5

Ingress-nginx安装(helm)

 1 year ago
source link: https://blog.51cto.com/u_10810913/6991318
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Ingress-nginx安装(helm)

精选 原创

Chanfi 2023-08-07 10:23:11 博主文章分类:Kubenetes ©著作权

文章标签 ingress-nginx helm 文章分类 运维 阅读数216

Nginx Ingress简介

在Kubernetes集群中,Ingress作为集群内服务对外暴露的访问接入点,其几乎承载着集群内服务访问的所有流量。Ingress是Kubernetes中的一个资源对象,用来管理集群外部访问集群内部服务的方式。您可以通过Ingress资源来配置不同的转发规则,从而达到根据不同的规则设置访问集群内不同的Service所对应的后端Pod

Nginx Ingress Controller 工作原理

为了使得Nginx Ingress资源正常工作,集群中必须要有个Nginx Ingress Controller来解析Nginx Ingress的转发规则。Nginx Ingress Controller收到请求,匹配Nginx Ingress转发规则转发到后端Service所对应的Pod,由Pod处理请求。Kubernetes中Service、Nginx Ingress与Nginx Ingress Controller有着以下关系:

  • Service是后端真实服务的抽象,一个Service可以代表多个相同的后端服务。
  • Nginx Ingress是反向代理规则,用来规定HTTP/HTTPS请求应该被转发到哪个Service所对应的Pod上。例如根据请求中不同的Host和URL路径,让请求落到不同Service所对应的Pod上。
  • Nginx Ingress Controller是一个反向代理程序,负责解析Nginx Ingress的反向代理规则。如果Nginx Ingress有增删改的变动,Nginx Ingress Controller会及时更新自己相应的转发规则,当Nginx Ingress Controller收到请求后就会根据这些规则将请求转发到对应Service的Pod上。

Nginx Ingress Controller通过API Server获取Ingress资源的变化,动态地生成Load Balancer(例如Nginx)所需的配置文件(例如nginx.conf),然后重新加载Load Balancer(例如执行nginx -s load重新加载Nginx)来生成新的路由转发规则。

Ingress-nginx安装(helm)_ingress-nginx
添加 ingress-nginx 官方 helm 仓库
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
下载 chart 包
# 查找所有的版本
helm search repo ingress-nginx/ingress-nginx -l

# 下载
$ helm fetch ingress-nginx/ingress-nginx --version 4.7.1

# 解压缩
$ tar -zxvf ingress-nginx-4.7.1.tgz
$ cd ingress-nginx
修改 values.yaml 文件

修改 ingress-nginx-contorller,注释掉 digest。官方提供的镜像无法拉取,改成阿里云镜像

Ingress-nginx安装(helm)_ingress-nginx_02

修改 hostNetwork 的值为 true

Ingress-nginx安装(helm)_ingress-nginx_03

修改 dnsPolicy 的值为 ClusterFirstWithHostNet

Ingress-nginx安装(helm)_ingress-nginx_04

nodeSelector 添加标签: ingress: "true",用于部署 ingress-controller 到指定节点

Ingress-nginx安装(helm)_helm_05

修改 kind 类型为 DaemonSet

Ingress-nginx安装(helm)_helm_06

修改 kube-webhook-certgen 的镜像地址为国内仓库 

registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.5.1
Ingress-nginx安装(helm)_ingress-nginx_07

修改 service 类型为 NodePort

Ingress-nginx安装(helm)_ingress-nginx_08
# 创建命名空间
kubectl create ns ingress-nginx

# helm安装
helm install ingress-nginx -n ingress-nginx .
NAME: ingress-nginx
LAST DEPLOYED: Thu Nov 24 17:12:22 2022
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

安装完成后,需要给节点打上刚刚设置的标签ingress=true,让 Pod 调度到指定的节点

# 查看节点
kubectl get nodes

NAME            STATUS   ROLES                  AGE   VERSION
k8s-master231   Ready    control-plane,master   10d   v1.21.10
k8s-master232   Ready    control-plane,master   10d   v1.21.10
k8s-node233     Ready    <none>                 10d   v1.21.10
k8s-node234     Ready    <none>                 10d   v1.21.10
k8s-node235     Ready    <none>                 10d   v1.21.10
k8s-node236     Ready    <none>                 9d    v1.21.10

# 设置标签
kubectl label node k8s-node233 ingress=true
kubectl label node k8s-node234 ingress=true
kubectl label node k8s-node235 ingress=true
kubectl label node k8s-node236 ingress=true
$ kubectl taint node master1 node-role.kubernetes.io/master-

执行完成之后,就可以看到 ingress-nginx 部署到节点

kubectl get all -n ingress-nginx

NAME                                 READY   STATUS    RESTARTS   AGE
pod/ingress-nginx-controller-72p5z   1/1     Running   0          25m
pod/ingress-nginx-controller-lxt5g   1/1     Running   0          23m
pod/ingress-nginx-controller-ndnb7   1/1     Running   0          25m
pod/ingress-nginx-controller-w5gkp   1/1     Running   0          23m

NAME                                         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
service/ingress-nginx-controller             LoadBalancer   10.97.111.98     <pending>     80:31595/TCP,443:32140/TCP   25m
service/ingress-nginx-controller-admission   ClusterIP      10.108.103.137   <none>        443/TCP                      25m

NAME                                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                         AGE
daemonset.apps/ingress-nginx-controller   4         4         4       4            4           ingress=true,kubernetes.io/os=linux   25m

在 tcp 节点下添加对应的规则

Ingress-nginx安装(helm)_ingress-nginx_09

然后更新资源

helm upgrade ingress-nginx -n ingress-nginx .
  • 收藏
  • 评论
  • 分享
  • 举报

上一篇:StorageClass k8s


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK