文章目录
一、Ingress
作用:Ingress 是对集群中服务的外部访问进行管理的 API 对象。
1、创建Deployment
[root@master ~]# vim deploy1.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: deploy1
spec:
replicas: 4
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
---
kind: Service
apiVersion: v1
metadata:
name: svc1
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master ~]# kubectl apply -f deploy1.yaml
[root@master ~]# vim deploy2.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: deploy2
spec:
replicas: 4
template:
metadata:
labels:
app: httpd
spec:
containers:
- name: httpd
image: httpd
---
kind: Service
apiVersion: v1
metadata:
name: svc2
spec:
selector:
app: httpd
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master ~]# kubectl apply -f deploy2.yaml
2、部署Ingress
1、下载Ingress文件
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.35.0/deploy/static/provider/baremetal/deploy.yaml
2、修改配置文件
[root@master ~]# vim deploy.yaml
spec:
hostNetwork: true //运行本地网络访问
dnsPolicy: ClusterFirst
containers:
- name: controller
- image: registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.29.0
imagePullPolicy: IfNotPresent
[root@master ~]# kubectl apply -f deploy.yaml
3、查看部署情况
[root@master ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.110.55.112 <none> 80:31628/TCP,443:30258/TCP 10m
ingress-nginx-controller-admission ClusterIP 10.99.139.239 <none> 443/TCP 10m
[root@master ~]# kubectl get pod -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-nginx-admission-create-v8sk5 0/1 Completed 0 10m 10.244.1.7 node02 <none> <none>
ingress-nginx-admission-patch-bvwfs 0/1 Completed 0 10m 10.244.2.13 node01 <none> <none>
ingress-nginx-controller-946d8dbb8-wjfdx 1/1 Running 0 10m 192.168.1.20 node01 <none> <none>
4、查看Ingress-nginx-controller容器内部详情
[root@master ~]# kubectl exec -it -n ingress-nginx ingress-nginx-controller-946d8dbb8-wjfdx sh
/etc/nginx $ cat nginx.conf
......
location / {
set $namespace "";
set $ingress_name "";
set $service_name "";
set $service_port "";
set $location_path "/";
3、基于httpd进行访问
1、创建Ingress规则
[root@master ~]# vim ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: web-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: ingress.web.com
http:
paths:
- path: /nginx
backend:
serviceName: svc1
servicePort: 80
- path: /httpd
backend:
serviceName: svc2
servicePort: 80
[root@master ~]# kubectl apply -f ingress.yaml
2、查看规则详细信息
[root@master ~]# kubectl describe ingresses. web-ingress
Name: web-ingress
Namespace: default
Address: 192.168.1.20
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
ingress.web.com
/nginx svc1:80 (10.244.1.3:80,10.244.1.4:80,10.244.1.5:80 + 5 more...)
/httpd svc2:80 (10.244.1.3:80,10.244.1.4:80,10.244.1.5:80 + 5 more...)
Annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubectl.kubernetes.io/last-applied-configuration: {
"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{
"annotations":{
"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"web-ingress","namespace":"default"},"spec":{
"rules":[{
"host":"ingress.web.com","http":{
"paths":[{
"backend":{
"serviceName":"svc1","servicePort":80},"path":"/nginx"},{
"backend":{
"serviceName":"svc2","servicePort":80},"path":"/httpd"}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 6m55s nginx-ingress-controller Ingress default/web-ingress
Normal UPDATE 6m6s nginx-ingress-controller Ingress default/web-ingress
3、查看Ingress-nginx-controller容器内部详情
[root@master ~]# kubectl exec -it -n ingress-nginx ingress-nginx-controller-946d8dbb8-wjfdx sh
/etc/nginx $ cat nginx.conf
......
location ~* "^/nginx" {
set $namespace "default";
set $ingress_name "web-ingress";
set $service_name "svc1";
set $service_port "80";
set $location_path "/nginx";
location ~* "^/httpd" {
set $namespace "default";
set $ingress_name "web-ingress";
set $service_name "svc2";
set $service_port "80";
set $location_path "/httpd";
4、进行访问
http://ingress.web.com
注意:没有DNS解析需要在访问主机的host文件中添加域名解析内容
4、基于http实现虚拟机主机的访问
1、创建Ingress规则
[root@master ~]# vim ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress1
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: ingress1.web.com
http:
paths:
- path: /nginx
backend:
serviceName: svc1
servicePort: 80
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress2
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: ingress2.web.com
http:
paths:
- path: /httpd
backend:
serviceName: svc2
servicePort: 80
[root@master ~]# kubectl apply -f ingress.yaml
2、查看对应Ingress规则的信息
[root@master ~]# kubectl describe ingresses. ingress1
Name: ingress1
Namespace: default
Address: 192.168.1.20
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
ingress1.web.com
/nginx svc1:80 (10.244.1.3:80,10.244.1.4:80,10.244.2.10:80 + 1 more...)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {
"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{
"annotations":{
"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"ingress1","namespace":"default"},"spec":{
"rules":[{
"host":"ingress1.web.com","http":{
"paths":[{
"backend":{
"serviceName":"svc1","servicePort":80},"path":"/nginx"}]}}]}}
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 41s nginx-ingress-controller Ingress default/ingress1
Normal UPDATE 2s nginx-ingress-controller Ingress default/ingress1
[root@master ~]# kubectl describe ingresses. ingress2
Name: ingress2
Namespace: default
Address: 192.168.1.20
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
ingress2.web.com
/httpd svc2:80 (10.244.1.10:80,10.244.1.9:80,10.244.2.14:80 + 1 more...)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {
"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{
"annotations":{
"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"ingress2","namespace":"default"},"spec":{
"rules":[{
"host":"ingress2.web.com","http":{
"paths":[{
"backend":{
"serviceName":"svc2","servicePort":80},"path":"/httpd"}]}}]}}
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 58s nginx-ingress-controller Ingress default/ingress2
Normal UPDATE 19s nginx-ingress-controller Ingress default/ingress2
3、进行访问
二、Secret
作用:用来保存一些敏感信息,比如MySQL服务的账号和密码,或者一些秘钥、证书等
1、通过命令创建
1、基于https访问web
1、创建证书
[root@master ~]# docker login -u admin -p 123456 192.168.1.10
[root@master ~]# cat ~/.docker/config.json
{
"auths": {
"192.168.1.10": {
"auth": "YWRtaW46MTIzNDU2"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.0 (linux)"
}
}
[root@master ~]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
2、创建secret资源
[root@master ~]# kubectl create secret tls tls-secret --key=tls.key --cert tls.crt
3、创建Deployment和对应Ingress规则
[root@master ~]# vim deploy5.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: https
spec:
tls:
- hosts:
- ingress5.web.com
secretName: tls-secret
rules:
- host: ingress5.web.com
http:
paths:
- path: /
backend:
serviceName: svc-5
servicePort: 80
[root@master ~]# kubectl apply -f deploy5.yaml
[root@master ~]# vim ingress1.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: https
spec:
tls:
- hosts:
- ingress5.web.com
rules:
- host: ingress5.web.com
http:
paths:
- path: /
backend:
serviceName: svc5
servicePort: 80
2、k8s连接Harbor
[root@master ~]# docker login -u admin -p 123456 192.168.1.10
[root@master ~]# cat ~/.docker/config.json
{
"auths": {
"192.168.1.10": {
"auth": "YWRtaW46MTIzNDU2"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.0 (linux)"
}
}
[root@master ~]# kubectl create secret docker-registry secret-harbor-dev --docker-server=192.168.1.10 --docker-sername=admin --docker-password=123456
[root@master ~]# kubectl get secret
NAME TYPE DATA AGE
default-token-8m7lm kubernetes.io/service-account-token 3 17d
secret-harbor-dev kubernetes.io/dockerconfigjson 1 7s
[root@master ~]# vim web.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: web
namespace: default
spec:
replicas: 4
template:
metadata:
labels:
app: web
spec:
imagePullSecrets:
- name: secret-harbor-dev
containers:
- name: web
image: 192.168.1.10/test/web:v1
2、通过yaml文件创建
1、数据加密
[root@master ~]# echo root | base64
cm9vdAo=
[root@master ~]# echo 123.com | base64
MTIzLmNvbQo=
[root@master ~]# echo -n cm9vdAo= | base64 --decode //解密
2、创建secret资源
[root@master ~]# vim secret1.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret1
data:
username: cm9vdAo=
password: MTIzLmNvbQo=
3、用volume的方式挂载
[root@master ~]# vim deploy6.yaml
kind: Pod
apiVersion: v1
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 30000
volumeMounts:
- name: test-volume
mountPath: "/etc/volume"
readOnly: true
volumes:
- name: test-volume
secret:
secretName: secret1
items:
- key: username
path: mygroup/my-username
- key: password
path: mygroup/my-passwd
4、k8s连接Harbor
1、创建证书
[root@master ~]# docker login -u admin -p 123456 192.168.1.10
[root@master ~]# cat ~/.docker/config.json
{
"auths": {
"192.168.1.10": {
"auth": "YWRtaW46MTIzNDU2"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.0 (linux)"
}
}
2、进行base加密
[root@master ~]# cat .docker/config.json | base64
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjEuMTAiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVRJ
ek5EVTIiCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXIt
Q2xpZW50LzE4LjA5LjAgKGxpbnV4KSIKCX0KfQo=
3、创建Secret资源
[root@master ~]# vim secret2.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjEuMTAiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVRJek5EVTIiCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE4LjA5LjAgKGxpbnV4KSIKCX0KfQo=
type: kubernetes.io/dockerconfigjson
[root@master ~]# kubectl apply -f secret2.yaml
4、创建Deployment资源引用secret资源
[root@master ~]# vim deploy7.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: testdeploy
spec:
replicas: 2
template:
metadata:
labels:
test: registry
spec:
containers:
- name: testdeploy
image: 192.168.1.10/test/web:v1
imagePullPolicy: Always
imagePullSecrets:
- name: registry-secret
三、ConfigMap
作用:保存一些明文的数据。
1、创建ConfigMap资源
[root@master ~]# vim configmap1.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: myconfigmap1
data:
user1: admin
user2: root
2、创建资源进行引用
[root@master ~]# vim deploy8.yaml
kind: Pod
apiVersion: v1
metadata:
name: mypod1
spec:
containers:
- name: mypod1
image: busybox
args:
- /bin/sh
- -c
- sleep 30000
volumeMounts:
- name: volume1
mountPath: "/tmp/volume"
readOnly: true
volumes:
- name: volume1
configMap:
name: myconfigmap1