kubernetes学习-Ingress(八)
一、安装Ingress-nginx
参考文档:Ingress | Kubernetes
安装文档:Installation Guide - Ingress-Nginx Controller
(1)安装helm(k8s包管理器)
[root@k8s-master helm]# pwd
/opt/k8s/helm
[root@k8s-master helm]# wget https://get.helm.sh/helm-v3.2.3-linux-amd64.tar.gz
--2025-01-18 05:15:16-- https://get.helm.sh/helm-v3.2.3-linux-amd64.tar.gz
正在解析主机 get.helm.sh (get.helm.sh)... 13.107.246.74, 2620:1ec:bdf::74
正在连接 get.helm.sh (get.helm.sh)|13.107.246.74|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:12924654 (12M) [application/x-tar]
正在保存至: “helm-v3.2.3-linux-amd64.tar.gz”
100%[================================================================================================================================================>] 12,924,654 5.82MB/s 用时 2.1s
2025-01-18 05:15:19 (5.82 MB/s) - 已保存 “helm-v3.2.3-linux-amd64.tar.gz” [12924654/12924654])
[root@k8s-master helm]# tar -zxvf helm-v3.2.3-linux-amd64.tar.gz
linux-amd64/
linux-amd64/README.md
linux-amd64/LICENSE
linux-amd64/helm
[root@k8s-master helm]# cd linux-amd64/
[root@k8s-master linux-amd64]# ls
helm LICENSE README.md
[root@k8s-master linux-amd64]# cp helm /usr/local/bin/(2)添加 helm 仓库
[root@k8s-master k8s]# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx报错如下:
Error: looks like "https://kubernetes.github.io/ingress-nginx" is not a valid chart repository or cannot be reached: Get https://kubernetes.github.io/ingress-nginx/index.yaml: read tcp 192.168.129.136:60316->185.199.111.153:443: read: connection reset by peer
解决方法参考:使用Helm3.6 安装 Ingress-nginx - syushin - 博客园
使用上面文档的解决方法
[root@k8s-master k8s]# echo "185.199.111.153 kubernetes.github.io" >> /etc/hosts
[root@k8s-master k8s]# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
如果还不行的话,多试几次,看能不能行,我的是配置上面的hosts文件之后,第一次添加仓库地址不行,过了一会儿再次添加,就成功了# 查看仓库列表
[root@k8s-master helm]# helm repo list
NAME URL
ingress-nginx https://kubernetes.github.io/ingress-nginx
[root@k8s-master helm]# helm search repo ingress-nginx
NAME CHART VERSION APP VERSION DESCRIPTION
ingress-nginx/ingress-nginx 4.12.0 1.12.0 Ingress controller for Kubernetes using NGINX a...
# 下载安装包
[root@k8s-master helm]# helm pull ingress-nginx/ingress-nginx
[root@k8s-master helm]# ls
helm-v3.2.3-linux-amd64.tar.gz ingress-nginx-4.12.0.tgz linux-amd64
[root@k8s-master helm]# tar -xf ingress-nginx-4.12.0.tgz
[root@k8s-master helm]# cd ingress-nginx/
[root@k8s-master ingress-nginx]# ls
changelog Chart.yaml ci OWNERS README.md README.md.gotmpl templates tests values.yaml
配置参数说明:
# 将下载好的安装包解压
tar xf ingress-nginx-xxx.tgz
# 解压后,进入解压完成的目录
cd ingress-nginx
# 修改 values.yaml
镜像地址:修改为国内镜像
registry: registry.cn-hangzhou.aliyuncs.com
image: google_containers/nginx-ingress-controller
image: google_containers/kube-webhook-certgen
tag: v1.3.0
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
修改部署配置的 kind: DaemonSet
nodeSelector:
ingress: "true" # 增加选择器,如果 node 上有 ingress=true 就部署
将 admissionWebhooks.enabled 修改为 false
将 service 中的 type 由 LoadBalancer 修改为 ClusterIP,如果服务器是云平台才用 LoadBalancer编辑values.yaml文件,做如下修改:
修改registry和image,注释digest和digestChroot
搜索ingress-nginx/kube-webhook-certgen
修改如下:
具体改的内容,参考:3.4.6_服务发现-Ingress:安装ingress-nginx_哔哩哔哩_bilibili
# 创建命名空间
[root@k8s-master ingress-nginx]# kubectl create ns ingress-nginx
namespace/ingress-nginx created
# 为需要部署 ingress 的节点上加标签
[root@k8s-master ingress-nginx]# kubectl label node k8s-master ingress=true
node/k8s-master labeled
安装ingress
[root@k8s-master ingress-nginx]# helm install ingress-nginx -n ingress-nginx .
Error: template: ingress-nginx/templates/controller-role.yaml:48:9: executing "ingress-nginx/templates/controller-role.yaml" at <ne (index .Values.controller.extraArgs "update-status") "false">: error calling ne: invalid type for comparison
遇到报错解决方法参考:k8s helm ingress-nginx Error: template: ingress-nginx/templates/controller-role “update-status“_error calling ne: invalid type for comparison-CSDN博客
或者参考上述文档的评论区。
# 再次安装
[root@k8s-master ingress-nginx]# helm install ingress-nginx -n ingress-nginx .
NAME: ingress-nginx
LAST DEPLOYED: Sat Jan 18 08:25:27 2025
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
Get the application URL by running these commands:
export POD_NAME="$(kubectl get pods --namespace ingress-nginx --selector app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/component=controller --output jsonpath="{.items[0].metadata.name}")"
kubectl port-forward --namespace ingress-nginx "${POD_NAME}" 8080:80
echo "Visit http://127.0.0.1:8080 to access your application."
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
namespace: foo
spec:
ingressClassName: nginx
rules:
- host: www.example.com
http:
paths:
- pathType: Prefix
backend:
service:
name: exampleService
port:
number: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
这时候去获取pod发现并没有获取到,k8s-master节点 的确打上了ingress=ture标签,这是由于k8s-master上的污点导致的,k8s默认不建议将应用装到master节点上。
# 给k8s-node1打上标签
[root@k8s-master ingress-nginx]# kubectl label no k8s-node1 ingress=true
node/k8s-node1 labeled
# 再次获取pod
[root@k8s-master ingress-nginx]# kubectl get po -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-clctz 1/1 Running 0 41s
此时已经可以获取到pod了
[root@k8s-master ingress-nginx]# kubectl get po -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-nginx-controller-clctz 1/1 Running 0 87s 192.168.129.139 k8s-node1 <none> <none>
(3)创建ingress
[root@k8s-master ingress]# vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress # 资源类型为 Ingress
metadata:
name: wolfcode-nginx-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules: # ingress 规则配置,可以配置多个
- host: k8s.wolfcode.cn # 域名配置,可以使用通配符 *
http:
paths: # 相当于 nginx 的 location 配置,可以配置多个
- pathType: Prefix # 路径类型,按照路径类型进行匹配 ImplementationSpecific 需要指定 IngressClass,具体匹配规则以 IngressClass 中的规则为准。Exact:精确匹配,URL需要与path完全匹配上,且区分大小写的。Prefix:以 / 作为分隔符来进行前缀匹配
backend:
service:
name: nginx-svc # 代理到哪个 service
port:
number: 80 # service 的端口
path: /api # 等价于 nginx 中的 location 的路径前缀匹配
[root@k8s-master ingress]# kubectl create -f ingress.yaml
Warning: annotation "kubernetes.io/ingress.class" is deprecated, please use 'spec.ingressClassName' instead
ingress.networking.k8s.io/wolfcode-nginx-ingress created
[root@k8s-master ingress]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
wolfcode-nginx-ingress <none> k8s.wolfcode.cn 10.100.155.123 80 2m2s
访问对应的IP地址,如下图:我这里在配置window的hosts文件时,最开始不能通过 k8s.wolfcode.cn域名来访问,后面才知道,由于我的电脑开了代理,需要关闭代理,才可以进行访问。
在浏览器输入k8s.wolfcode.cn域名之后,ingress会首先根据路由配置进行匹配,如果匹配到了/api路径,就会转发到配置文件中的service:
service:
name: nginx-svc # 代理到哪个 service
port:
number: 80 # service 的端口我们来查看一下这个service:
[root@k8s-master ingress-nginx]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 25h
nginx-svc NodePort 10.106.43.135 <none> 80:30384/TCP 16h
nginx-svc-external ClusterIP 10.96.11.222 <none> 80/TCP 25h
wolfcode-external-domain ExternalName <none> www.wolfcode.cn <none> 24h
[root@k8s-master ingress-nginx]# kubectl describe svc nginx-svc
Name: nginx-svc
Namespace: default
Labels: app=nginx
Annotations: <none>
Selector: app=nginx-deploy
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.106.43.135
IPs: 10.106.43.135
Port: web 80/TCP
TargetPort: 80/TCP
NodePort: web 30384/TCP
Endpoints: 10.109.131.6:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
这个svc对应的endpoint,维护了一个IP地址:10.109.131.6:80,我们进一步查看pod信息
[root@k8s-master ingress-nginx]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deploy-778cb6d6f7-hmhcx 1/1 Running 0 15h 10.109.131.6 k8s-node2 <none> <none>
可以看到nginx-deploy-778cb6d6f7-hmhcx对应的IP地址为10.109.131.6,就是nginx-svc所对应的pod。
# 使用日志跟踪功能进行跟踪
[root@k8s-master www]# kubectl logs -f nginx-deploy-778cb6d6f7-hmhcx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2025/01/18 17:36:59 [notice] 1#1: using the "epoll" event method
2025/01/18 17:36:59 [notice] 1#1: nginx/1.27.3
2025/01/18 17:36:59 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2025/01/18 17:36:59 [notice] 1#1: OS: Linux 3.10.0-957.el7.x86_64
2025/01/18 17:36:59 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 65536:65536
2025/01/18 17:36:59 [notice] 1#1: start worker processes
2025/01/18 17:36:59 [notice] 1#1: start worker process 29
2025/01/18 17:36:59 [notice] 1#1: start worker process 30
2025/01/18 17:36:59 [notice] 1#1: start worker process 31
2025/01/18 17:36:59 [notice] 1#1: start worker process 32
192.168.129.138 - - [19/Jan/2025:09:28:30 +0000] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0" "192.168.129.1"
接下来在浏览器去输入k8s.wolfcode.cn,此时日志文件并没有新的请求记录日志输出,因为k8s.wolfcode.cn域名在ingress那里没有匹配到指定的路劲,所以就没有转发到nginx-svc里面,也就不会到指定的pod里面去。此时页面返回的404是在ingress这里就返回了。
接着在浏览器输入k8s.wolfcode.cn/api,可以看到上面的日志多了一条请求日志的输出,这时的请求是通过了ingress的路径匹配,并且转发到了nginx-svc上,然后再通过endpoint转到指定的Pod上,此时返回的不再是404了,而是nginx的默认页面。
(4)多域名配置
apiVersion: networking.k8s.io/v1
kind: Ingress # 资源类型为 Ingress
metadata:
name: wolfcode-nginx-multi-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules: # ingress 规则配置,可以配置多个
- host: k8s.wolfcode.cn # 域名配置,可以使用通配符 *
http:
paths: # 相当于 nginx 的 location 配置,可以配置多个
- pathType: Prefix # 路径类型,按照路径类型进行匹配 ImplementationSpecific 需要指定 IngressClass,具体匹配规则以 IngressClass 中的规则为准。Exact:精确匹配,URL需要与path完全匹配上,且区分大小写的。Prefix:以 / 作为分隔符来进行前缀匹配
backend:
service:
name: nginx-svc # 代理到哪个 service
port:
number: 80 # service 的端口
path: /apiv2 # 等价于 nginx 中的 location 的路径前缀匹配
- pathType: Exact # 路径类型,按照路径类型进行匹配 ImplementationSpecific 需要指定 IngressClass,具体匹配规则以 IngressClass 中的规则为准。Exact:精确匹配>,URL需要与path完全匹配上,且区分大小写的。Prefix:以 / 作为分隔符来进行前缀匹配
backend:
service:
name: nginx-svc # 代理到哪个 service
port:
number: 80 # service 的端口
path: /
- host: api.wolfcode.cn # 域名配置,可以使用通配符 *
http:
paths: # 相当于 nginx 的 location 配置,可以配置多个
- pathType: Prefix # 路径类型,按照路径类型进行匹配 ImplementationSpecific 需要指定 IngressClass,具体匹配规则以 IngressClass 中的规则为准。Exact:精确匹配>,URL需要与path完全匹配上,且区分大小写的。Prefix:以 / 作为分隔符来进行前缀匹配
backend:
service:
name: nginx-svc # 代理到哪个 service
port:
number: 80 # service 的端口
path: /
