程序员经验分享-hwhale

kubernetes ingress

2023-05-16

https://kubernetes.io/docs/concepts/services-networking/ingress/

负载均衡软件

  • Nginx
  • Traefik
  • Envoy

在这里插入图片描述

https://github.com/kubernetes/ingress-nginx

namespace 

# 创建命名空间
kubectl create namespace dev
# 查看命名空间
kubectl get namespaces
# 删除命名空间
kubectl delete namespaces dev

nginx-ingress.yaml 

apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx-ingress-serviceaccount
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: nginx-ingress-clusterrole
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses/status
    verbs:
      - update

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: nginx-ingress-role
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      # Defaults to "<election-id>-<ingress-class>"
      # Here: "<ingress-controller-leader>-<nginx>"
      # This has to be adapted if you change either parameter
      # when launching the nginx-ingress-controller.
      - "ingress-controller-leader-nginx"
    verbs:
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - endpoints
    verbs:
      - get

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: nginx-ingress-role-nisa-binding
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: nginx-ingress-role
subjects:
  - kind: ServiceAccount
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: nginx-ingress-clusterrole-nisa-binding
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: nginx-ingress-clusterrole
subjects:
  - kind: ServiceAccount
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
      annotations:
        prometheus.io/port: "10254"
        prometheus.io/scrape: "true"
    spec:
      serviceAccountName: nginx-ingress-serviceaccount
      containers:
        - name: nginx-ingress-controller
          image: 10.0.0.11:5000/wuxingge/nginx-ingress-controller:0.21.0
          args:
            - /nginx-ingress-controller
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
            - --annotations-prefix=nginx.ingress.kubernetes.io
          securityContext:
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
            # www-data -> 33
            runAsUser: 33
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1

---

service-nodeport.yaml 

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

demo

deploy-demo.yaml

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  ports:
  - name: http
    targetPort: 80
    port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deploy
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: ikubernetes/myapp:v1
        ports:
        - name: http
          containerPort: 80

ingress-myapp.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: "1000m"
spec:
  rules:
  - host: myapp.wuxingge.com
    http:
      paths:
      - path:
        backend:
          serviceName: myapp
          servicePort: 80

查看

kubectl exec -n ingress-nginx -it nginx-ingress-controller-c9b47ff67-vq9cc -- /bin/sh

tomcat部署

tomcat-deploy.yaml

apiVersion: v1
kind: Service
metadata:
  name: tomcat
  namespace: default
spec:
  selector:
    app: tomcat
    release: canary
  ports:
  - name: http
    targetPort: 8080
    port: 8080
  - name: ajp
    targetPort: 8009
    port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-deploy
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: tomcat
      release: canary
  template:
    metadata:
      labels:
        app: tomcat
        release: canary
    spec:
      containers:
      - name: tomcat
        image: tomcat:8.5.49-jdk8-openjdk
        ports:
        - name: http
          containerPort: 8080
        - name: ajp
          containerPort: 8009

ingress-tomcat.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-tomcat
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: tomcat.wuxingge.com
    http:
      paths:
      - path:
        backend:
          serviceName: tomcat
          servicePort: 8080

访问
tomcat.wuxingge.com:30080

tomcat-https部署

创建key

openssl genrsa -out tls.key 2048

创建证书

openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.wuxingge.com

创建secret

kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key

查看secret

kubectl get secrets

ingress-tomcat-tls.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-tomcat-tls
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - tomcat.wuxingge.com
    secretName: tomcat-ingress-secret
  rules:
  - host: tomcat.wuxingge.com
    http:
      paths:
      - path:
        backend:
          serviceName: tomcat
          servicePort: 8080

访问
https://tomcat.wuxingge.com:30443/

本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)

Kubernetes

ingress

kubernetes ingress 的相关文章

随机推荐

  • Python中的图像处理

    http www ituring com cn tupubarticle 2024 第 1 章 基本的图像操作和处理 本章讲解操作和处理图像的基础知识 xff0c 将通过大量示例介绍处理图像所需的 Python 工具包 xff0c 并介绍用

  • ubuntu中aptitude工具的意思

    aptitude xff1a xff08 Debian系统的包管理工具 xff09 aptitude与 apt get 一样 xff0c 是 Debian 及其衍生系统中功能极其强大的包管理工具 与 apt get 不同的是 xff0c a

  • 什么是微服务

    一 微服务介绍 1 什么是微服务 在介绍微服务时 xff0c 首先得先理解什么是微服务 xff0c 顾名思义 xff0c 微服务得从两个方面去理解 xff0c 什么是 34 微 34 什么是 34 服务 34 xff0c 微 狭义来讲就是体

  • 三、Docker:命令

    其他文章 xff1a 一 Docker xff1a 概述 二 Docker xff1a 安装 三 Docker xff1a 命令 四 Docker xff1a 可视化管理 五 Docker xff1a 镜像 xff08 image 六 Do

  • mysql group by 报错Expression #2 of SELECT list is not in GROUP BY clause and contains nonaggregated c

    当使用group by的语句中 xff0c select后面跟的列 xff0c 在group by后面没有时 xff0c 会报以下错误 xff1a Expression 2 of SELECT list is not in GROUP BY

  • Opencv快速入门(C++版),新手向

    Opencv快速入门 C 43 43 版 xff09 前言1 图像的读取与显示所使用的API接口 xff1a 代码演示 xff1a 2 图像色彩空间转换所使用的API接口 xff1a 代码演示 xff1a 3 图像对象的创建与赋值所使用的A

  • 前台解析jwt token 前后端分离 ant design pro

    前言 在如今得环境下 xff0c 越来越多得项目采用微服务 xff0c 前后端分离项目 优点在于同时开发 xff0c 分开部署 缺点在于需要约定的太多 xff0c 导致前后端联调产生分歧 就标题而言 xff0c 解决前端antd 接收后台返

  • win10 双击启动nacos报错 Unable to start web server...... Unable to start embedded Tomcat

    1 遇到的问题 win10双击启动nacos报错 2 分析 从启动cmd开始查看 发现 启动模式为集群模式 定位成功 3 解决 修改startup中启动模式 重新启动 成功

  • IDEA 远程debugger SpringBoot项目 超赞!!!

    如题哦 xff0c 项目发布到服务器上后 xff0c 每天被不同的bug所困扰 强大的idea超出你的想象 xff0c 强大到可以远程debugger xff0c 就和在本地一样一样的 进入正题 前提概要 线上即服务器代码必须与本地一致 x

  • git提交时 # Please enter the commit message for your changes. Lines starting # with ‘#‘ will be ignored

    问题 xff1a Please enter the commit message for your changes Lines starting with 39 39 will be ignored and an empty message

  • canal 修改配置信息后监听不到mysql数据并报错can‘t find start position for example

    原由 xff1a 数据库地址变化 canal 需要修改监听 问题 xff1a 修改配置信息后重启canal 但并无监听到数据库信息变化 分析 xff1a canal 与数据库之间断层 xff0c 导致信息传输失败 解决 xff1a xff0

  • AI那点事儿

    从古至今 xff0c 改朝换代 一代崛起 xff0c 就标志着一代的灭亡 AI的兴起 xff0c 让无数程序梦想客死他乡 无论是学者还是技术科研者 xff0c 无一不在说 xff0c AI的时代到了 然而 xff0c 我们扣心自问 xff0

  • win7 配置JDK环境变量

    第一步 xff1a 安装jdk 8u101 windows x64 exe xff0c 路径为默认路径 xff0c 一直下一步直到完成安装 安装最好不要修改安装路径 xff0c 防止自己找不到 第二步 xff1a 设置环境变量 xff1a

  • 完整的搭建内网穿透ngrok详细教程(有图有真相)

    如上 网上找到的都是不稳定的 还不如自己搭建一个 去问度娘了 xff0c 发现了一堆 好吧 xff0c 那就动手开干吧 准备工作 xff08 其实也是硬性条件 xff09 xff1a 1 服务器一台 2 备案域名一个 xff08 好多都说可

  • lsyncd-实时同步(镜像)守护程序

    E mail 1226032602 64 qq com 官方文档 https axkibe github io lsyncd https github com axkibe lsyncd 简介 Lsyncd使用文件系统事件接口 xff08

  • Dockerfile

    docker安装 yum span class token function install span y yum utils device mapper persistent data lvm2 span class token func

  • c51单片机学习笔记-LED闪烁编程

    目的 xff1a 使LED灯闪烁 xff0c 需循环让 D1 指示灯先亮一会后熄灭 xff0c 因此只需编写一个循环函数 xff0c 专门在那循环运行即可实现延时功能 编译软件 xff1a keil5 过程 1 书写延时函数 函数名 xff

  • 网络管理命令-nmcli

    网络管理工具 iproute 软件包包括 ip ss 命令 net tools软件包包括 ifconfig route netstat命令 ip 命令相当于之前的 ifconfig route ss 命令相当于之前的 netstat nmt

  • nginx

    本文作者 五行哥 QQ 1226032602 E mail 1226032602 64 qq com web服务器种类 apache nginx tomcat resin Lighttpd IIS WebLogic Jetty Node j

  • kubernetes ingress

    https kubernetes io docs concepts services networking ingress 负载均衡软件 NginxTraefikEnvoy https github com kubernetes ingre

热门标签