ingress-nginx的部署方式有多种,本文介绍nodeport方式和hostnetwork方式:
一、nodeport方式
1、下载mandatory.yaml文件:https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
然后修改文件中的镜像:registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.25.1
2、编辑service-nodeport.yaml(nodeport方式需要额外使用这个文件)
apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP nodePort: 32080 #http - name: https port: 443 targetPort: 443 protocol: TCP nodePort: 32443 #https selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
3、运行部署上面这两个文件:
$ kubectl apply -f mandatory.yaml
$ kubectl apply -f node-port.yaml
4、部署后端程序
apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: selector: app: myapp release: canary ports: - name: http port: 80 targetPort: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: myapp-deploy spec: replicas: 5 selector: matchLabels: app: myapp release: canary template: metadata: labels: app: myapp release: canary spec: containers: - name: myapp image: ikubernetes/myapp:v2 ports: - name: httpd containerPort: 80
5、配置后端程序的ingress:
$ vim ingress-myapp.yaml
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-myapp namespace: default annotations: kubernetes.io/ingress.class: "nginx" spec: rules: - host: myapp.cabel.com http: paths: - path: backend: serviceName: myapp servicePort: 80
6、然后访问:myapp.cabel.com:NodePort(32080)
7、增加后端服务:
$ vim deploy-tomcat.yaml apiVersion: v1 kind: Service metadata: name: tomcat namespace: default spec: selector: app: tomcat release: canary ports: - name: http port: 8080 targetPort: 8080 - name: ajp port: 8009 targetPort: 8009 --- apiVersion: apps/v1 kind: Deployment metadata: name: tomcat-deploy spec: replicas: 3 selector: matchLabels: app: tomcat release: canary template: metadata: labels: app: tomcat release: canary spec: containers: - name: tomcat image: tomcat:7-alpine ports: - name: httpd containerPort: 8080 - name: ajp containerPort: 8009
$ vim ingress-tomcat.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-tomcat namespace: default annotations: kubernets.io/ingress.class: "nginx" spec: rules: - host: tomcat.cabel.com http: paths: - path: backend: serviceName: tomcat servicePort: 8080
8、然后访问:tomcat.cabel.com:NodePort(32080)
二、deamonset方式,deamonset方式与上一种方式只有一处不同,只修改mandatory.yaml,而且,service-nodeport.yaml也不用配置,其他不用修改,访问的时候,直接域名访问,不用加nodeport。
三、外部nginx引入流量到集群内部
比如域名为myapp.cabel.com,在配置了Deamonset模式的ingress-nginx后,外部的nginx配置如下
upstream app4core { server 192.168.10.55; server 192.168.10.56; } server { listen 80; server_name myapp.cabel.com; access_log /data/logs/nginx/app4core.dogotsn.access.log; error_log /data/logs/nginx/app4core.dogotsn.error.log; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_redirect off; proxy_read_timeout 600; proxy_connect_timeout 600; proxy_pass http://app4core; } }
此种架构为双层nginx代理,所以配置外层的nginx时,需要在请求报文的时候不去修改请求头