1、资料信息:
Ingress-nginx github地址:https://guthub.com/kubernetes/ingress-nginx
Ingress-nginx 官方网站:https://kubernetes.github.io/ingress-nginx
2、Ingress访问方式
ingress访问方式.png
3、Ingress访问原理
ingress访问原理.png
4、部署Ingress-nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
查看
kubectl get pod -n ingress-nginx
5、部署暴露模式(NodePort模式)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
6、Ingress Http代理访问
示例
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-dm
spec:
replicas: 2
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-test
spec:
rules:
- host: liuchao.com
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
访问:域名:NodePort
7、Ingress Https代理访问
7.1、创建证书,以及cart存储方式
[root@master https]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/0=nginxsvc" //生成证书
[root@master https]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt //创建
7.2、进行ingress创建
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx3
spec:
replicas: 2
template:
metadata:
labels:
name: nginx3
spec:
containers:
- name: nginx3
image: nginx:1.10
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx3
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx3
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: https
spec:
tls:
- hosts:
- liuchao1.com
secretName: tls-secret
rules:
- host: liuchao1.com
http:
paths:
- path: /
backend:
serviceName: nginx3
servicePort: 80
7.3、使用https访问
8、Nginx进行BasicAuth(技术认证)
示例
环境安装
yum -y install httpd
htpasswd -c auth(文件) foo(用户)
kubectl create secret generic basic-auth --from-file=auth
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
rules:
- host: liuchao2.com
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
访问:域名:http协议端口
9、nginx进行重写
nginx重写.png
示例
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-test
annotations:
nginx.ingress.kubernetes.io/rewrite-target: https://liuchao.com:31170
spec:
rules:
- host: liuchao1.com
http:
paths:
- path:
backend:
serviceName: nginx-svc
servicePort: 80
