ingress-nginx来做ingress的代理

古冷 2018-11-06 396人围观 ingress-nginxingressk8s

前段时间使用traefik来做ingress的反向代理,发现代理7层的https的时候还得把证书映射进去,要是不同的域名的https就不好搞了,要是通配符的域名还行,所以不得不代理改成nginx,之前ingress-nginx是之前支持4层的代理,但近期不支持4层的代理,只支持7层的,所以跟traefik代理是一样的了。

从github下载ingress-nginx的yaml文件
https://github.com/kubernetes/ingress-nginx/tree/master/deploy

wget  https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml    
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
image我是翻墙下载下来的
  
kubectl  apply  -f mandatory.yaml  -f  service-nodeport.yaml
  
 #这里使用NodePort的原因是域名解析的时候可以写多个,算是高可用的了,也可以做轮询模式,或者是使用daemonSet的方式部署就ok!
 
 创建个测试的tls,域名为:gg.cdd.group
   openssl genrsa -out tls.key 2018
   openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/O=DevOps/CN=gg.cdd.group
  
  在k8s里是使用secrt来把证书编码格式注入到pod的所以这里
  kubectl  create secret tls nginx-test --cert=tls.crt    --key=tls.key   #这里不要把名字用下横杠来连接(nginx_test),不然会报错!
  
deployment的yaml:
vim test-deployment.yaml
  
apiVersion: v1
kind: Service
metadata:
  name: test
spec:
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800
  clusterIP: None
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: test
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
spec:
  tls:
  - hosts:
    - gg.cdd.group
    secretName: nginx-test
  rules:
  - host: gg.cdd.group
    http:
      paths:
      - path:
        backend:
          serviceName: test
          servicePort: 80
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: test
spec:
  minReadySeconds: 5
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
  replicas: 3
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      containers:
      - image: nginx
        name: test
        readinessProbe:
          httpGet:
            port: 80
            path: /index.html
          initialDelaySeconds: 1
          periodSeconds: 2
        livenessProbe:
          exec:
            command:
              - cat
              - /usr/share/nginx/html/index.html
          initialDelaySeconds: 1
          periodSeconds: 2
        resources:
          requests:
            cpu: 50m
            memory: 200Mi
          limits:
            cpu: 500m
            memory: 500Mi
        env:
          - name: PROFILE
            value: "test"
        
kubectl  apply  -f test-deployment.yaml

image.png


ok了!

请发表您的评论
152文章数 1评论数
请关注微信公众号
微信二维码
Powered By Z-BlogPHP