- 下载:yaml文件,里面包含所有的创建的yaml文件,https://github.com/kubernetes/ingress-nginx/blob/nginx-0.20.0/deploy/mandatory.yaml
- 创建namesapce 。可选。 https://github.com/kubernetes/ingress-nginx/blob/nginx-0.20.0/deploy/namespace.yaml
- 创建configmap 。https://github.com/kubernetes/ingress-nginx/blob/nginx-0.20.0/deploy/configmap.yaml
4.创建 default-backend, 域名不存在默认转发的服务。
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
app: default-http-backend
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: default-http-backend
template:
metadata:
labels:
app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:- name: default-http-backend
Any image is permissible as long as:
1. It serves a 404 page at /
2. It serves 200 on a /healthz endpoint
image: gcr.mirrors.ustc.edu.cn/google_containers/defaultbackend:1.4
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
- containerPort: 8080
- name: default-http-backend
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: default
labels:
app: default-http-backend
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: default-http-backend
创建defualt-backend服务
5.创建rbac。 负责Ingress的RBAC授权的控制,其创建了Ingress用到的ServiceAccount、ClusterRole、Role、RoleBinding、ClusterRoleBinding
6.创建with-rbac.是Ingress的核心,用于创建ingress-controller。前面提到过,ingress-controller的作用是将新加入的Ingress进行转化为Nginx的配置。此controller会在每个node都启动一个nginx服务,同时将容器应用监听的80,443端口号映射到物理机上,然后客户端可以通过http//ip:80/来访问改ingress controller。
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: “10254”
prometheus.io/scrape: “true”
spec:
serviceAccountName: nginx-ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0
args:
- /nginx-ingress-controller
- --default-backend-service=
(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=
(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
创建服务:
7.创建ingress-nginx服务。
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: default
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
8.创建ingress访问策略,映射到自己的微服务。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
run: acloud-ingress
name: acloud-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: “nginx”
spec:
rules:
- host: acloudservices.cn
http:
paths:
- path: /info
backend:
serviceName: acloud-oauth
servicePort: 18008 - host: acloudui.cn
http:
paths:
- path: /
backend:
serviceName: acloud-zuul
servicePort: 80