• Ingress-nginx

    https创建秘钥

     openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/0=nginxsvc"

     kubectl create secret tls tls-secret --key tls.key --cert tls.crt

     Igresss服务------就是一个配置文件,负责告诉Ingresss  control怎样去转发和反向代理

      

    apiVersion: v1
    kind: Service
    metadata:
    name: ingress-nginx
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    spec:
    type: NodePort
    ports:
    - name: http
    port: 80
    targetPort: 80
    protocol: TCP
    nodePort: 32080 #http
    - name: https
    port: 443
    targetPort: 443
    protocol: TCP
    nodePort: 32443 #https
    selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

    Ingresss  control-----复制干活的,反向代理

    apiVersion: v1
    kind: Service
    metadata:
    name: ingress-nginx
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    spec:
    type: NodePort
    ports:
    - name: http
    port: 80
    targetPort: 80
    protocol: TCP
    nodePort: 32080 #http
    - name: https
    port: 443
    targetPort: 443
    protocol: TCP
    nodePort: 32443 #https
    selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    [root@master ingreess]# cat mandatory.yaml
    apiVersion: v1
    kind: Namespace
    metadata:
    name: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

    ---

    kind: ConfigMap
    apiVersion: v1
    metadata:
    name: nginx-configuration
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

    ---
    kind: ConfigMap
    apiVersion: v1
    metadata:
    name: tcp-services
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

    ---
    kind: ConfigMap
    apiVersion: v1
    metadata:
    name: udp-services
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRole
    metadata:
    name: nginx-ingress-clusterrole
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    rules:
    - apiGroups:
    - ""
    resources:
    - configmaps
    - endpoints
    - nodes
    - pods
    - secrets
    verbs:
    - list
    - watch
    - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - get
    - apiGroups:
    - ""
    resources:
    - services
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create
    - patch
    - apiGroups:
    - "extensions"
    - "networking.k8s.io"
    resources:
    - ingresses
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - "extensions"
    - "networking.k8s.io"
    resources:
    - ingresses/status
    verbs:
    - update

    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: Role
    metadata:
    name: nginx-ingress-role
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    rules:
    - apiGroups:
    - ""
    resources:
    - configmaps
    - pods
    - secrets
    - namespaces
    verbs:
    - get
    - apiGroups:
    - ""
    resources:
    - configmaps
    resourceNames:
    # Defaults to "<election-id>-<ingress-class>"
    # Here: "<ingress-controller-leader>-<nginx>"
    # This has to be adapted if you change either parameter
    # when launching the nginx-ingress-controller.
    - "ingress-controller-leader-nginx"
    verbs:
    - get
    - update
    - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - create
    - apiGroups:
    - ""
    resources:
    - endpoints
    verbs:
    - get

    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: RoleBinding
    metadata:
    name: nginx-ingress-role-nisa-binding
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: nginx-ingress-role
    subjects:
    - kind: ServiceAccount
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx

    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: nginx-ingress-clusterrole-nisa-binding
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: nginx-ingress-clusterrole
    subjects:
    - kind: ServiceAccount
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx

    ---

    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: nginx-ingress-controller
    namespace: ingress-nginx
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    spec:
    replicas: 1
    selector:
    matchLabels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    template:
    metadata:
    labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    annotations:
    prometheus.io/port: "10254"
    prometheus.io/scrape: "true"
    spec:
    serviceAccountName: nginx-ingress-serviceaccount
    containers:
    - name: nginx-ingress-controller
    image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0
    args:
    - /nginx-ingress-controller
    - --configmap=$(POD_NAMESPACE)/nginx-configuration
    - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
    - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
    - --publish-service=$(POD_NAMESPACE)/ingress-nginx
    - --annotations-prefix=nginx.ingress.kubernetes.io
    securityContext:
    allowPrivilegeEscalation: true
    capabilities:
    drop:
    - ALL
    add:
    - NET_BIND_SERVICE
    # www-data -> 33
    runAsUser: 33
    env:
    - name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
    - name: POD_NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    ports:
    - name: http
    containerPort: 80
    - name: https
    containerPort: 443
    livenessProbe:
    failureThreshold: 3
    httpGet:
    path: /healthz
    port: 10254
    scheme: HTTP
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 10
    readinessProbe:
    failureThreshold: 3
    httpGet:
    path: /healthz
    port: 10254
    scheme: HTTP
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 10

    kubectl apply -f yaml文件后会生成一个有端口的svc,后期访问会使用此端口

    因为ingress.contro镜像比较大,需要提前下载

    将ingress.contro.tar.gz传到服务器 然后tar -zxvf解压成tar文件,然后docker reload -i 文件

     

     这三张图能够实现www2.wangyu.com 和www3.wangyu.com http和https都能访问到POD

     

     要是实现网页跳转需要添加如下yaml文件
  • 相关阅读:
    git使用教程PDF版
    Everything(一款用于检索硬盘文件的工具)
    Animate.css(一款有意思的CSS3动画库)
    bootstrap3中container与container_fluid的区别
    河北省重大技术需求征集系统设计(七稿)第九天
    河北省重大技术需求征集系统设计(七稿)第八天
    河北省重大技术需求征集系统设计(七稿)第七天
    河北省重大技术需求征集系统设计(七稿)第六天
    河北省重大技术需求征集系统设计(七稿)第五天
    河北省重大技术需求征集系统设计(七稿)第四天
  • 原文地址:https://www.cnblogs.com/jdwy24/p/12893067.html
Copyright © 2020-2023  润新知