ingress direction k8s the agency pod

Ingress controller

 

Nginx -> later transformation

Traefik -> also for micro services

Envoy -> Micro Services

 

Ingress resources

 

Currently using version 0.17.1 ingress-nginx

defined ingress rear pod changes, service changes to, service changes ingress to change, then changes ingress implanted into the rear end backend configuration, ingress-controller configuration would overload the main container

kubectl explain ingress

kubectl explain ingress.spec

kubectl explain ingress.spec.rules

kubectl explain ingress.spec.rules.http

 

kubectl explain ingress.spec.backend associated back-end

 

Download ingress nginx on github

yum install git -y

kubectl create namespace env create a namespace

kubectl get ns

 

kubectl delete ns env delete namespaces

 

Need to use the file

namespace.yaml

rbac.yaml

with-rbac.yaml

configmap.yaml

udp-services-configmap.yaml

tcp-services-configmap.yaml

 

1. create a namespace

kubectl apply -f namespace.yaml 

And then the other to create together

kubectl create -f ./

 

2. or use one-click deployment

kubectl create -f mandatory.yaml

 

 

Query whether mirroring ingress download

kubectl get pods -n ingress-nginx

 

 

kubectl explain ingress.spec

 

cp-deploy demo.yaml ../ingress-nginx/

vim-deploy demo.yaml

apiVersion: v1

kind: Service

metadata:

  name: myapp-service

  namespace: default

spec:

  selector:

    app: myapp

    release: canary

  ports:

  - name: http

    targetPort: 80 container port

    port: 80 service port

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: myapp-deploy controller name

  namespace: default

spec:

  replicas: 3 3 copies

  selector:

    matchLabels: matching tag

      app: myapp

      release: canary

  template:

    metadata:

      labels: label defined pod

        app: myapp

        release: canary

    spec:

      containers:

      - name: myapp container name

        image: ikubernetes/myapp:v2

        ports:

        - name: http

          containerPort: 80 container port

                            

kubectl apply -f deploy-demo.yaml create pods and svc

kubectl get pods

kubectl get svc

kubectl describe pods nginx-ingress-controller-589b9b8c9d-7mkng -n ingress-nginx see why the download is unsuccessful -n specifies the name space

 

 

Create a service-nodeport

cat service-nodeport.yaml

apiVersion: v1

kind: Service

metadata:

  name: ingress-nginx

  namespace: ingress-nginx namespace

  labels:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

spec:

  type: NodePort service type nodeport

  ports:

  - name: http

    nodePort: 30080 node end opening

    port: 80 service port

    targetPort: 80 pod port

    protocol: TCP

  - name: https

    nodePort: 30443

    port: 443

    targetPort: 443

    protocol: TCP

  selector: Specifies the ingress-ningx-controller main container label

    app: ingress-nginx

  

kubectl apply -f service-nodeport.yaml

kubectl get svc -n ingress-nginx query creates success

 

Open service creation ingress control to put the service out of sync pod nginx configuration file

vim ingress-myapp.yaml

apiVersion: extensions/v1beta1

kind: Ingress type

metadata:

  name: ingress-myapp

  namespace: default

  annotations:

    kubernetes.io/ingress.class: "nginx" designated ingress controller class called nginx generate matching rules

 

spec:

  rules: Rules

  - host: myapp.baidu.com specified external access host domain name

    http:

     paths: the path forward

     - path:

       backend: Specifies the backend Reverse Proxy

         serviceName: myapp-service forwarding service

         servicePort: 80 forwarding service port

 

kubectl apply -f service-nodeport.yaml

Query success

kubectl get ingress

check the detail information

kubectl describe ingresses

 

Successfully created, automatically injected ingress-nginx-controller main tank is automatically converted into a profile nginx

 

Enter ingress-nginx-controller checks

kubectl exec  -n ingress-nginx -it  nginx-ingress-controller-5dc4979fb6-nfvvt -- /bin/sh

cat nginx.conf see if configuration information has been written

 

Access test:

node bindings hosts

https://myapp.com:30080     

 

ssl certificates:

openssl genrsa -out tls.key 2048

Private: tls.key

 

openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=devops/CN=myapp.com

Self-signed certificate: tls.crt

 

 kubectl create secret tls myapp-ingress-secret --cert=tls.crt --key=tls.key

Injected into k8s

 

kubectl get secrets

Query whether injection

 

kubectl describe secrets myapp-ingress-secret

 

kubectl explain ingress.spec

kubectl explain ingress.spec.tls

 

cp-myapp.yaml ingress ingress-myapp-tls.yaml

vim ingress-myapp-tls.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: ingress-myapp-tls

  namespace: default

  annotations:

    kubernetes.io/ingress.class: "nginx"

spec:

  tls:

  - hosts:

    - myapp.baidu.com

    secretName: myapp-ingress-secret

  rules:

  - host: myapp.baidu.com

    http:

     paths:

     - path:

       backend:

         serviceName: myapp-service

         servicePort: 80

 

Creating ingress

kubectl apply -f ingress-myapp-tls.yaml

kubectl get ingress

 

kubectl describe ingress  ingress-myapp-tls

 

View of the main container configuration file, there are 443 listeners

kubectl exec  -n ingress-nginx -it  nginx-ingress-controller-5dc4979fb6-nfvvt -- /bin/sh

The results: listen 443 ssl http2;

 

Access test:

node bindings hosts

https://myapp.com:30443              

 

External data flow -> service_nodeport -> service -> pod_network