K8S的Nginx-Ingress-Controller
Nginx Ingress Controller是K8S中对外提供访问的一种控制器,基于Nginx的路由和负载均衡功能实现。 一个集群中可以有多个Nginx Ingress Controller,也可以多个服务公用一个Nginx Ingress Controller
以下是部署方式
基于[[Kubernetes/Helm]]部署 因为官方的Helm Chart中提供的配置文件中默认镜像都是'registry.k8s.io'仓库的,国内正常无法拉取成功。有两种解决方法,一是提前将yaml文件中所需版本的镜像通过像阿里云容器镜像的方式拉取到本地然后修改镜像的tag跟yaml文件中一至。另外一种就是直接用其它的Helm Chart仓库。这里用第二种方式进行示例,使用的是[[Bitnami]]的镜像源
helm repo add bitnami https://charts.bitnami.com/bitnami
helm search repo bitnami | grep nginx-ingress-controller
bitnami/nginx-ingress-controller 9.3.31 1.6.4 NGINX Ingress Controller is an Ingress controll...
helm install nginx-ingress-controller bitnami/nginx-ingress-controller
# 部署成功后会生成一个Ingress的配置示例,参考下面的‘Ingress.yaml’内容
# 或者拉到本地进行所需要的调整
# helm pull bitnami/nginx-ingress-controller在Ingress中调用Nginx Ingress Controller
基础Ingress.yaml示例
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
namespace: default
spec:
ingressClassName: nginx
rules:
- host: www.example.com
http:
paths:
- backend:
service:
name: example-service
port:
number: 80
path: /
pathType: Prefix
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: default
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls新的版本中用pathType替代了之前的ingress.beta.kubernetes.io/url-match-mode:。分别有下面三种规则:
Exact:只有当请求的URI路径与Ingress规则中指定的路径完全匹配时,才会将请求路由到后端服务。例如,如果您在Ingress规则中指定了路径/path,那么只有当请求的URI路径也为/path时,才会将请求路由到后端服务。
Prefix:只有当请求的URI路径以Ingress规则中指定的路径开头时,才会将请求路由到后端服务。例如,如果您在Ingress规则中指定了路径/path,那么请求的URI路径为/path/subpath、/path/1等,都会被路由到后端服务。常用的匹配规则
ImplementationSpecific:这种模式通常由Ingress Controller实现定义。它表示Ingress Controller将使用其自己的方法来匹配URI路径。例如,在某些Ingress Controller中,可以使用正则表达式来匹配URI路径。
完整示例 以下的示例是部署一个nginx服务,并使用上面部署的Nginx Ingress Controller来对外提供访问的示例配置。其中最后的web.example.com解析的IP是Nginx Ingress Controller的服务IP(下图红框所示)。至于EXTERNAL-IP这个IP如果是在云环境会有对应服务商提供外部负载均衡器配置。或者在内网部署,但有公网访问需求,则要将Cluster-IP映射到外网即可。 ![[../../../../media/Images/k8s_nginx_ingress_controller_01.png]]
补充:EXTERNAL-IP可以在values.yaml中的externalIPs字段处配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-nginx
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: test-nginx
template:
metadata:
labels:
app: test-nginx
spec:
dnsPolicy: "None"
dnsConfig:
nameservers:
- 223.5.5.5
containers:
- name: test-nginx
image: nginx
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 5
failureThreshold: 3
periodSeconds: 10
timeoutSeconds: 5
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 5
failureThreshold: 2
periodSeconds: 3
timeoutSeconds: 3
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: test-nginx
namespace: kube-system
labels:
app: test-nginx
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 80
selector:
app: test-nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-nginx
namespace: kube-system
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- backend:
service:
name: test-nginx
port:
name: http
path: /
pathType: Prefix最后更新于