1、资料信息：

Ingress-nginx github地址：https://guthub.com/kubernetes/ingress-nginx
Ingress-nginx 官方网站：https://kubernetes.github.io/ingress-nginx

2、Ingress访问方式

ingress访问方式.png

3、Ingress访问原理

ingress访问原理.png

4、部署Ingress-nginx

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
查看
kubectl get pod -n ingress-nginx

5、部署暴露模式(NodePort模式)

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

6、Ingress Http代理访问

示例

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-dm
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
  - host: liuchao.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

访问：域名:NodePort

7、Ingress Https代理访问

7.1、创建证书，以及cart存储方式

[root@master https]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/0=nginxsvc"  //生成证书
[root@master https]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt    //创建

7.2、进行ingress创建

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx3
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx3
    spec:
      containers:
      - name: nginx3
        image: nginx:1.10
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx3
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx3
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: https
spec:
  tls:
    - hosts:
      - liuchao1.com
      secretName: tls-secret
  rules:
    - host: liuchao1.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx3
            servicePort: 80

7.3、使用https访问

8、Nginx进行BasicAuth(技术认证)

示例

环境安装

yum -y install httpd
htpasswd -c auth(文件) foo(用户)
kubectl create secret generic basic-auth --from-file=auth

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: liuchao2.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

访问：域名:http协议端口

9、nginx进行重写

nginx重写.png

示例

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: https://liuchao.com:31170
spec:
  rules:
  - host: liuchao1.com
    http:
      paths:
      - path:
        backend:
          serviceName: nginx-svc
          servicePort: 80

访问liuchao1.com跳转到liuchao.com