Ingress controller
Nginx -> later transformation
Traefik -> also for micro services
Envoy -> Micro Services
Ingress resources
Currently using version 0.17.1 ingress-nginx
defined ingress rear pod changes, service changes to, service changes ingress to change, then changes ingress implanted into the rear end backend configuration, ingress-controller configuration would overload the main container
kubectl explain ingress
kubectl explain ingress.spec
kubectl explain ingress.spec.rules
kubectl explain ingress.spec.rules.http
kubectl explain ingress.spec.backend associated back-end
Download ingress nginx on github
yum install git -y
kubectl create namespace env create a namespace
kubectl get ns
kubectl delete ns env delete namespaces
Need to use the file
namespace.yaml
rbac.yaml
with-rbac.yaml
configmap.yaml
udp-services-configmap.yaml
tcp-services-configmap.yaml
1. create a namespace
kubectl apply -f namespace.yaml
And then the other to create together
kubectl create -f ./
2. or use one-click deployment
kubectl create -f mandatory.yaml
Query whether mirroring ingress download
kubectl get pods -n ingress-nginx
kubectl explain ingress.spec
cp-deploy demo.yaml ../ingress-nginx/
vim-deploy demo.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-service
namespace: default
spec:
selector:
app: myapp
release: canary
ports:
- name: http
targetPort: 80 container port
port: 80 service port
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy controller name
namespace: default
spec:
replicas: 3 3 copies
selector:
matchLabels: matching tag
app: myapp
release: canary
template:
metadata:
labels: label defined pod
app: myapp
release: canary
spec:
containers:
- name: myapp container name
image: ikubernetes/myapp:v2
ports:
- name: http
containerPort: 80 container port
kubectl apply -f deploy-demo.yaml create pods and svc
kubectl get pods
kubectl get svc
kubectl describe pods nginx-ingress-controller-589b9b8c9d-7mkng -n ingress-nginx see why the download is unsuccessful -n specifies the name space
Create a service-nodeport
cat service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx namespace
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort service type nodeport
ports:
- name: http
nodePort: 30080 node end opening
port: 80 service port
targetPort: 80 pod port
protocol: TCP
- name: https
nodePort: 30443
port: 443
targetPort: 443
protocol: TCP
selector: Specifies the ingress-ningx-controller main container label
app: ingress-nginx
kubectl apply -f service-nodeport.yaml
kubectl get svc -n ingress-nginx query creates success
Open service creation ingress control to put the service out of sync pod nginx configuration file
vim ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress type
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx" designated ingress controller class called nginx generate matching rules
spec:
rules: Rules
- host: myapp.baidu.com specified external access host domain name
http:
paths: the path forward
- path:
backend: Specifies the backend Reverse Proxy
serviceName: myapp-service forwarding service
servicePort: 80 forwarding service port
kubectl apply -f service-nodeport.yaml
Query success
kubectl get ingress
check the detail information
kubectl describe ingresses
Successfully created, automatically injected ingress-nginx-controller main tank is automatically converted into a profile nginx
Enter ingress-nginx-controller checks
kubectl exec -n ingress-nginx -it nginx-ingress-controller-5dc4979fb6-nfvvt -- /bin/sh
cat nginx.conf see if configuration information has been written
Access test:
node bindings hosts
https://myapp.com:30080
ssl certificates:
openssl genrsa -out tls.key 2048
Private: tls.key
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=devops/CN=myapp.com
Self-signed certificate: tls.crt
kubectl create secret tls myapp-ingress-secret --cert=tls.crt --key=tls.key
Injected into k8s
kubectl get secrets
Query whether injection
kubectl describe secrets myapp-ingress-secret
kubectl explain ingress.spec
kubectl explain ingress.spec.tls
cp-myapp.yaml ingress ingress-myapp-tls.yaml
vim ingress-myapp-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- myapp.baidu.com
secretName: myapp-ingress-secret
rules:
- host: myapp.baidu.com
http:
paths:
- path:
backend:
serviceName: myapp-service
servicePort: 80
Creating ingress
kubectl apply -f ingress-myapp-tls.yaml
kubectl get ingress
kubectl describe ingress ingress-myapp-tls
View of the main container configuration file, there are 443 listeners
kubectl exec -n ingress-nginx -it nginx-ingress-controller-5dc4979fb6-nfvvt -- /bin/sh
The results: listen 443 ssl http2;
Access test:
node bindings hosts
https://myapp.com:30443
External data flow -> service_nodeport -> service -> pod_network