Kubernetes集群 服务暴露 Nginx Ingress Controller install ¶
ingress 控制器 ¶
ingress 控制器作用 ¶
ingress controller 可以为 kubernetes 集群外用户访问 Kubernetes 集群内部 pod 提供代理服务。
- 提供全局访问代理
- 访问流程
- 用户 → ingress controller → service → pod
ingress 控制器种类 ¶
NGINX Ingress Controller ¶
-
实现:Go
-
许可证:Apache 2.0
-
这是 NGINX 公司开发的官方产品,它也有一个基于 NGINX Plus 的商业版。NGINX 的控制器具有很高的稳定性、持续的向后兼容性,且没有任何第三方模块。
-
由于消除了 Lua 代码,和官方控制器相比,它保证了较高的速度,但也因此受到较大限制。相较之下,它的付费版本有更广泛的附加功能,如实时指标、JWT 验证、主动健康检查等。
-
NGINX Ingress 重要的优势是对 TCP/UDP 流量的全面支持,最主要缺点是缺乏流量分配功能。
nginx ingress controller 位置 ¶
参考链接:https://www.nginx.com/products/nginx/kubernetes-ingress-controller
nginx ingress controller 部署 ¶
1. 下载并修改配置文件)
[root@k8smaster001 ingress]# curl -k https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml -o deploy.yaml
2. 如果自建 k8s 则无需修改, 跳过修改 , ( 云 K8s 服务修改为 LoadBalancer 、可使用 云厂商的负载均衡器、把 339 行修改为 LoadBalancer )
[root@k8smaster001 ingress]# vim deploy.yaml
......
323 spec:
324 ports:
325 - appProtocol: http
326 name: http
327 port: 80
328 protocol: TCP
329 targetPort: http
330 - appProtocol: https
331 name: https
332 port: 443
333 protocol: TCP
334 targetPort: https
335 selector:
336 app.kubernetes.io/component: controller
337 app.kubernetes.io/instance: ingress-nginx
338 app.kubernetes.io/name: ingress-nginx
339 type: NodePort
把339行修改为LoadBalancer
323 spec:
324 ports:
325 - appProtocol: http
326 name: http
327 port: 80
328 protocol: TCP
329 targetPort: http
330 - appProtocol: https
331 name: https
332 port: 443
333 protocol: TCP
334 targetPort: https
335 selector:
336 app.kubernetes.io/component: controller
337 app.kubernetes.io/instance: ingress-nginx
338 app.kubernetes.io/name: ingress-nginx
339 type: LoadBalancer
3. 应用资源清单文件
[root@k8smaster001 ingress]# kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
4. 验证部署结果
[root@k8smaster001 ingress]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-rj2rv 0/1 Completed 0 14d
ingress-nginx-admission-patch-84zl9 0/1 Completed 0 14d
ingress-nginx-controller-5458dd5f6-r4k9m 1/1 Running 1 (7d2h ago) 14d
5. 查看所有 ingress 相关的资源
[root@k8smaster001 ingress]# kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-rj2rv 0/1 Completed 0 14d
pod/ingress-nginx-admission-patch-84zl9 0/1 Completed 0 14d
pod/ingress-nginx-controller-5458dd5f6-r4k9m 1/1 Running 1 (7d2h ago) 14d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.109.138.153 <none> 80:30212/TCP,443:32105/TCP 14d
service/ingress-nginx-controller-admission ClusterIP 10.100.70.60 <none> 443/TCP 14d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 14d
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-5458dd5f6 1 1 1 14d
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 5s 14d
job.batch/ingress-nginx-admission-patch 1/1 5s 14d