知名的网站建设公司,申请邮箱怎么注册,最全的wordpress 中文手册,西安最好的互联网公司排名需求#xff1a;k8s 配置好之后除了 nodeport 以外都是对集群内部的行为使用nodeport 并不是很友好#xff0c;要自己处理很多的端口管理使用ingress 可以更好的整合配置服务进程#xff1a;下载ingress-nginx 的yaml 文件https://github.com/kubernetes/ingress-nginx/blob…需求k8s 配置好之后除了 nodeport 以外都是对集群内部的行为使用nodeport 并不是很友好要自己处理很多的端口管理使用ingress 可以更好的整合配置服务进程下载ingress-nginx 的yaml 文件https://github.com/kubernetes/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml安装 kubectl create -f mandatory.yaml安装的时候会有一些warning 影响不大查看 ingress-nignx 的配置启动情况kubectl get all -n ingress-nginx如果controller 没有ready 需要找一下原因查看 这个pod 的状态kubectl get pod -n ingress-nginx --show-labels果然是有问题了controller 状态是crash查看pod 的状态信息简介kubectl describe pod nginx-ingress-controller-54b86f8f7b-bk8s4 -n ingress-nginx查看pod 的启动日志kubectl logs nginx-ingress-controller-54b86f8f7b-bk8s4 -n ingress-nginx看起来是网络不通畅修改下载下来的mandatory.yaml 在第214 行加上 hostNetwork: true 重新执行apply 可执行文件在最下方做一个端口输入serviceapiVersion: v1
kind: Service
metadata:name: ingress-nginx-svcnamespace: ingress-nginx #和controller 保持一致
spec:type: NodePort #必须是这个ports:- name: httpport: 80targetPort: 80protocol: TCPnodePort: 32080 #http 80 映射到32080- name: httpsport: 443targetPort: 443protocol: TCPnodePort: 32443 #https 443 映射到底32443selector: #内容参考controller 的metadataapp.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginxapply 之后查看网址内容404 表示能连通但是没有服务 ingress 安装完成进程2安装完成之后做一个测验配置一个可启动的服务 deployment 和 service 的配置信息不明白的可以看k8s pod deployment service ingress 关系apiVersion: apps/v1
kind: Deployment
metadata:name: myappnamespace: default
spec:replicas: 1selector:matchLabels:app: myapptemplate:metadata:namespace: defaultlabels:app: myappspec:containers:- name: myappimage: ikubernetes/myapp:v1---
apiVersion: v1
kind: Service
metadata:name: myappnamespace: default
spec:selector:app: myappports:- name: httpport: 80targetPort: 80创建完成之后再创建一个ingress 来做反向代理apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: ingress-myappnamespace: defaultannotations:kubernetes.io/ingress.class: nginx
spec:rules:- host: www.firstdemo.comhttp:paths:- path: /backend:serviceName: myappservicePort: 80apply 之后在要测试服务的机器上做一个端口映射#hosts 文件
192.168.197.135 www.firstdemo.com打开网站www.firstdemo.com:32080 会看到一个已经启动了的服务拓展mandatory.yamlapiVersion: v1
kind: Namespace
metadata:name: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:name: nginx-configurationnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: tcp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: udp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: v1
kind: ServiceAccount
metadata:name: nginx-ingress-serviceaccountnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:name: nginx-ingress-clusterrolelabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- resources:- configmaps- endpoints- nodes- pods- secretsverbs:- list- watch- apiGroups:- resources:- nodesverbs:- get- apiGroups:- resources:- servicesverbs:- get- list- watch- apiGroups:- resources:- eventsverbs:- create- patch- apiGroups:- extensions- networking.k8s.ioresources:- ingressesverbs:- get- list- watch- apiGroups:- extensions- networking.k8s.ioresources:- ingresses/statusverbs:- update---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:name: nginx-ingress-rolenamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- resources:- configmaps- pods- secrets- namespacesverbs:- get- apiGroups:- resources:- configmapsresourceNames:# Defaults to election-id-ingress-class# Here: ingress-controller-leader-nginx# This has to be adapted if you change either parameter# when launching the nginx-ingress-controller.- ingress-controller-leader-nginxverbs:- get- update- apiGroups:- resources:- configmapsverbs:- create- apiGroups:- resources:- endpointsverbs:- get---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:name: nginx-ingress-role-nisa-bindingnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: nginx-ingress-role
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:name: nginx-ingress-clusterrole-nisa-bindinglabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: nginx-ingress-clusterrole
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: 10254prometheus.io/scrape: truespec:# wait up to five minutes for the drain of connectionshostNetwork: trueterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linuxcontainers:- name: nginx-ingress-controllerimage: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0args:- /nginx-ingress-controller- --configmap$(POD_NAMESPACE)/nginx-configuration- --tcp-services-configmap$(POD_NAMESPACE)/tcp-services- --udp-services-configmap$(POD_NAMESPACE)/udp-services- --publish-service$(POD_NAMESPACE)/ingress-nginx- --annotations-prefixnginx.ingress.kubernetes.iosecurityContext:allowPrivilegeEscalation: truecapabilities:drop:- ALLadd:- NET_BIND_SERVICE# www-data - 101runAsUser: 101env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespaceports:- name: httpcontainerPort: 80protocol: TCP- name: httpscontainerPort: 443protocol: TCPlivenessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 10readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPperiodSeconds: 10successThreshold: 1timeoutSeconds: 10lifecycle:preStop:exec:command:- /wait-shutdown---apiVersion: v1
kind: LimitRange
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:limits:- min:memory: 90Micpu: 100mtype: Container
