本文主要是介绍nginx-ingress-install-step安装,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
1.部署ingress
ingress提供外部访问kubernetes内部应用的入口。社区提供众多的组件实现,这里就直接使用官方的ingress-nginx组件。
github仓库地址:
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
获取到部署文件之后,还需要改两个配置:
替换镜像地址
sed -i ‘s/quay.io/quay.azk8s.cn/g’ mandatory.yaml
默认ingress会监听在80和443端口,我们需要让其监听在宿主机的80和443上,以实现外部访问,修改deployment资源,添加一个hostNetwork: true配置项:
…
hostNetwork: true
containers:
- name: nginx-ingress-controller
image: quay.azk8s.cn/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
args:
- /nginx-ingress-controller
- --configmap= ( P O D N A M E S P A C E ) / n g i n x − c o n f i g u r a t i o n − − − t c p − s e r v i c e s − c o n f i g m a p = (POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap= (PODNAMESPACE)/nginx−configuration−−−tcp−services−configmap=(POD_NAMESPACE)/tcp-services
- --udp-services-configmap= ( P O D N A M E S P A C E ) / u d p − s e r v i c e s − − − p u b l i s h − s e r v i c e = (POD_NAMESPACE)/udp-services - --publish-service= (PODNAMESPACE)/udp−services−−−publish−service=(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
…
部署:
kubectl apply -f ./mandatory.yaml
同样的,该文件会创建一个名为ingress-nginx的命名空间,并部署ingress-nginx pod至该命名空间下。
[root@master ~]# kubectl get pods -n ingress-nginx
- 通过 Ingress 访问 kubernetes dashboard(支持 HTTPS 访问)
自签名证书
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout kube-dashboard.key -out kube-dashboard.crt -subj “/CN=dashboard.nsctbb.com/O=dashboard.nsctbb.com”
使用生成的证书创建 k8s Secret 资源,下一步创建的 Ingress 会引用这个 Secret:
kubectl create secret tls kube-dasboard-ssl --key kube-dashboard.key --cert kube-dashboard.crt -n kubernetes-dashboard
创建 Ingress 资源对象(支持 HTTPS 访问):
vim kube-dashboard-ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-kube-dashboard
annotations:
kubernetes.io/ingress.class: “nginx”
nginx.ingress.kubernetes.io/backend-protocol: “HTTPS”
spec:
tls:
- hosts:
- dashboard.nsctbb.com
secretName: kube-dasboard-ssl
rules:
- dashboard.nsctbb.com
- host: dashboard.nsctbb.com
http:
paths:- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
- path: /
执行创建
kubectl create -f kube-dashboard-ingress.yml -n kubernetes-dashboard
说明:
kubernetes.io/ingress.class: "nginx":Inginx Ingress Controller 根据该注解自动发现 Ingress;
nginx.ingress.kubernetes.io/backend-protocol: Controller 向后端 Service 转发时使用 HTTPS 协议,这个注解必须添加,否则访问会报错,可以看到 Ingress Controller 报错日志:kubectl logs -f nginx-ingress-controller-mg8df2019/08/12 06:40:00 [error] 557#557: *56049 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 192.168.26.10, server: dashboard.kube.com, request: “GET / HTTP/1.1”, upstream: “http://10.244.1.8:8443/”, host: “dashboard.kube.com”
报错原因主要是 dashboard 服务后端只支持 https,但是 Ingress Controller 接到客户端的请求时往后端 dashboard 服务转发时使用的是 http 协议,解决办法就是给 创建的 Ingress 设置:nginx.ingress.kubernetes.io/backend-protocol: “HTTPS” 注解。解决方法参考自 StackOverflow:https://stackoverflow.com/questions/48324760/ingress-configuration-for-dashboard
secretName: kube-dasboard-ssl:https 证书 Secret;
host: dashboard.kube.com:对外访问的域名;
serviceName: kubernetes-dashboard:集群对外暴露的 Service 名称;
servicePort: 443:service 监听的端口;
这篇关于nginx-ingress-install-step安装的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
