安裝ingress
(1)從倉庫下載charts
helm pull stable/nginx-ingress
(2) 解壓charts
tar -xf nginx-ingress-0.9.5.tgz
(3) 查看nginx-ingress目錄
4)在nginx-ingress父目錄執行安裝ingress命令
## 第一個 nginx-ingress 是 release 名。第二個 nginx-ingress 是 chart 解壓目錄。
helm install nginx-ingress nginx-ingress -n kube-system
出現報錯信息:
Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "extensions/v1beta1"
解決方案:
將nginx-ingress文件夾的deployment文件apiVersion修改為apps/v1
執行命令如下:
grep -irl "extensions/v1beta1" nginx-ingress | grep deploy | xargs sed -i 's#extensions/v1beta1#apps/v1#g'
出現報錯信息:
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(Deployment.spec): missing required field "selector" in io.k8s.api.apps.v1.DeploymentSpec
解決方案:
由於k8s1.16版本升級,需要Deployment.spec中加selector,所以愉快地加上就行了。
執行命令如下:
vi nginx-ingress/templates/controller-deployment.yaml
添加spec.selector代碼塊與metadata.labels對應
selector: matchLabels: app: {{ template "nginx-ingress.name" . }}
vi nginx-ingress/templates/default-backend-deployment.yaml
同上處理
重新執行部署命令:
##先卸載
helm uninstall nginx-ingress nginx-ingress -n kube-system
##再安裝
helm install nginx-ingress nginx-ingress -n kube-system
結果如圖表示安裝成功:
我們發現服務一直pending狀態,無法對外服務,這是因為helm默認部署是以LoadBalancer方式,這種方式需要平台的支持,比如在AWS、GCE或者阿里雲等平台。而我們自己搭建的集群沒辦法使用這種方式。不過我們可以通過設置externalIPs的方式使用內部ip,再通過統一的負載均衡接入外網。
##先卸載 helm uninstall nginx-ingress nginx-ingress -n kube-system #重新啟動 helm install my-nginx nginx-ingress --set rbac.create=true,controller.service.externalIPs[0]=192.168.37.101,controller.service.externalIPs[1]=192.168.37.102
kubectl get svc --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx nginx-ingress-controller LoadBalancer 10.98.90.251 192.168.0.101,192.168.0.102 80:32478/TCP,443:31196/TCP 10s
我們指定集群中兩個node的IP作為externalIPs,這樣就能通過這兩個個ip來引入外部流量。我們嘗試從集群外部范圍這兩個個ip,
[root@CentOS-7-2 ~]# curl http://192.168.0.101:80 default backend - 404 [root@CentOS-7-2 ~]# curl http://192.168.0.102:80 default backend - 404
由於我們集群內部還沒有服務,因此請求轉到nginx-ingress的default backend中。
創建應用並使用nginx-ingress對外暴露服務,我們創建一個nginx web服務器作為測試,
--- apiVersion: v1 kind: Pod metadata: name: nginx namespace: ingress-nginx labels: app: web spec: hostNetwork: false containers: - name: nginx image: nginx --- kind: Service apiVersion: v1 metadata: name: webservice namespace: ingress-nginx spec: selector: app: web ports: - protocol: TCP port: 10080 targetPort: 80
創建該應用,
[root@CentOS-7-4 /home/k8s]# kubectl apply -f nginx.yaml pod/nginx created service/webservice created [root@CentOS-7-4 /home/k8s]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE webservice ClusterIP 10.105.175.150 <none> 10080/TCP 6s
為了便於測試,我們進入這個pod將這個測試web服務的主頁內容修改一下,
[root@CentOS-7-4 /home/k8s]# kubectl exec -ti nginx -n ingress-nginx -- /bin/bash root@nginx:/# echo "This is my webservice!" > /usr/share/nginx/html/index.html root@nginx:/# cat /usr/share/nginx/html/index.html This is my webservice! root@nginx:/# exit exit
確保服務正常,我們在集群內通過ClusterIP測試一下,
[root@CentOS-7-5 ~]# curl http://10.105.175.150:10080 This is my webservice!
可見,服務創建正常,但是該服務目前只能在集群內使用,集群外無法訪問該服務。
下面我們通過ingress-nginx來將該服務暴露到集群外部。
首先定義我們的服務的對外要暴露的訪問域名,這里假設為 webservice.com
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: ingress.kubernetes.io/rewrite-target: / namespace: ingress-nginx spec: rules: - host: webservice.com http: paths: - path: / backend: serviceName: webservice servicePort: 10080
之后創建ingress資源,
[root@CentOS-7-4 /home/k8s]# kubectl apply -f my-ingress.yaml ingress.extensions/test-ingress configured [root@CentOS-7-4 /home/k8s]# kubectl get ingress --all-namespaces NAMESPACE NAME HOSTS ADDRESS PORTS AGE ingress-nginx test-ingress webservice.com 80 8d
創建好后,我們試着在集群外部來訪問。
[root@CentOS-7-2 ~]# curl -H "Host: webservice.com" http://192.168.0.101:80 This is my webservice! [root@CentOS-7-2 ~]# curl -H "Host: webservice.com" http://192.168.0.102:80 This is my webservice!
可見,通過ingress-nginx,我們在集群外部也能訪問集群內部的服務。
此時我們可以查看下ingress-nginx內部的配置文件,
[root@CentOS-7-4 ~]# kubectl exec -ti my-nginx-nginx-ingress-controller-64c8cd5d6d-p4gr9 -n default -- /bin/bash
root@my-nginx-nginx-ingress-controller-64c8cd5d6d-p4gr9:/# cat /etc/nginx/nginx.conf ... upstream ingress-nginx-webservice-10080 { # Load balance algorithm; empty for round robin, which is the default least_conn; keepalive 32; server 10.244.3.25:80 max_fails=0 fail_timeout=0; } ... ## start server webservice.com server { server_name webservice.com ; listen 80; listen [::]:80; ... location / { port_in_redirect off; set $proxy_upstream_name "ingress-nginx-webservice-10080"; ... } ... } ## end server webservice.com
可見此時ingress-nginx里面已經自動生成了webservice服務的轉發規則,無需我們手動再去添加。再看下后端服務ip10.244.3.25是哪個pod,
[root@CentOS-7-4 ~]# kubectl get pods --all-namespaces -o wide | grep 10.244.3.25 ingress-nginx nginx 1/1 Running 0 22h 10.244.3.25 centos-7-3 <none> <none>
正是我們啟動的nginx服務。
這樣就實現了將集群內部服務暴露到外部。