The article links
ingress-nginx
Ingress-nginx v1.0 Latest version v1.0 for Kubernetes v1.19+ (including v1.19) Kubernetes-v1.22+ needs to be used Ingress-nginx >=1.0 because networking. K8s. IO /v1beta has been removed
Deploy ingress-nginx directly
It is easy to deploy the girHub file directly. If there is no response, you can terminate the task and pull it again. Pull the mirror part, you can change it to the following mirror address
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.0/deploy/static/provider/baremetal/deploy.yam L sed -i '[email protected]/ingress-nginx/controller:v1.0.0\(.*\) @willDockerHub /ingress-nginx-controller:v1.0.0@' deploy.yaml Sed -i '[email protected]/ingress - nginx/kube - webhook - certgen: v1.0 \ \ (. *) $@ hzde0128 / kube - webhook - certgen: v1.0 @' deploy. The yaml kubectl apply -f ingress-nginx.yamlCopy the code
Check the installation
The Completed state is normal and can be ignored.
[root@master ~]# kubectl get po -n ingress-nginx NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-pm6sw 0/1 Completed 0 22m ingress-nginx-admission-patch-m8w94 0/1 Completed 0 22m ingress-nginx-controller-7d4df87d89-272ft 1/1 Running 0 22m [root@master ~]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE Ingress - nginx - controller NodePort 10.96.88.139 < none > 80:30497 / TCP, 443:32581 / TCP 22 m ingress - nginx, controller, and admission ClusterIP 10.96.193.26 < None > 443/TCP 22MCopy the code
Create the application YAML
vim tomcat.yaml
Copy the code
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
labels:
app: tomcat
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
minReadySeconds: 1
progressDeadlineSeconds: 60
revisionHistoryLimit: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: wenlongxue/tomcat:tomcat-demo-62-8fe6052
imagePullPolicy: Always
ports:
- containerPort: 8080
resources:
requests:
memory: "2Gi"
cpu: "80m"
limits:
memory: "2Gi"
cpu: "80m"
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 30
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
labels:
app: tomcat
spec:
selector:
app: tomcat
ports:
- name: tomcat-port
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
Copy the code
Deploying tomcat Applications
kubectl apply -f tomcat.yaml
Copy the code
Create ingress yaml
vim tomcat-ingress.yaml
Copy the code
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tomcat
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.cnsre.cn
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 8080
Copy the code
Deploy Tomcat Ingress YAML
kubectl apply -f tomcat-ingress.yaml
Copy the code
Check the port of the node corresponding to the ingress
kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx-controller NodePort 10.96.88.139 < none > / TCP, 80-30497, 443:32581 / TCP 54 m ingress - nginx - controller - admission ClusterIP 10.96.193.26 < none > 443/TCP 54mCopy the code
Add the hosts
Append the IP address of the ingress to the hosts file
54.xxx.xxx.xxx tomcat.cnsre.cn
Copy the code
Then go to tomcat.cnsre.cn:30497 in your browser.
Use hostNetwork to deploy ingress-nginx
Each time ingres-nginx is deployed, there is a random nodePort. When ingres-nginx is deployed, there is a random nodePort. The following describes another installation method.
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.0/deploy/static/provider/baremetal/deploy.yam L sed -i '[email protected]/ingress-nginx/controller:v1.0.0\(.*\) @willDockerHub /ingress-nginx-controller:v1.0.0@' deploy.yaml Sed -i '[email protected]/ingress - nginx/kube - webhook - certgen: v1.0 \ \ (. *) $@ hzde0128 / kube - webhook - certgen: v1.0 @' deploy. The yamlCopy the code
Optimize the ingress – nginx
Using hostNetwork
By default, ingress-nginx provides the nodeport randomly, and enables hostNetwork to enable ports 80 and 443. Modify the spec parameters below Deployment as follows:
.
spec:
hostNetwork: true # new
dnsPolicy: ClusterFirst
containers:
- name: controller
image: Willdockerhub/ingress - nginx - controller: v1.0.0 # Change the mirror address
imagePullPolicy: IfNotPresent
lifecycle:
.
Copy the code
Modify the load balancing problem
Change kind: Deployment to KIND: DaemonSet mode so that each node has a copy of ingress-nginx-Controller pod. The parameters are as follows:
.
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
#kind: Deployment # comment
kind: DaemonSet # new
metadata:
labels:
helm.sh/chart: Ingress - nginx - 4.0.1
.
Copy the code
Modify the ingressClass problem
Ingress-controller — watching-ingress-without-class =true if you don’t care about ingressClass or many ingress objects have no ingressClass configuration.
.
args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --watch-ingress-without-class=true # new
.
Copy the code
Deployment check ingress
#The deployment of
kubectl apply -f ingress-nginx.yaml
#Check the pod[root@master ~]# kubectl get pods -n ingress-nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES ingress- Nginx-Admission - Create - GMNMP 0/1 Completed 0 84m 10.100.219.105 Master < None > < None > Ingress-nginx-admission -patch- F5SGC 0/1 Completed 0 84m 10.100.219.106 Master < None > < None > Ingress-nginx-controller-b62w7 1/1 Running 0 0.0.10.51 master <none> <none> ingress-nginx-controller-lsn7h 1/1 Running 0 84m 10.0.20.222 node1 <none> <none>#Check the port/ root @ master ~ # netstat PNTL | grep TCP 443 0 0 0.0.0.0:0.0.0.0:443 * 31248 / nginx LISTEN: Master/root @ master ~ # netstat PNTL | grep TCP 80 0 0 0.0.0.0:0.0.0.0:80 * 31248 / nginx LISTEN: masterCopy the code
Create the application YAML
vim tomcat.yaml
Copy the code
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
labels:
app: tomcat
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
minReadySeconds: 1
progressDeadlineSeconds: 60
revisionHistoryLimit: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: wenlongxue/tomcat:tomcat-demo-62-8fe6052
imagePullPolicy: Always
ports:
- containerPort: 8080
resources:
requests:
memory: "2Gi"
cpu: "80m"
limits:
memory: "2Gi"
cpu: "80m"
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 30
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
labels:
app: tomcat
spec:
selector:
app: tomcat
ports:
- name: tomcat-port
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
Copy the code
Deploying tomcat Applications
kubectl apply -f tomcat.yaml
Copy the code
Create ingress yaml
vim tomcat-ingress.yaml
Copy the code
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tomcat
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.cnsre.cn
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 8080
Copy the code
Deploy Tomcat Ingress YAML
kubectl apply -f tomcat-ingress.yaml
Copy the code
Add the hosts
Append the IP address of the ingress to the hosts file
54.xxx.xxx.xxx tomcat.cnsre.cn
Copy the code
Then go to tomcat.cnsre.cn:30497 in your browser.
Configure HTTPS access for ingress-nginx
Create from the visa document file
openssl req -x509 -nodes -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginx/O=nginx"
Copy the code
After creation, two files are generated
* -rw-r--r-- 1 root root 1127 9月 2 13:04 tls.crt -rw-r--r-- 1 root root 1708 9月 2 13:04 tls.keyCopy the code
Create a secret
kubectl create secret tls tls-secret --key tls.key --cert tls.crt
Copy the code
Modify tomcat – ingress yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tomcat
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls: # new
- hosts: # new
- tomcat.cnsre.cn # new
secretName: tls-secret # new
rules:
- host: tomcat.cnsre.cn
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 8080
Copy the code
After the modification is complete, deploy it again
kubectl apply -f tomcat-ingress.yaml
Copy the code
Verification certificate
accesstomcat.cnsre.cn The article links