.107.197 172.17.1.109 none none
webwork-tomcat-app2-deploy-75bc95cc54-vznlw 1/1 Running 0 146m 10.200.107.198 172.17.1.109 none nonerootk8s-master1:/app/yaml/ingress# kubectl get svc -n webwork
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
webwork-nginx-app1-service NodePort 10.100.188.84 none 80:30068/TCP 3h41m
webwork-nginx-app2-service NodePort 10.100.157.154 none 80:30069/TCP 3h40m
webwork-tomcat-app1-service NodePort 10.100.128.159 none 80:30066/TCP 144m
webwork-tomcat-app2-service NodePort 10.100.123.243 none 80:30067/TCP 143mrootk8s-master1:/app/yaml/ingress# kubectl get ep -n webwork
NAME ENDPOINTS AGE
webwork-nginx-app1-service 10.200.107.252:80 3h44m
webwork-nginx-app2-service 10.200.36.84:80 3h43m
webwork-tomcat-app1-service 10.200.107.197:8080 147m
webwork-tomcat-app2-service 10.200.107.198:8080 147m#进入pod中验证svc是否配置成功
rootk8s-master1:/app/yaml/ingress# kubectl exec -it webwork-tomcat-app1-deploy-854545898b-j7b9q sh -n webwork
sh-4.2# curl webwork-tomcat-app2-service.webwork.svc.cluster.local/app2/index.jsp
h1This is tomcat app2 web page/h1#测试tomcat服务是否能被访问
rootk8s-master1:/app/yaml/ingress# curl 172.17.1.88:30066/app1/index.jsp
h1This is tomcat app1 web page/h1
rootk8s-master1:/app/yaml/ingress# curl 172.17.1.88:30067/app2/index.jsp
h1This is tomcat app2 web page/h11.4Ingress实验
1.4.1 单tomcat主机配置
rootk8s-master1:/app/yaml/ingress# cat ingress-tomcat1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-webnamespace: webworkannotations:kubernetes.io/ingress.class: nginx ##指定Ingress Controller的类型nginx.ingress.kubernetes.io/use-regex: true ##指定后面rules定义的path可以使用正则表达式nginx.ingress.kubernetes.io/proxy-connect-timeout: 600 ##连接超时时间,默认为5snginx.ingress.kubernetes.io/proxy-send-timeout: 600 ##后端服务器回转数据超时时间,默认为60snginx.ingress.kubernetes.io/proxy-read-timeout: 600 ##后端服务器响应超时时间,默认为60snginx.ingress.kubernetes.io/proxy-body-size: 50m ##客户端上传文件最大大小默认为20m#nginx.ingress.kubernetes.io/rewrite-target: / ##URL重写nginx.ingress.kubernetes.io/app-root: /index.html
spec:rules:- host: www.wengsq.comhttp:paths:- pathType: Prefixpath: /backend:service:name: webwork-tomcat-app1-serviceport:number: 80rootk8s-master1:/app/yaml/ingress# kubectl apply -f ingress-tomcat1.yaml
ingress.networking.k8s.io/nginx-web created
rootk8s-master1:/app/yaml/ingress# kubectl get ingress -n webwork #一般要等几十秒IP才能获取到
NAME CLASS HOSTS ADDRESS PORTS AGE
nginx-web none www.wengsq.com 80 7s
rootk8s-master1:/app/yaml/ingress# kubectl get ingress -n webwork
NAME CLASS HOSTS ADDRESS PORTS AGE
nginx-web none www.wengsq.com 172.17.1.101,172.17.1.102,172.17.1.103,172.17.1.107,172.17.1.109 80 9s#验证
rootk8s-master1:/app/yaml/ingress# curl www.wengsq.com/app1/index.jsp
h1This is tomcat app1 web page/h11.4.2 多个tomcat主机配置
rootk8s-master1:/app/yaml/ingress# cat ingress-tomcat2.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-webnamespace: webworkannotations:kubernetes.io/ingress.class: nginx ##指定Ingress Controller的类型nginx.ingress.kubernetes.io/use-regex: true ##指定后面rules定义的path可以使用正则表达式nginx.ingress.kubernetes.io/proxy-connect-timeout: 600 ##连接超时时间,默认为5snginx.ingress.kubernetes.io/proxy-send-timeout: 600 ##后端服务器回转数据超时时间,默认为60snginx.ingress.kubernetes.io/proxy-read-timeout: 600 ##后端服务器响应超时时间,默认为60snginx.ingress.kubernetes.io/proxy-body-size: 50m ##客户端上传文件最大大小默认为20mnginx.ingress.kubernetes.io/app-root: /index.html
spec:rules:- host: www.wengsq.comhttp:paths:- pathType: Prefixpath: /backend:service:name: webwork-tomcat-app1-serviceport:number: 80- host: app.wengsq.comhttp:paths:- pathType: Prefixpath: /backend:service:name: webwork-tomcat-app2-serviceport:number: 801.4.3 根据URL匹配service
rootk8s-master1:/app/yaml/ingress# cat ingress-tomcat3.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: tomcat-webnamespace: webworkannotations:kubernetes.io/ingress.class: nginx ##指定Ingress Controller的类型nginx.ingress.kubernetes.io/use-regex: true ##指定后面rules定义的path可以使用正则表达式nginx.ingress.kubernetes.io/proxy-connect-timeout: 600 ##连接超时时间,默认为5snginx.ingress.kubernetes.io/proxy-send-timeout: 600 ##后端服务器回转数据超时时间,默认为60snginx.ingress.kubernetes.io/proxy-read-timeout: 600 ##后端服务器响应超时时间,默认为60snginx.ingress.kubernetes.io/proxy-body-size: 50m ##客户端上传文件最大大小默认为20mnginx.ingress.kubernetes.io/app-root: /index.html
# nginx.ingress.kubernetes.io/rewrite-target: /
spec:rules:- host: app.wsq.comhttp:paths:- pathType: Prefixpath: /app1backend:service:name: webwork-tomcat-app1-serviceport:number: 80- pathType: Prefixpath: /app2backend:service:name: webwork-tomcat-app2-serviceport:number: 80#验证
rootk8s-master1:/app/yaml/ingress# kubectl get ingress -n webwork
NAME CLASS HOSTS ADDRESS PORTS AGE
nginx-web none www.wengsq.com 172.17.1.101,172.17.1.102,172.17.1.103,172.17.1.107,172.17.1.109 80 8m8s
tomcat-web none app.wsq.com 172.17.1.101,172.17.1.102,172.17.1.103,172.17.1.107,172.17.1.109 80 34s
rootk8s-master1:/app/yaml/ingress# curl app.wsq.com/app2/index.jsp
h1This is tomcat app2 web page/h1
rootk8s-master1:/app/yaml/ingress# curl app.wsq.com/app1/index.jsp
h1This is tomcat app1 web page/h11.4.4 单域名SSL证书挂载
#签发证书
rootk8s-master1:/app/yaml/ingress# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt
rootk8s-master1:/app/yaml/ingress# ll
total 80
drwxr-xr-x 2 root root 4096 Feb 20 12:04 ./
drwxr-xr-x 9 root root 107 Feb 19 10:15 ../
-rw-r--r-- 1 root root 1245 Feb 20 11:45 tls.crt #签发的证书
-rw------- 1 root root 1704 Feb 20 11:45 tls.key#进行secret资源存储
rootk8s-master1:/app/yaml/ingress#kubectl create secret tls tls-secret --key tls.key --cert tls.crt -n webwork
#验证
rootk8s-master1:/app/yaml/ingress# kubectl get secrets -n webwork
NAME TYPE DATA AGE
default-token-lvmvm kubernetes.io/service-account-token 3 26d
tls-secret kubernetes.io/tls 2 117m
rootk8s-master1:/app/yaml/ingress# kubectl describe secrets tls-secret -n webwork
Name: tls-secret
Namespace: webwork
Labels: none
Annotations: noneType: kubernetes.io/tlsDatatls.crt: 1245 bytes
tls.key: 1704 bytes#配置单域名SSL证书挂载
rootk8s-master1:/app/yaml/ingress# cat ingress-https-tomcat1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-webnamespace: webworkannotations:kubernetes.io/ingress.class: nginx ##指定Ingress Controller的类型nginx.ingress.kubernetes.io/ssl-redirect: true #SSL重定向即将http请求强制重定向至https等于nginx中的全站https
spec:tls:- hosts:- ttt.wengsq.comsecretName: tls-secretrules:- host: ttt.wengsq.comhttp:paths:- pathType: Prefixpath: /backend:service:name: webwork-tomcat-app1-serviceport:number: 801.4.5 多域名SSL证书挂载
rootk8s-master1:/app/yaml/ingress# cat ingress-https-tomcat2.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-webnamespace: webworkannotations:kubernetes.io/ingress.class: nginx ##指定Ingress Controller的类型nginx.ingress.kubernetes.io/ssl-redirect: true #SSL重定向即将http请求强制重定向至https等于nginx中的全站https
spec:tls:- hosts:- ttt.wengsq.com- aaa.wengsq.comsecretName: tls-secretrules:- host: ttt.wengsq.comhttp:paths:- pathType: Prefixpath: /backend:service:name: webwork-tomcat-app1-serviceport:number: 80- host: aaa.wengsq.comhttp:paths:- pathType: Prefixpath: /backend:service:name: webwork-tomcat-app2-serviceport:number: 80总结
1、当Ingress访问域名出现问题时进入某个podcurl 后端SVC看能否访问curl svc-name.namespace.svc.cluster.local
2、Ingress配置根据URL匹配后端service时要注意重定向
