Ingress介紹

一、什么是Ingress？

  通俗來講，ingress和之前提到的Service、Deployment，也是一個k8s的資源類型，ingress用於實現用域名的方式訪問k8s內部應用
  管理對集群中的服務(通常是HTTP)的外部訪問的API對象。Ingress可以提供負載平衡、SSL終端和基於名稱的虛擬主機

二、Ingress安裝

2.1、首先安裝helm管理工具

# 1、下載
[root@k8s-master01 ~]# wget https://get.helm.sh/helm-v3.4.2-linux-amd64.tar.gz

# 2、安裝
[root@k8s-master01 ~]# tar -zxvf helm-v3.4.2-linux-amd64.tar.gz 
[root@k8s-master01 ~]# mv linux-amd64/helm /usr/local/bin/helm

2.2、使用helm安裝ingress

# 1、添加ingress的helm倉庫
[root@k8s-master01 ~]# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories

# 2、下載ingress的helm包至本地
[root@k8s-master01 ~]# mkdir /helm_images && cd /helm_images
[root@k8s-master01 helm_images]# helm pull ingress-nginx/ingress-nginx

# 3、更改對應的配置
[root@k8s-master01 helm_images]# tar -zxvf ingress-nginx-3.17.0.tgz && cd ingress-nginx

# 4、需要修改的位置
	a)	Controller和admissionWebhook的鏡像地址，需要將公網鏡像同步至公司內網鏡像倉庫
	b)	hostNetwork設置為true
	c)	dnsPolicy設置為 ClusterFirstWithHostNet
	d)	NodeSelector添加ingress: "true"部署至指定節點
	e)	類型更改為kind: DaemonSet
	f)  鏡像倉庫地址需要改2處
	
	修改完成后的文件：
	controller:
  name: controller
  image:
    repository: registry.cn-beijing.aliyuncs.com/dotbalo/controller
    tag: "v0.40.2"
    pullPolicy: IfNotPresent
    runAsUser: 101
    allowPrivilegeEscalation: true
  containerPort:
    http: 80
    https: 443
  config: {}
  configAnnotations: {}
  proxySetHeaders: {}
  addHeaders: {}
  dnsConfig: {}
  dnsPolicy: ClusterFirstWithHostNet
  reportNodeInternalIp: false
  hostNetwork: true
  hostPort:
    enabled: false
    ports:
      http: 80
      https: 443
  electionID: ingress-controller-leader
  ingressClass: nginx
  podLabels: {}
  podSecurityContext: {}
  sysctls: {}
  publishService:
    enabled: true
    pathOverride: ""
  scope:
    enabled: false
  tcp:
    annotations: {}
  udp:
    annotations: {}
  maxmindLicenseKey: ""
  extraArgs: {}
  extraEnvs: []
  kind: DaemonSet
  annotations: {}
  labels: {}
  updateStrategy: {}
  minReadySeconds: 0
  tolerations: []
  affinity: {}
  topologySpreadConstraints: []
  terminationGracePeriodSeconds: 300
  nodeSelector:
    kubernetes.io/os: linux
    ingress: "true"
  livenessProbe:
    failureThreshold: 5
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
    port: 10254
  readinessProbe:
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
    port: 10254
  healthCheckPath: "/healthz"
  podAnnotations: {}
  replicaCount: 1
  minAvailable: 1
  resources:
    requests:
      cpu: 100m
      memory: 90Mi
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 11
    targetCPUUtilizationPercentage: 50
    targetMemoryUtilizationPercentage: 50
  autoscalingTemplate: []
  keda:
    apiVersion: "keda.sh/v1alpha1"
    enabled: false
    minReplicas: 1
    maxReplicas: 11
    pollingInterval: 30
    cooldownPeriod: 300
    restoreToOriginalReplicaCount: false
    triggers: []
    behavior: {}
  enableMimalloc: true
  customTemplate:
    configMapName: ""
    configMapKey: ""
  service:
    enabled: true
    annotations: {}
    labels: {}
    externalIPs: []
    loadBalancerSourceRanges: []
    enableHttp: true
    enableHttps: true
    ports:
      http: 80
      https: 443
    targetPorts:
      http: http
      https: https
    type: ClusterIP
    nodePorts:
      http: ""
      https: ""
      tcp: {}
      udp: {}
    internal:
      enabled: false
      annotations: {}
      loadBalancerSourceRanges: []
  extraContainers: []
  extraVolumeMounts: []
  extraVolumes: []
  extraInitContainers: []
  admissionWebhooks:
    annotations: {}
    enabled: true
    failurePolicy: Fail
    port: 8443
    certificate: "/usr/local/certificates/cert"
    key: "/usr/local/certificates/key"
    namespaceSelector: {}
    objectSelector: {}
    service:
      annotations: {}
      externalIPs: []
      loadBalancerSourceRanges: []
      servicePort: 443
      type: ClusterIP
    patch:
      enabled: true
      image:
        repository: registry.cn-beijing.aliyuncs.com/dotbalo/kube-webhook-certgen
        tag: v1.3.0
        pullPolicy: IfNotPresent
      priorityClassName: ""
      podAnnotations: {}
      nodeSelector: {}
      tolerations: []
      runAsUser: 2000
  metrics:
    port: 10254
    enabled: false
    service:
      annotations: {}
      externalIPs: []
      loadBalancerSourceRanges: []
      servicePort: 9913
      type: ClusterIP
    serviceMonitor:
      enabled: false
      additionalLabels: {}
      namespace: ""
      namespaceSelector: {}
      scrapeInterval: 30s
      targetLabels: []
      metricRelabelings: []
    prometheusRule:
      enabled: false
      additionalLabels: {}
      rules: []
  lifecycle:
    preStop:
      exec:
        command:
          - /wait-shutdown
  priorityClassName: ""
revisionHistoryLimit: 10
defaultBackend:
  enabled: false
  name: defaultbackend
  image:
    repository: k8s.gcr.io/defaultbackend-amd64
    tag: "1.5"
    pullPolicy: IfNotPresent
    runAsUser: 65534
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
  extraArgs: {}
  serviceAccount:
    create: true
    name:
  extraEnvs: []
  port: 8080
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 30
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  readinessProbe:
    failureThreshold: 6
    initialDelaySeconds: 0
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 5
  tolerations: []
  affinity: {}
  podSecurityContext: {}
  podLabels: {}
  nodeSelector: {}
  podAnnotations: {}
  replicaCount: 1
  minAvailable: 1
  resources: {}
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 2
    targetCPUUtilizationPercentage: 50
    targetMemoryUtilizationPercentage: 50
  service:
    annotations: {}
    externalIPs: []
    loadBalancerSourceRanges: []
    servicePort: 80
    type: ClusterIP
  priorityClassName: ""
rbac:
  create: true
  scope: false
podSecurityPolicy:
  enabled: false
serviceAccount:
  create: true
  name:
imagePullSecrets: []
tcp: {}
udp: {}


# 5、部署ingress，給需要部署ingress的節點上打標簽，這樣就能指定要部署的節點了
[root@k8s-master01 ~]# kubectl label node k8s-master03 ingress=true
node/k8s-master03 labeled

# 創建一個ns
[root@k8s-master01 ~]# kubectl create ns ingress-nginx
namespace/ingress-nginx created

# 部署ingress
[root@k8s-master01 ingress-nginx]# helm install ingress-nginx -n ingress-nginx .

# 查看剛剛構建的ingress
[root@k8s-master01 ingress-nginx]# kubectl get  pod -n ingress-nginx 

# ingress擴容與縮容，只需要給想要擴容的節點加標簽就行，縮容就把節點標簽去除即可
[root@k8s-master01 ~]# kubectl label node k8s-master02 ingress=true
node/k8s-master02 labeled

[root@k8s-master01 ~]# kubectl label node k8s-master03 ingress-
node/k8s-master03 labeled

2.3、Ingress入門使用

# 創建一個ingress
cat > ingress.yaml << EFO
apiVersion: networking.k8s.io/v1beta1 # networking.k8s.io/v1 / extensions/v1beta1 
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
  name: example
spec:
  rules: # 一個Ingress可以配置多個rules
  - host: foo.bar.com # 域名配置，可以不寫，匹配*， *.bar.com
    http:
      paths: # 相當於nginx的location配合，同一個host可以配置多個path / /abc
      - backend:
          serviceName: nginx-svc 
          servicePort: 80
        path: /
EFO

# 創建
[root@k8s-master01 ~]# kubectl create -f ingress.yaml

# 創建一個多域名ingress
cat ingress-mulDomain.yaml 
apiVersion: networking.k8s.io/v1beta1 # networking.k8s.io/v1 / extensions/v1beta1 
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
  name: example
spec:
  rules: # 一個Ingress可以配置多個rules
  - host: foo.bar.com # 域名配置，可以不寫，匹配*， *.bar.com
    http:
      paths: # 相當於nginx的location配合，同一個host可以配置多個path / /abc
      - backend:
          serviceName: nginx-svc 
          servicePort: 80
        path: /
  - host: foo2.bar.com # 域名配置，可以不寫，匹配*， *.bar.com
    http:
      paths: # 相當於nginx的location配合，同一個host可以配置多個path / /abc
      - backend:
          serviceName: nginx-svc-external
          servicePort: 80
        path: /