Article Directory
Reference video : https://ke.qq.com/user/index/index.html#/plan/cid=1709963&term_id=102815140
1. Concept
1.1.NodePort存在的不足
A port can only be associated with one service, and the port needs to be planned in advance.
Only supports 4-layer load balancing (NodeIP+Port)
1.2.Ingress
Associated Service
realizes Pod load balancing through Ingress Controller,
supports TCP/UDP layer 4 and HTTP layer 7
2. Deploy Ingress Controller (global load balancing)
2.1.下载yaml文件
Address: https://github.com/kubernetes/ingress-nginx/tree/nginx-0.30.0
2.2.下载镜像
docker pull siriuszg/nginx-ingress-controller:0.30.0
2.3修改mandatory.yaml
Use the host network
mirror to modify the mirror image downloaded in the previous step
kubectl apply -f mandatory.yaml
It will monitor port 80 and 443 of the host normally
Three, HTTP-based Ingress rules
3.1.yaml文件
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: foo.bar.com
http:
paths:
- backend:
serviceName: web
servicePort: 80
Explanation
host: foo.bar.com #访问Ingress的域名
serviceName: web #管理服务名为web的Service
servicePort: 80 #Service监听的端口为80,通过kubectl get svc查看
kubectl apply -f ingress.yaml
kubectl get ing
3.2.访问域名
Check which node nginx-ingress-controller is deployed to
kubectl get pod -o wide -ningress-nginx
nginx-ingress-controller is deployed to the 192.168.1.10 node.
Since foo.bar.com is temporary, it is necessary to write the domain name resolution to the hosts file
echo "192.168.1.10 foo.bar.com" >> /etc/hosts
curl foo.bar.com
Four, Ingress rules based on HTTPS
4.1.生成自签证书
openssl genrsa > cert.key
openssl req -new -x509 -key cert.key -subj "/CN=common" >cert.pe
4.2.创建secret
kubectl create secret tls foo-bar-com --cert=cert.pem --key=cert.key
kubectl get secrets
4.3.Ingress规则
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: tls-example-ingress
spec:
tls:
- hosts:
- foo.bar.com
secretName: foo-bar-com
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: web
servicePort: 80
kubectl apply -f ingress-https.yaml