参考:https://kubernetes.github.io/ingress-nginx/deploy/
注意
serviceAccount: kuboard-user
serviceAccountName: kuboard-user
中我们使用创建UI时候创建的ServiceAccount kuboard-user,因为此账户以进行过集群绑定,否则要自己建立一个并绑定
1、安装nginx-ingress-controller
nginx-ingress-controller.yaml文件如下
apiVersion: apps/v1beta2
kind: Deployment
metadata:
labels:
app: ingress-nginx
name: nginx-ingress-controller
namespace: kube-system
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: ingress-nginx
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
labels:
app: ingress-nginx
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- ingress-nginx
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- args:
- /nginx-ingress-controller
- '--configmap=$(POD_NAMESPACE)/nginx-configuration'
- '--tcp-services-configmap=$(POD_NAMESPACE)/tcp-services'
- '--udp-services-configmap=$(POD_NAMESPACE)/udp-services'
- '--annotations-prefix=nginx.ingress.kubernetes.io'
- '--publish-service=$(POD_NAMESPACE)/nginx-ingress-lb'
- '--v=2'
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: 'registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller:0.20.0'
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: nginx-ingress-controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
procMount: Default
runAsUser: 33
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
dnsPolicy: ClusterFirst
initContainers:
- command:
- /bin/sh
- '-c'
- |
sysctl -w net.core.somaxconn=65535
sysctl -w net.ipv4.ip_local_port_range="1024 65535"
sysctl -w fs.file-max=1048576
sysctl -w fs.inotify.max_user_instances=16384
sysctl -w fs.inotify.max_user_watches=524288
sysctl -w fs.inotify.max_queued_events=16384
image: 'registry-vpc.cn-shenzhen.aliyuncs.com/acs/busybox:latest'
imagePullPolicy: Always
name: init-sysctl
resources: {}
securityContext:
privileged: true
procMount: Default
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
beta.kubernetes.io/os: linux
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kuboard-user
serviceAccountName: kuboard-user
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /etc/localtime
type: File
name: localtime
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ingress-lb
name: nginx-ingress-lb
namespace: kube-system
spec:
externalTrafficPolicy: Local
healthCheckNodePort: 32435
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app: ingress-nginx
sessionAffinity: None
type: LoadBalancer
成功后会看到一个 Deployment 类型的 nginx-ingress-controller控制器和一个Service 类型的 nginx-ingress-lb
查看nginx-ingress-lb服务IP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.1.0.10 <none> 53/UDP,53/TCP,9153/TCP 3d
kuboard NodePort 10.1.35.90 <none> 80:32567/TCP 3d
metrics-server ClusterIP 10.1.215.29 <none> 443/TCP 2d22h
nginx-ingress-lb LoadBalancer 10.1.210.63 192.168.1.220 80:32213/TCP,443:32010/TCP 23h
***如果LoadBalancer 一直在padding 参考【k8s裸机安装Service使用LoadBalancer】
2、部署ingress
一个demo.yaml如下
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: kube-public
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: z.sita.site
http:
paths:
- path: /
backend:
serviceName: nginx-app
servicePort: 80
3、添加域名解析地址到nginx-ingress-controller 的 EXTERNAL-IP
此时就能通过ip访问你的服务了,本例是把z.sita.com 解析到192.168.1.220
更多信息请关注公众号:[Z技术]
