This article is rather confusing, so I can barely read it.
Ingress concept:
In layman's terms: Ingress, like the Service and Deployment mentioned earlier, is also a k8s resource type; Ingress is used to access the internal application of k8s by implementing a domain name, and Service may be more suitable for inter-service access.
We use this version of the official maintenance of k8s, and there is also an official version of nginx, how to use it depends on the individual.
Ingress supports a variety of solutions: including Nginx, Haproxy, Traefik, istio, etc.; in practice, there may be a company's hardware layer proxy on top of Ingress.
The approximate flow chart is as follows:
Create an Ingress:
This ingress is created using the Hlem method, and I will write an article on the use of helm in the future. I don't care about the principle now.
I will provide the following resources:
-
Two container image download addresses used by Ingress-nginx:
-
Mirror address: registry.cn-hangzhou.aliyuncs.com
-
Mirror:
yyangs/ingress-nginx-controller;yyangs/ingress-nginx-kube-webhook-certgen
-
Chart package link: ingress-nginx-4.0.17
-
First we create a Helm (because we want to use helm to create)
[root@k8s-master01 ~]# wget https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz
[root@k8s-master01 ~]# tar xf helm-v3.8.0-linux-amd64.tar.gz
[root@k8s-master01 ~]# mv linux-amd64/helm /usr/local/bin/helm
- Create a repository for easy installation of ingress: the APP VERSION version of ingress should preferably be greater than 0.35, check the available packages under it
[root@k8s-master01 ~]# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
[root@k8s-master01 ~]# helm repo list
NAME URL
ingress-nginx https://kubernetes.github.io/ingress-nginx
[root@k8s-master01 ~]# helm search repo ingress-nginx
NAME CHART VERSION APP VERSION DESCRIPTION
ingress-nginx/ingress-nginx 4.0.17 1.1.1 Ingress controller for Kubernetes using NGINX a...
- Download the ingress package and unzip the package to a created directory for easy configuration modification
[root@k8s-master01 ~]# helm pull ingress-nginx/ingress-nginx
ingress-nginx-4.0.17.tgz
[root@k8s-master01 ~]# mkdir /temp
[root@k8s-master01 ~]# mv ingress-nginx-4.0.17.tgz /temp/
[root@k8s-master01 ~]# cd /temp/
[root@k8s-master01 temp]# tar xf ingress-nginx-4.0.17.tgz
# 进到ingress-nginx目录
[root@k8s-master01 temp]# cd ingress-nginx/
- Modify values.yaml, basically each line represents a position
# 源位置
controller:
name: controller
image:
registry: registry.cn-hangzhou.aliyuncs.com
image: yyangs/ingress-nginx-controller
## digest: sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de
# dns策略
dnsPolicy: ClusterFirstWithHostNet
# 使用宿主机端口号,性能好
hostNetwork: true
# 资源类型选择DaemonSet,会在指定节点上部署
kind: DaemonSet
# 在有标签的node上部署
nodeSelector:
kubernetes.io/os: linux
ingress: "true"
# 类型,本地环境使用
type: ClusterIP
# 最后位置的另一处源位置
patch:
enabled: true
image:
registry: registry.cn-hangzhou.aliyuncs.com
image: yyangs/ingress-nginx-kube-webhook-certgen
## digest: sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
A few notes on the above modifications:
-
Mirror source: his default source is foreign, and we can't access it. So I replaced it with my Ali source. If you are doing this experiment, you can use my source; the last source is the same; pay attention to the verification comments
-
Use hostNetwork: true to create, and select DaemonSet with resource type for better performance
-
dns policy: If hostNetwork is used, the policy needs to be changed to dnsPolicy: ClusterFirstWithHostNet
-
Execute yaml file creation
# 创建一个命名空间
[root@k8s-master01 ingress-nginx]# kubectl create ns ingress-nginx
namespace/ingress-nginx created
# 因为要在指定node上创建,所以给一台机器创建一个标签
[root@k8s-master01 ingress-nginx]# kubectl label nodes k8s-master03 ingress=true
node/k8s-master03 labeled
# 执行helm创建,那个名称自定义,之前出了一点问题,所以换个名字。
[root@k8s-master01 ~]# cd /temp/ingress-nginx/
您在 /var/spool/mail/root 中有新邮件
[root@k8s-master01 ingress-nginx]# helm install nginx-ingress -n ingress-nginx .
[root@k8s-master01 temp]# kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-ingress-nginx-controller-lrs9s 1/1 Running 0 22h 192.168.10.4 k8s-master03 <none> <none>
You can see that the Pod has been up and deployed on the master03 node, that is, ingress=ture
the node with the label, so it is much more convenient to expand or shrink the ingress.
For example, when you want to expand the capacity, you only need to mark the corresponding label on the node you want to expand, and a new Pod will be automatically deployed, just like the following command.
kubectl label node k8s-master02 ingress=true
When I don't want this Pod, it will be easier to shrink it, just remove the label, you can see the power of the label, the minus sign means deleting the label.
kubectl label node k8s-master02 ingress-
The ingress deployed by hostNetwork will start a process on the host. Let's go to the node where the Pod is deployed.
[root@k8s-master03 ~]# ss -tpln | grep 80
LISTEN 0 16384 192.168.10.4:2380 *:* users:(("etcd",pid=1703,fd=7))
LISTEN 0 16384 *:80 *:* users:(("nginx",pid=106434,fd=19),("nginx",pid=106427,fd=19))
LISTEN 0 16384 *:80 *:* users:(("nginx",pid=106433,fd=11),("nginx",pid=106427,fd=11))
LISTEN 0 16384 [::]:80 [::]:* users:(("nginx",pid=106433,fd=12),("nginx",pid=106427,fd=12))
LISTEN 0 16384 [::]:80 [::]:* users:(("nginx",pid=106434,fd=20),("nginx",pid=106427,fd=20))
[root@k8s-master03 ~]# ps aux | grep nginx
root 2622 0.0 0.1 8852 5456 ? Ss 01:12 0:00 nginx: master process nginx -g daemon off;
101 2759 0.0 0.0 9272 2456 ? S 01:12 0:00 nginx: worker process
101 2760 0.0 0.0 9272 2456 ? S 01:12 0:00 nginx: worker process
root 25605 0.0 0.0 112840 2292 pts/0 S+ 15:19 0:00 grep --color=auto nginx
101 106347 0.0 0.0 208 4 ? Ss 09:08 0:00 /usr/bin/dumb-init -- /nginx-ingress-controller --publish-service=ingress-nginx/nginx-ingress-ingress-nginx-controller --election-id=ingress-controller-leader --controller-class=k8s.io/ingress-nginx --ingress-class=nginx --configmap=ingress-nginx/nginx-ingress-ingress-nginx-controller --validating-webhook=:8443 --validating-webhook-certificate=/usr/local/certificates/cert --validating-webhook-key=/usr/local/certificates/key
101 106359 0.1 1.1 743048 44956 ? Ssl 09:08 0:25 /nginx-ingress-controller --publish-service=ingress-nginx/nginx-ingress-ingress-nginx-controller --election-id=ingress-controller-leader --controller-class=k8s.io/ingress-nginx --ingress-class=nginx --configmap=ingress-nginx/nginx-ingress-ingress-nginx-controller --validating-webhook=:8443 --validating-webhook-certificate=/usr/local/certificates/cert --validating-webhook-key=/usr/local/certificates/key
101 106427 0.0 0.9 145100 36332 ? S 09:08 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
101 106433 0.0 1.0 157128 40848 ? Sl 09:08 0:06 nginx: worker process
101 106434 0.0 1.0 157128 41000 ? Sl 09:08 0:07 nginx: worker process
101 106435 0.0 0.7 143072 29120 ? S 09:08 0:00 nginx: cache manager process
After running, try to use it simply:
to publish services in the traditional architecture, you need to configure and modify the nginx configuration file; in k8s, ingress is the same as other resource types, and an instance of ingress is declared through yaml.
Official website: The official documentation of ingress-controller can be found here.
Use an example on the official website to get to know ingress first
vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
name: example
spec:
ingressClassName: nginx
rules: # 可以配置多个rules
- host: foo.bar.com # 域名匹配
http:
paths: # 相当于nginx的location配合,同一个host可以配置多个paths
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc # 代理的哪个svc
port:
number: 80
Here are some explanations of the above example:
Starting from rules and going down are the rules that define the front-end and back-end connections:
- host: represents domain-based access, and the client accesses back-end resources through this domain name
- http.paths: Equivalent to matching rules in nginx's location
- pathType:Prefix: Path type. The path is separated into elements by the "/" symbol. The matching rule is to perform prefix matching element by element. The default is ImplementationSpecific, and the other is Exact.
- backend: define the backend
- Define the address of the backend under service, including the proxy's svc and port number
—————————————————————————————————
Here I have a problem:
[root@k8s-master01 ~]# kubectl create -f ingress.yaml
Error from server (InternalError): error when creating "ingress.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": failed to call webhook: Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": service "ingress-nginx-controller-admission" not found
Error when creating: yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes. io"
this.
I checked the Internet and said that it should have been deleted when the resources created before were deleted.
[root@k8s-master01 ~]# kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io
NAME WEBHOOKS AGE
ingress-nginx-admission 1 3d
Then check that there is one ingress-nginx-admission
, and after deleting it, the creation is successful
[root@k8s-master01 ~]# kubectl delete -A validatingwebhookconfigurations.admissionregistration.k8s.io ingress-nginx-admission
validatingwebhookconfiguration.admissionregistration.k8s.io "ingress-nginx-admission" deleted
————————————————————————————————
Execute the ingress.yaml file, this time it was created successfully.
[root@k8s-master01 ~]# kubectl create -f ingress.yaml
ingress.networking.k8s.io/exmple created
[root@k8s-master01 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
exmple <none> foo.bar.com 80 10m
Ingress can also be configured with multiple domain names
Just add a host instance.
# 第一个域名
- host: foo.bar.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc
port:
number: 80
# 第二个域名
- host: foo2.bar.com
http:
paths:
- path: /test
pathType: Prefix
backend:
service:
name: nginx-svc-2
port:
number: 80
Then update the yaml file just fine
[root@k8s-master01 ~]# kubectl replace -f ingress.yaml