Ingress of K8S

Others 2020-10-19 11:16:04 views: null

Article Directory

Reference video : https://ke.qq.com/user/index/index.html#/plan/cid=1709963&term_id=102815140

1. Concept

1.1.NodePort存在的不足

A port can only be associated with one service, and the port needs to be planned in advance.
Only supports 4-layer load balancing (NodeIP+Port)

1.2.Ingress

Associated Service
realizes Pod load balancing through Ingress Controller,
supports TCP/UDP layer 4 and HTTP layer 7
Insert picture description here

2. Deploy Ingress Controller (global load balancing)

2.1.下载yaml文件

Address: https://github.com/kubernetes/ingress-nginx/tree/nginx-0.30.0
Insert picture description here

2.2.下载镜像

docker pull siriuszg/nginx-ingress-controller:0.30.0

2.3修改mandatory.yaml

Use the host network
mirror to modify the mirror image downloaded in the previous step
Insert picture description here
kubectl apply -f mandatory.yaml

It will monitor port 80 and 443 of the host normally
Insert picture description here

Three, HTTP-based Ingress rules

3.1.yaml文件

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - backend:
          serviceName: web
          servicePort: 80

Explanation

host: foo.bar.com			#访问Ingress的域名
serviceName: web			#管理服务名为web的Service
servicePort: 80				#Service监听的端口为80,通过kubectl get svc查看

kubectl apply -f ingress.yaml
kubectl get ing
Insert picture description here

3.2.访问域名

Check which node nginx-ingress-controller is deployed to

kubectl get pod -o wide -ningress-nginx

nginx-ingress-controller is deployed to the 192.168.1.10 node.
Insert picture description here
Since foo.bar.com is temporary, it is necessary to write the domain name resolution to the hosts file

echo "192.168.1.10 foo.bar.com" >> /etc/hosts
curl foo.bar.com

Insert picture description here

Four, Ingress rules based on HTTPS

4.1.生成自签证书

openssl genrsa > cert.key
openssl req -new -x509 -key cert.key -subj "/CN=common" >cert.pe

4.2.创建secret

kubectl create secret tls foo-bar-com --cert=cert.pem --key=cert.key
kubectl get secrets

Insert picture description here

4.3.Ingress规则

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
spec:
  tls:
  - hosts:
    - foo.bar.com
    secretName: foo-bar-com
  rules:
    - host: foo.bar.com
      http:
        paths:
        - path: /
          backend:
            serviceName: web
            servicePort: 80

kubectl apply -f ingress-https.yaml
Insert picture description here
Insert picture description here

Guess you like

Origin blog.csdn.net/anqixiang/article/details/108809021
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com