Ingress使用示例

匿名 (未验证) 提交于 2019-12-02 23:38:02

Ingress概念介绍





Ingress反代到后端的web服务器

apiVersion: v1 kind: Service metadata:   name: myapp   namespace: default spec:   selector:     app: myapp     release: canary   ports:   - name: http     targetPort: 80     port: 80 --- apiVersion: apps/v1 kind: Deployment metadata:   name: myapp-deploy   namespace:  default apiVersion: v1 kind: Service metadata:   name: myapp   namespace: default spec:   selector:     app: myapp     release: canary   ports:   - name: http     targetPort: 80     port: 80 --- apiVersion: apps/v1 kind: Deployment metadata:   name: myapp-deploy   namespace:  default spec:   replicas: 3   selector:     matchLabels:       app: myapp       release: canary   template:     metadata:       labels:         app: myapp         release: canary     spec:       containers:       -  name: myapp          image: ikubernetes/myapp:v2          ports:          - name: http            containerPort: 80
ngx-deploy.yaml

apiVersion: extensions/v1beta1 kind: Ingress metadata:   name: ingress-myapp   namespace: default   annotations:     kubernetes.io/ingress.class: "nginx" spec:   rules:   - host: myapp.yxh.com     http:       paths:       - path:         backend:           serviceName: myapp           servicePort: 80
ingress-myapp.yaml

[root@k8s-master ingress]# kubectl get pod -n ingress-nginx NAME                                        READY     STATUS             RESTARTS   AGE         3d nginx-ingress-controller-7d4c999994-pn6wt   1/1       Running            0          3d  service_nodeport是用来给ingress-controller接入集群外部流量的 ingress-controller就是一个运行nginx的pod service_nodeport就是nginx pod的service   ingress-controller 的pod是由在git上下载的nginx-ingress中的yaml文件创建的
View Code

apiVersion: v1 kind: Service metadata:   name: ingress-nginx   namespace: ingress-nginx spec:   type: NodePort   ports:   - name: http     port: 80     targetPort: 80     protocol: TCP     nodePort: 30080   - name: https     port: 443     targetPort: 443     nodePort: 30443     protocol: TCP   selector:     app: ingress-nginx
service_nodeport.yaml

# localhost name resolution is handled within DNS itself. #    127.0.0.1       localhost #    ::1             localhost 192.168.11.141      myapp.yxh.com 192.168.11.141      tomcat.yxh.com
View Code

6.浏览器访问

Ingress实现tomcat的https反代

apiVersion: v1 kind: Service metadata:   name: tomcat   namespace: default spec:   selector:     app: tomcat     release: canary   ports:   - name: http     targetPort: 8080     port: 8080   - name: ajp     targetPort: 8009     port: 8009 --- apiVersion: apps/v1 kind: Deployment metadata:   name: tomcat-deploy   namespace:  default spec:   replicas: 3   selector:     matchLabels:       app: tomcat       release: canary   template:     metadata:       labels:         app: tomcat         release: canary     spec:       containers:       -  name:  tomcat          image: tomcat:8.5.32-jre8-alpine          ports:          - name: http            containerPort: 8080          - name: ajp            containerPort: 8009
tomcat-deploy.yaml

生成自签名证书  [root@k8s-master ingress]# openssl genrsa -out tls.key 2048  Generating RSA private key, 2048 bit long modulus .................................................................+++ ...........................................................................................................+++ e is 65537 (0x10001) [root@k8s-master ingress]# openssl req -new -x509 -key tls.key -out tls.out -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.yxh.com CN的设置必须和访问的域名设置为一样的  [root@k8s-master ingress]# ls ingress-myapp.yaml          ngx-deploy.yaml        tls.key  tomcat ingress-nginx-nginx-0.13.0  service_nodeport.yaml  tls.out  把生成的证书转换成secret资源对象 [root@k8s-master ingress]# kubectl create tls tomcat-ingress-cert --cert=tls.crt  --key=tls.key  [root@k8s-master ingress]# kubectl get secret NAME                    TYPE                                  DATA      AGE default-token-n87jl     kubernetes.io/service-account-token   3         244d tomcat-ingress-secret   kubernetes.io/tls                     2         1h
创建证书

apiVersion: extensions/v1beta1 kind: Ingress metadata:   name: ingress-tomcat-tls   namespace: default   annotations:     kubernetes.io/ingress.class: "nginx" spec:   tls:   - hosts:     - tomcat.yxh.com     secretName: tomcat-ingress-secret   rules:   - host: tomcat.yxh.com     http:       paths:       - path:         backend:           serviceName: tomcat           servicePort: 8080
ingress-tomcat-tls.yaml

4.创建tomcat http ingress资源

apiVersion: extensions/v1beta1 kind: Ingress metadata:   name: ingress-tomcat   namespace: default   annotations:     kubernetes.io/ingress.class: "nginx" spec:   rules:   - host: tomcat.yxh.com     http:       paths:       - path:         backend:           serviceName: tomcat           servicePort: 8080
ingress-tomcat.yaml

5.实现原理

    ## start server tomcat.yxh.com     server {         server_name tomcat.yxh.com ;                  listen 80;                  listen [::]:80;                  set $proxy_upstream_name "-";                  listen 443  ssl http2;                  listen [::]:443  ssl http2;                  # PEM sha: 8d7a91d9f8445a2e44ca5cef9dcea2c9bf8e7141         ssl_certificate                         /ingress-controller/ssl/default-tomcat-ingress-secret.pem;         ssl_certificate_key                     /ingress-controller/ssl/default-tomcat-ingress-secret.pem;                  ssl_trusted_certificate                 /ingress-controller/ssl/default-tomcat-ingress-secret-full-chain.pem;         ssl_stapling
nginx.conf

6.最终效果

标签
虚拟侵入
nginx
spec
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!