我的书签
添加书签
移除书签目的
部署nginx-ingress
说明
文档存在不足,正在完善!
default-http-backend
apiVersion: extensions/v1beta1kind: Deploymentmetadata:name: default-http-backendlabels:k8s-app: default-http-backendnamespace: kube-systemspec:replicas: 1template:metadata:labels:k8s-app: default-http-backendspec:terminationGracePeriodSeconds: 60containers:- name: default-http-backend# Any image is permissable as long as:# 1. It serves a 404 page at /# 2. It serves 200 on a /healthz endpointimage: hub.k8s.com/google-containers/defaultbackend:1.3livenessProbe:httpGet:path: /healthzport: 8080scheme: HTTPinitialDelaySeconds: 30timeoutSeconds: 5ports:- containerPort: 8080resources:limits:cpu: 10mmemory: 20Mirequests:cpu: 10mmemory: 20Mi---apiVersion: v1kind: Servicemetadata:name: default-http-backendnamespace: kube-systemlabels:k8s-app: default-http-backendspec:ports:- port: 80targetPort: 8080selector:k8s-app: default-http-backend
安装ningx-ingress-controller
创建secret ,创建kubeconfig
kubectl create secret generic nginx-ingress-certs --from-file=./kubeconfig -n kube-system
导入configmap
kind: ConfigMapapiVersion: v1metadata:name: nginx-configurationnamespace: kube-systemlabels:app: ingress-nginx---kind: ConfigMapapiVersion: v1metadata:name: tcp-servicesnamespace: kube-system---kind: ConfigMapapiVersion: v1metadata:name: udp-servicesnamespace: kube-system
创建rbac
apiVersion: v1kind: ServiceAccountmetadata:name: nginx-ingress-serviceaccountnamespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRolemetadata:name: nginx-ingress-clusterrolerules:- apiGroups:- ""resources:- configmaps- endpoints- nodes- pods- secretsverbs:- list- watch- apiGroups:- ""resources:- nodesverbs:- get- apiGroups:- ""resources:- servicesverbs:- get- list- watch- apiGroups:- "extensions"resources:- ingressesverbs:- get- list- watch- apiGroups:- ""resources:- eventsverbs:- create- patch- apiGroups:- "extensions"resources:- ingresses/statusverbs:- update---apiVersion: rbac.authorization.k8s.io/v1beta1kind: Rolemetadata:name: nginx-ingress-rolenamespace: kube-systemrules:- apiGroups:- ""resources:- configmaps- pods- secrets- namespacesverbs:- get- apiGroups:- ""resources:- configmapsresourceNames:# Defaults to "<election-id>-<ingress-class>"# Here: "<ingress-controller-leader>-<nginx>"# This has to be adapted if you change either parameter# when launching the nginx-ingress-controller.- "ingress-controller-leader-nginx"verbs:- get- update- apiGroups:- ""resources:- configmapsverbs:- create- apiGroups:- ""resources:- endpointsverbs:- get---apiVersion: rbac.authorization.k8s.io/v1beta1kind: RoleBindingmetadata:name: nginx-ingress-role-nisa-bindingnamespace: kube-systemroleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: nginx-ingress-rolesubjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:name: nginx-ingress-clusterrole-nisa-bindingroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: nginx-ingress-clusterrolesubjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: kube-system
创建nginx-ingress-controller
apiVersion: extensions/v1beta1kind: Deploymentmetadata:name: nginx-ingress-controllernamespace: kube-systemspec:replicas: 1selector:matchLabels:app: ingress-nginxtemplate:metadata:labels:app: ingress-nginxannotations:prometheus.io/port: '10254'prometheus.io/scrape: 'true'spec:serviceAccountName: nginx-ingress-serviceaccountdnsPolicy: ClusterFirstcontainers:- name: nginx-ingress-controllerimage: hub.k8s.com/google-containers/nginx-ingress-controller:0.9.0-beta.15args:- /nginx-ingress-controller- --default-backend-service=$(POD_NAMESPACE)/default-http-backend- --configmap=$(POD_NAMESPACE)/nginx-configuration- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services- --udp-services-configmap=$(POD_NAMESPACE)/udp-services- --kubeconfig=/kubeconfig/kubeconfigenv:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: kubeconfigmountPath: /kubeconfigports:- name: httpcontainerPort: 80hostPort: 80- name: httpscontainerPort: 443hostPort: 443livenessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 1readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPperiodSeconds: 10successThreshold: 1timeoutSeconds: 1volumes:- name: kubeconfigsecret:secretName: nginx-ingress-certs
验证
创建一个示例
apiVersion: v1kind: Namespacemetadata:name: web-test---apiVersion: v1kind: ReplicationControllermetadata:name: webnamespace: web-testspec:replicas: 1selector:name: webtemplate:metadata:labels:name: webspec:containers:- name: webimage: hub.k8s.com/apps/php:7.1ports:- name: httpcontainerPort: 80---apiVersion: v1kind: Servicemetadata:name: wordpress-svcnamespace: web-testlabels:name: web-svcspec:clusterIP: 10.254.0.201ports:- port: 80selector:name: web---apiVersion: extensions/v1beta1kind: Ingressmetadata:name: web-ingressnamespace: web-testspec:rules:- host: www.k8s.comhttp:paths:- path: /backend:serviceName: wordpress-svcservicePort: 80
