部署ingress-nginx · Kubernetes

ingress-nginx github：https://github.com/kubernetes/ingress-nginx ingress-nginx 部署文档：https://kubernetes.github.io/ingress-nginx/deploy/ **** [TOC] # 1. 部署ingress-nginx **1. 查看合适于自己安装的 k8s 的 ingress-nginx 版本** https://github.com/kubernetes/ingress-nginx **** ![](https://img.kancloud.cn/8f/53/8f5388f3cfc681a6c4a70eeafc48d6d8_1327x651.png) **2. 下载 deploy.yaml** ```shell # wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml ``` **3. 编辑`deploy.yaml`并更改镜像拉取地址** 默认的镜像下载地址为`registry.k8s.io`，在国内是不能访问的，解决方案就是使用别人已经搬过来的镜像。 **** 资源1：https://github.com/anjia0532/gcr.io_mirror **** ```shell # vim deploy.yaml ... --- apiVersion: apps/v1 【1】将原来的Deployment替换为DaemonSet，DaemonSet模式会让ingress部署到每一个节点 kind: DaemonSet metadata: ... name: ingress-nginx-controller namespace: ingress-nginx spec: ... spec: 【2】添加hostNetwork: true hostNetwork: true containers: ... 【3】/* *将原来的registry.k8s.io/ingress-nginx/controller:v1.3.1..替换为 *registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.3.1 */ image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.3.1 ... --- 【4】/* *将原来的registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0...替换为 *registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.3.0 */ image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.3.0 ``` **4. 将镜像拉取到所有的 k8s 节点上** ```shell # docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.3.1 # docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.3.0 ``` **5. 去掉所有 master 节点的 Taint，让 Ingress 可以调度到 master 节点** ```shell 【1】查看master节点是否存在Taint # kubectl describe node k8s-master1 | grep Taint Taints: node-role.kubernetes.io/master:NoSchedule /*说明存在Taint*/ 【2】去掉master节点的Taint # kubectl taint nodes k8s-master1 node-role.kubernetes.io/master:NoSchedule- node/k8s-master1 untainted 【3】再次查看已经没有 Taint 了 # kubectl describe node k8s-master1 | grep Taint ``` **6. 部署 ingress-nginx** ```shell # kubectl apply -f deploy.yaml /* 等待 STATUS 为 Completed 和 Running */ # kubectl get pods --namespace=ingress-nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE ingress-nginx-admission-create-n8l4g 0/1 Completed 0 75m 10.244.1.6 k8s-node1 ingress-nginx-admission-patch-5cv6b 0/1 Completed 1 75m 10.244.1.7 k8s-node1 /* 可以看到ingress-nginx-controller已经部署到所有的节点上 */ ingress-nginx-controller-7twzl 1/1 Running 0 75m 192.168.1.18 k8s-node2 ingress-nginx-controller-gvqjm 1/1 Running 0 75m 192.168.1.16 k8s-master1 ingress-nginx-controller-h7lhq 1/1 Running 0 75m 192.168.1.17 k8s-node1 ``` **7. 恢复 master 节点的 Taint** ```shell （1）恢复 master 节点的 Taint # kubectl taint nodes k8s-master1 node-role.kubernetes.io=master:NoSchedule node/k8s-master1 tainted （2）查看是否已恢复 # kubectl describe node k8s-master1 | grep Taint Taints: node-role.kubernetes.io=master:NoSchedule /*说明已恢复*/ ``` # 2. 测试部署的Ingress **1. 部署 tomcat6 做测试** ```shell # kubectl create deployment tomcat6 --image=tomcat:6.0.53-jre8 --dry-run=client -o yaml > tomcat6-deployment.yaml # vim tomcat6-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: tomcat6 name: tomcat6 spec: replicas: 3 selector: matchLabels: app: tomcat6 template: metadata: labels: app: tomcat6 spec: containers: - image: tomcat:6.0.53-jre8 name: tomcat # kubectl apply -f tomcat6-deployment.yaml # kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE tomcat6-56fcc999cb-89lq2 1/1 Running 0 75s 10.244.2.7 k8s-node2 tomcat6-56fcc999cb-fs8wh 1/1 Running 0 75s 10.244.1.11 k8s-node1 tomcat6-56fcc999cb-v96rd 1/1 Running 0 75s 10.244.1.10 k8s-node1 ``` **2. 暴露部署的tomcat6** ```shell # kubectl expose deployment tomcat6 --port=8080 --target-port=8080 --type=NodePort --dry-run=client -o yaml > tomcat6-svc.yaml # vim tomcat6-svc.yaml apiVersion: v1 kind: Service metadata: labels: app: tomcat6 name: tomcat6 spec: ports: - port: 8080 protocol: TCP targetPort: 8080 selector: app: tomcat6 type: NodePort # kubectl apply -f tomcat6-svc.yaml # kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE tomcat6 NodePort 10.96.14.168 <none> 8080:32100/TCP 7s ``` **3. 如果不用 ingress，访问地址为：http://任意节点ip:321000** ![](https://img.kancloud.cn/12/25/12258df543e3928c8617e11ed9b167fd_1753x517.png) **4. 编写 ingress 规则并应用** ```shell # kubectl create ingress tomcat6-ingress --class=nginx \ --rule="demo.localdev.me/*=demo:80" --dry-run=client -o yaml > tomcat6-ingress.yaml # vim tomcat6-ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tomcat6-ingress spec: ingressClassName: nginx rules: - host: demo.localdev.me http: paths: - backend: service: name: tomcat6 port: number: 8080 path: / pathType: Prefix # kubectl apply -f tomcat6-ingress.yaml # kubectl get ingress NAME CLASS HOSTS ADDRESS PORTS AGE tomcat6-ingress nginx demo.localdev.me 80 33m ``` **5. 在你电脑上配置 hosts** ```shell #ip可以是任意节点的ip 192.168.1.16 demo.localdev.me ``` **6. 通过域名访问：http://demo.localdev.me:80/** ![](https://img.kancloud.cn/39/d8/39d803ca0b8bf47896c8636d2be43db0_1843x593.png) **7. 负载均衡测试** 关掉任意一个非 master 节点，使用 http://demo.localdev.me:80/ 依然能访问到，说明进行负载了。 ![](https://img.kancloud.cn/39/d8/39d803ca0b8bf47896c8636d2be43db0_1843x593.png)