92、K8s之ingress下集
一、ingress
1.1、两种部署方式
1、ingress------------deployment + nodeport
daemonset + hostnetwork----每台设备只能有一个pod,因为直接使用宿主机的端口,所以只能开启一个pod。
2、ingress------svc------deployment里面的pod,这种可以有多个pod。
1.2、ingess的权限控制:
访问页面的时候,输入账号密码才可以访问页面。
basicAuth:可以创建访问密码
traefik ingress controller
专门为了部署k8s微服务开发的http方向代理和负载均衡工具。
自动发现匹配的后端pod的变化,同时有可视化的页面
自动感知变化,实现服务的自动发现
daemonset + hostnetwork 适用于大集群
deployment + nodeport 适用内部访问,性能较低
1.3、ingress-traefik和ingress-nginx之间的区别。
igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。
动态实现nginx的配置修改。
ingress-traefik:
本身就能和k8s的api的交互,感知后端的service以及pod的变化。
traefik更简单,更方便。
go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。
二、试验操作
1、访问页面的时候,输入账号密码才可以访问页面。
basicAuth:可以创建访问密码
[root@master01 opt]# cd ingress/
[root@master01 ingress]# htpasswd -c auth zhailiming
New password:
Re-type new password:
Adding password for user zhailiming
[root@master01 ingress]# ls
auth ingress-nginx1.yaml service-nodeport.yaml
https mandatory.yaml
[root@master01 ingress]# kubectl create secret generic basic-auth --from-file=auth
secret/basic-auth created
[root@master01 ingress]# vim ingress-nginx1.yaml
annotations:
#设置认证的类型::
nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
[root@master01 ingress]# kubectl apply -f ingress-nginx1.yaml
[root@master01 ingress]# kubectl get pod -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-44ktd 1/1 Running 0 18h 192.168.168.83 node02 <none> <none>
nginx-ingress-controller-ksjkr 1/1 Running 0 18h 192.168.168.81 master01 <none> <none>
nginx-ingress-controller-z4lrr 1/1 Running 0 18h 192.168.168.82 node01 <none> <none>
##进入虚拟机终端浏览器
2、重定向-----rewrite-target:
实现从www.zlm.com跳转www.xy102.com
[root@master01 ingress]# vim ingress-nginx1.yaml
annotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
tls:
- hosts:
- www.zlm.com
secretName: tls.secret
#指定加密通信的域名,上下文一直,指定secret加密的名称,获取私钥和证
书
rules:
- host: www.zlm.com
http:
[root@master01 ingress]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.168.81 master01 www.xy102.com www.zlm.com
3、ingress-traefik和ingress-nginx之间的区别。
igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。
动态实现nginx的配置修改。
ingress-traefik:
本身就能和k8s的api的交互,感知后端的service以及pod的变化。
traefik更简单,更方便。
go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。
DaemonSet+hostPort:
[root@master01 ingress]# vim mandatory.yaml
apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
# replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector:
kubernetes.io/os: linux
hostNetwork: true
# nodeSelector:
# ingress: "true"
---------------------------------------------------
ingress-traefik
[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik
----------------
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月 11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月 11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root 788 9月 11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root 471 9月 11 10:27 ui.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
[root@master01 traefik]# kubectl apply -f ui.yaml
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d
traefik-ingress-service NodePort 10.96.27.248 <none> 80:30789/TCP,8080:31818/TCP 71s
traefik-web-ui ClusterIP 10.96.45.60 <none> 80/TCP 61s
[root@master01 traefik]# cd ..
[root@master01 ingress]# kubectl delete -f mandatory.yaml
[root@master01 ingress]# cp ingress-nginx1.yaml traefik/traefik-nginx1.yaml
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth ingress-nginx1.yaml service-nodeport.yaml
https mandatory.yaml traefik
[root@master01 ingress]# kubectl delete -f ingress-nginx1.yaml
[root@master01 traefik]# vim traefik-nginx1.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs-client-storageclass
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-traefik
labels:
app1: nginx1
spec:
replicas: 3
selector:
matchLabels:
app1: nginx1
template:
metadata:
labels:
app1: nginx1
spec:
containers:
- name: nginx1
image: nginx:1.22
ports:
- containerPort: 80
volumeMounts:
- name: nfs-pvc
mountPath: /usr/share/nginx/html
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nginx-traefik-svc
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-traefik-ingress
annotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
# nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
rules:
- host: www.xy102.com
http:
paths:
- path: /
pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2
backend:
#匹配的svc的名称----pod
service:
name: nginx-traefik-svc
port:
number: 80
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace/
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 0
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 4
-rw-r--r--. 1 root root 4 9月 11 10:52 index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]#
[root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d1h 10.244.2.173 node02 <none> <none>
nginx-traefik-7c5f68df5b-9zxqc 1/1 Running 0 44m 10.244.1.242 node01 <none> <none>
nginx-traefik-7c5f68df5b-fx46k 1/1 Running 0 44m 10.244.0.29 master01 <none> <none>
nginx-traefik-7c5f68df5b-zjlzt 1/1 Running 0 44m 10.244.2.242 node02 <none> <none>
[root@master01 traefik]# curl 10.244.1.242
123
[root@master01 traefik]# kubectl get svc -o wide -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d k8s-app=kube-dns
traefik-ingress-service NodePort 10.96.27.248 <none> 80:30789/TCP,8080:31818/TCP 134m k8s-app=traefik-ingress-lb
traefik-web-ui ClusterIP 10.96.45.60 <none> 80/TCP 134m k8s-app=traefik-ingress-lb
[root@master01 traefik]# curl www.xy102.com:30789
123
4、Deployment+nodeport----四个yaml文件都执行
[root@master01 ingress]# vim mandatory.yaml
apiVersion: apps/v1
kind: Deployment
#kind: DaemonSet
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector:
kubernetes.io/os: linux
# hostNetwork: true
# nodeSelector:
# ingress: "true"
[root@master01 ingress]# kubectl apply -f mandatory.yaml
[root@master01 ingress]# vim service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
[root@master01 ingress]# kubectl apply -f service-nodeport.yaml
[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik
----------------
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月 11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月 11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root 788 9月 11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root 471 9月 11 10:27 ui.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
[root@master01 traefik]# kubectl apply -f ui.yaml
[root@master01 traefik]# vim traefik-nginx1.yaml
kind: Deployment
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs-client-storageclass
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-traefik
labels:
app1: nginx1
spec:
replicas: 3
selector:
matchLabels:
app1: nginx1
template:
metadata:
labels:
app1: nginx1
spec:
containers:
- name: nginx1
image: nginx:1.22
ports:
- containerPort: 80
volumeMounts:
- name: nfs-pvc
mountPath: /usr/share/nginx/html
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nginx-traefik-svc
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-traefik-ingress
annotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
# nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
rules:
- host: www.xy102.com
http:
paths:
- path: /
pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2
backend:
#匹配的svc的名称----pod
service:
name: nginx-traefik-svc
port:
number: 80
[root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d3h 10.244.2.173 node02 <none> <none>
nginx-traefik-849b6f9457-5cj9x 1/1 Running 0 16m 10.244.1.244 node01 <none> <none>
nginx-traefik-849b6f9457-jmznh 1/1 Running 0 16m 10.244.0.31 master01 <none> <none>
nginx-traefik-849b6f9457-kj2rx 1/1 Running 0 16m 10.244.2.245 node02 <none>
[root@master01 traefik]# kubectl get svc -o wide -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d k8s-app=kube-dns
traefik-ingress-service NodePort 10.96.27.248 <none> 80:30789/TCP,8080:31818/TCP 3h15m k8s-app=traefik-ingress-lb
traefik-web-ui ClusterIP 10.96.45.60 <none> 80/TCP 3h14m k8s-app=traefik-ingress-lb
[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月 11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]#
[root@master01 traefik]# curl www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl www.xy102.com:30789
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月 11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# ls
[root@k8s5 test2]# echo 789 > index.html
[root@master01 traefik]# curl -L www.xy102.com:30733
123
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# vim traefik-nginx1.yaml
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service ClusterIP 10.96.231.58 <none> 80/TCP,8080/TCP 21m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 21m
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.231.58 <none> 80:31767/TCP,8080:32510/TCP 22m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 22m
[root@master01 traefik]# curl -L www.xy102.com:31767
123
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
789
三、ingress的总结+项目部署
ingress: 对外提供访问:
ingress----根据servicename选择service-----service把服务把请求根据匹配的标签转发pod。
支持http 80 https 443
deployment+NodePort
daemonset+hostnetwork
ingress-traefik
ingress-nginx
四、作业
1、Deployment+nodeport----四个yaml文件都执行
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# vim traefik-
[root@master01 traefik]# vim traefik-deployment.yaml
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# vim traefik-nginx1.yaml
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.231.58 <none> 80:31767/TCP,8080:32510/TCP 71m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 71m
[root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d5h 10.244.2.173 node02 <none> <none>
[root@master01 traefik]# vim traefik-nginx1.yaml
[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth https ingress-nginx1.yaml mandatory.yaml service-nodeport.yaml traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml
persistentvolumeclaim/nfs-pvc created
deployment.apps/nginx-traefik created
service/nginx-traefik-svc created
ingress.networking.k8s.io/nginx-traefik-ingress created
[root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d5h 10.244.2.173 node02 <none> <none>
nginx-traefik-64f4cf4c65-cr6m8 1/1 Running 0 7s 10.244.1.251 node01 <none> <none>
nginx-traefik-64f4cf4c65-ls2j8 1/1 Running 0 7s 10.244.0.38 master01 <none> <none>
nginx-traefik-64f4cf4c65-qxmt7 1/1 Running 0 7s 10.244.2.254 node02 <none> <none>
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.231.58 <none> 80:31767/TCP,8080:32510/TCP 76m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 76m
[root@master01 traefik]# curl www.xy102.com
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月 11 15:57 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777/
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# ls
index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# echo 789 > index.html
[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com:31767
123
[root@master01 traefik]# curl www.xy102.com:31767/test1
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
789
2、DaemonSet+hostPort----三个yaml文件都执行
[root@master01 traefik]# vim traefik-nginx1.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs-client-storageclass
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-traefik
labels:
app1: nginx
spec:
replicas: 3
selector:
matchLabels:
app1: nginx
template:
metadata:
labels:
app1: nginx
spec:
containers:
- name: nginx
image: nginx:1.22
ports:
- containerPort: 80
volumeMounts:
- name: nfs-pvc
mountPath: /usr/share/nginx/html
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nginx-traefik-svc
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app1: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-traefik-ingress
annotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
# nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
rules:
- host: www.xy102.com
http:
paths:
- path: /
pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2
backend:
#匹配的svc的名称----pod
service:
name: nginx-traefik-svc
port:
number: 80
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
[root@master01 traefik]# kubectl apply -f ui.yaml
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.251.209 <none> 80:31552/TCP,8080:30058/TCP 3m33s
traefik-web-ui ClusterIP 10.96.71.175 <none> 80/TCP 23s
[root@master01 traefik]# curl -L www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:31552
123
[root@master01 traefik]# curl -L www.xy102.com:31552/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f ui.yaml
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service ClusterIP 10.96.201.30 <none> 80/TCP,8080/TCP 39s
traefik-web-ui ClusterIP 10.96.71.175 <none> 80/TCP 16m
[root@master01 traefik]# curl -L www.xy102.com:30023/test1
curl: (7) Failed connect to www.xy102.com:30023; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com
123
##发现只要apply-------traefik-ds.yaml----------traefik-rbac.yaml-----------------ui.yaml
3、Deployment+nodeport
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service unchanged
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.201.30 <none> 80:31318/TCP,8080:32115/TCP 9m38s
traefik-web-ui ClusterIP 10.96.71.175 <none> 80/TCP 25m
[root@master01 traefik]# curl -L www.xy102.com
123
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com:31318
123
[root@master01 traefik]# curl -L www.xy102.com:31318/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2
789
is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.201.30 80:31318/TCP,8080:32115/TCP 9m38s
traefik-web-ui ClusterIP 10.96.71.175 80/TCP 25m
[root@master01 traefik]# curl -L www.xy102.com
123
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com:31318
123
[root@master01 traefik]# curl -L www.xy102.com:31318/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2
789