基于kubernetes v1.18.5 创建ingress-nginx
2020-07-14 14:20
246 查看
最近想要在centos7上基于最新的kubernetes (v1.8.5)创建ingress-nginx,基于github上最新ingress创建方法没创建成功,正好一年前有记录创建ingress的yaml,所以我结合之前的yaml文件做了些修改,然后创建成功了,这里我将ingress的pod的控制器创建为DaemonSet模式,这样可以每个节点上都部署ingress的pod,ingress暴露的端口也就在每个节点都生效,这样后续在使用时我就可以将域名解析为多个kubernetes节点IP。
[code][root@k8s1 ~]# kubectl get node NAME STATUS ROLES AGE VERSION k8s1.alv.pub Ready master 4d1h v1.18.5 k8s2.alv.pub Ready <none> 4d1h v1.18.5 k8s3.alv.pub Ready <none> 4d1h v1.18.5 [root@k8s1 ~]# cat ingress.yaml apiVersion: v1 kind: Namespace metadata: name: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- kind: ConfigMap apiVersion: v1 metadata: name: nginx-configuration namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- kind: ConfigMap apiVersion: v1 metadata: name: tcp-services namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- kind: ConfigMap apiVersion: v1 metadata: name: udp-services namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: name: nginx-ingress-serviceaccount namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: nginx-ingress-clusterrole labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - "" resources: - services verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "extensions" resources: - ingresses/status verbs: - update --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: nginx-ingress-role namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: - "" resources: - configmaps - pods - secrets - namespaces verbs: - get - apiGroups: - "" resources: - configmaps resourceNames: # Defaults to "<election-id>-<ingress-class>" # Here: "<ingress-controller-leader>-<nginx>" # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - "ingress-controller-leader-nginx" verbs: - get - update - apiGroups: - "" resources: - configmaps verbs: - create - apiGroups: - "" resources: - endpoints verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: nginx-ingress-role-nisa-binding namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-ingress-role subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: nginx-ingress-clusterrole-nisa-binding labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-ingress-clusterrole subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx --- apiVersion: apps/v1 kind: DaemonSet metadata: name: nginx-ingress-controller namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: selector: matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx template: metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: prometheus.io/port: "10254" prometheus.io/scrape: "true" spec: hostNetwork: true serviceAccountName: nginx-ingress-serviceaccount containers: - name: nginx-ingress-controller image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1 args: - /nginx-ingress-controller - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: allowPrivilegeEscalation: true capabilities: drop: - ALL add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 - name: https containerPort: 443 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 --- [root@k8s1 ~]# kubectl get pod,daemonset,sa -n ingress-nginx NAME READY STATUS RESTARTS AGE pod/nginx-ingress-controller-dmjpv 1/1 Running 0 22h pod/nginx-ingress-controller-zzwbs 1/1 Running 0 22h NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/nginx-ingress-controller 2 2 2 2 2 <none> 22h NAME SECRETS AGE serviceaccount/default 1 22h serviceaccount/nginx-ingress-serviceaccount 1 22h
上面我们创建的是ingress-nginx,创建ingress-nginx是为了代理其他一些服务,这里代理的是我的一个nginx service,那么创建一个我的nginx服务的ingress
[code][root@k8s1 ~]# cat docs-ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: docs-https # annotations: # use the shared ingress-nginx #kubernetes.io/ingress.class: "nginx" spec: tls: - hosts: - docs.alv.pub secretName: all.alv.pub rules: - host: docs.alv.pub http: paths: - path: / backend: serviceName: docs-sts-svc servicePort: 80
上面我们配置了一个secretName:all.alv.pub ,表示我们要使用一个名为all.alv.pub的secret,如果当前不存在,则需要创建,以下命令中我使用了当前目录下的私钥all.alv.pub.key和公钥all.alv.pub.pem创建了一个secret。
[code]kubectl create secret tls all.alv.pub --key all.alv.pub.key --cert all.alv.pub.pem
相关文章推荐
- Istio 太复杂?KubeSphere基于Ingress-Nginx实现灰度发布
- 品尝阿里云容器服务:用nginx镜像创建容器,体验基于域名的路由机制
- Istio 太复杂?KubeSphere基于Ingress-Nginx实现灰度发布
- Istio 太复杂?KubeSphere基于Ingress-Nginx实现灰度发布
- 使用LAMP创建基于wordpress的个从博客网站
- Nginx 限制访问 - 配置基于子请求结果的认证
- 基于Unity3d的第三人称射击类游戏开发——创建游戏角色
- 创建基于arm的debian文件系统
- 基于win32创建的direct3d程序
- 多进程并发编程----基于高级的预先创建进程池(accept使用线程上锁)的模型
- 在独立的环境中通过使用基于 Java 的配置创建和使用Spring 容器
- 基于Storyboard的创建多分支NavigationController的方法
- nginx搭建基于python的web环境
- 基于nginx的hls直播系统
- Docker实战:基于centos7镜像创建ssh容器
- 创建第一个基于Prism框架的WPF应用实例(含源码下载)
- 基于jquery的关于动态创建DOM元素的问题
- 基于nginx的PHP本地测试环境构建软件pinyshop发布
- 在Linux上创建webrev(cont)[基于svn]
- LNMP基于fastcgi实现nginx,php,mysql的分离