The article links
ingress-nginx
Ingress-nginx v1.0 Latest version v1.0 for Kubernetes v1.19+ (including v1.19) Kubernetes-v1.22+ needs to be used Ingress-nginx >=1.0 because networking. K8s. IO /v1beta has been removed
Deploy ingress-nginx directly
It is easy to deploy the girHub file directly. If there is no response, you can terminate the task and pull it again. Pull the mirror part, you can change it to the following mirror address
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.0/deploy/static/provider/baremetal/deploy.yam L sed -i '[email protected]/ingress-nginx/controller:v1.0.0\(.*\) @willDockerHub /ingress-nginx-controller:v1.0.0@' deploy.yaml Sed -i '[email protected]/ingress - nginx/kube - webhook - certgen: v1.0 \ \ (. *) $@ hzde0128 / kube - webhook - certgen: v1.0 @' deploy. The yaml kubectl apply -f ingress-nginx.yamlCopy the codeCheck the installation
The Completed state is normal and can be ignored.
[root@master ~]# kubectl get po -n ingress-nginx NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-pm6sw 0/1 Completed 0 22m ingress-nginx-admission-patch-m8w94 0/1 Completed 0 22m ingress-nginx-controller-7d4df87d89-272ft 1/1 Running 0 22m [root@master ~]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE Ingress - nginx - controller NodePort 10.96.88.139 < none > 80:30497 / TCP, 443:32581 / TCP 22 m ingress - nginx, controller, and admission ClusterIP 10.96.193.26 < None > 443/TCP 22MCopy the codeCreate the application YAML
vim tomcat.yaml
Copy the codeapiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
labels:
app: tomcat
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
minReadySeconds: 1
progressDeadlineSeconds: 60
revisionHistoryLimit: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: wenlongxue/tomcat:tomcat-demo-62-8fe6052
imagePullPolicy: Always
ports:
- containerPort: 8080
resources:
requests:
memory: "2Gi"
cpu: "80m"
limits:
memory: "2Gi"
cpu: "80m"
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 30
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
labels:
app: tomcat
spec:
selector:
app: tomcat
ports:
- name: tomcat-port
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
Copy the codeDeploying tomcat Applications
kubectl apply -f tomcat.yaml
Copy the codeCreate ingress yaml
vim tomcat-ingress.yaml
Copy the codeapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tomcat
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.cnsre.cn
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 8080
Copy the codeDeploy Tomcat Ingress YAML
kubectl apply -f tomcat-ingress.yaml
Copy the codeCheck the port of the node corresponding to the ingress
kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx-controller NodePort 10.96.88.139 < none > / TCP, 80-30497, 443:32581 / TCP 54 m ingress - nginx - controller - admission ClusterIP 10.96.193.26 < none > 443/TCP 54mCopy the codeAdd the hosts
Append the IP address of the ingress to the hosts file
54.xxx.xxx.xxx tomcat.cnsre.cn
Copy the codeThen go to tomcat.cnsre.cn:30497 in your browser.
Use hostNetwork to deploy ingress-nginx
Each time ingres-nginx is deployed, there is a random nodePort. When ingres-nginx is deployed, there is a random nodePort. The following describes another installation method.
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.0/deploy/static/provider/baremetal/deploy.yam L sed -i '[email protected]/ingress-nginx/controller:v1.0.0\(.*\) @willDockerHub /ingress-nginx-controller:v1.0.0@' deploy.yaml Sed -i '[email protected]/ingress - nginx/kube - webhook - certgen: v1.0 \ \ (. *) $@ hzde0128 / kube - webhook - certgen: v1.0 @' deploy. The yamlCopy the codeOptimize the ingress – nginx
Using hostNetwork
By default, ingress-nginx provides the nodeport randomly, and enables hostNetwork to enable ports 80 and 443. Modify the spec parameters below Deployment as follows:
.
spec:
hostNetwork: true # new
dnsPolicy: ClusterFirst
containers:
- name: controller
image: Willdockerhub/ingress - nginx - controller: v1.0.0 # Change the mirror address
imagePullPolicy: IfNotPresent
lifecycle:
.
Copy the codeModify the load balancing problem
Change kind: Deployment to KIND: DaemonSet mode so that each node has a copy of ingress-nginx-Controller pod. The parameters are as follows:
.
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
#kind: Deployment # comment
kind: DaemonSet # new
metadata:
labels:
helm.sh/chart: Ingress - nginx - 4.0.1
.
Copy the codeModify the ingressClass problem
Ingress-controller — watching-ingress-without-class =true if you don’t care about ingressClass or many ingress objects have no ingressClass configuration.
.
args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-dev-v1-test-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --watch-ingress-without-class=true # new
.
Copy the codeDeployment check ingress
#The deployment of
kubectl apply -f ingress-nginx.yaml
#Check the pod[root@master ~]# kubectl get pods -n ingress-nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES ingress- Nginx-Admission - Create - GMNMP 0/1 Completed 0 84m 10.100.219.105 Master < None > < None > Ingress-nginx-admission -patch- F5SGC 0/1 Completed 0 84m 10.100.219.106 Master < None > < None > Ingress-nginx-controller-b62w7 1/1 Running 0 0.0.10.51 master <none> <none> ingress-nginx-controller-lsn7h 1/1 Running 0 84m 10.0.20.222 node1 <none> <none>#Check the port/ root @ master ~ # netstat PNTL | grep TCP 443 0 0 0.0.0.0:0.0.0.0:443 * 31248 / nginx LISTEN: Master/root @ master ~ # netstat PNTL | grep TCP 80 0 0 0.0.0.0:0.0.0.0:80 * 31248 / nginx LISTEN: masterCopy the codeCreate the application YAML
vim tomcat.yaml
Copy the codeapiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
labels:
app: tomcat
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
minReadySeconds: 1
progressDeadlineSeconds: 60
revisionHistoryLimit: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: wenlongxue/tomcat:tomcat-demo-62-8fe6052
imagePullPolicy: Always
ports:
- containerPort: 8080
resources:
requests:
memory: "2Gi"
cpu: "80m"
limits:
memory: "2Gi"
cpu: "80m"
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 30
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
labels:
app: tomcat
spec:
selector:
app: tomcat
ports:
- name: tomcat-port
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
Copy the codeDeploying tomcat Applications
kubectl apply -f tomcat.yaml
Copy the codeCreate ingress yaml
vim tomcat-ingress.yaml
Copy the codeapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tomcat
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.cnsre.cn
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 8080
Copy the codeDeploy Tomcat Ingress YAML
kubectl apply -f tomcat-ingress.yaml
Copy the codeAdd the hosts
Append the IP address of the ingress to the hosts file
54.xxx.xxx.xxx tomcat.cnsre.cn
Copy the codeThen go to tomcat.cnsre.cn:30497 in your browser.
Configure HTTPS access for ingress-nginx
Create from the visa document file
openssl req -x509 -nodes -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginx/O=nginx"
Copy the codeAfter creation, two files are generated
* -rw-r--r-- 1 root root 1127 9月 2 13:04 tls.crt -rw-r--r-- 1 root root 1708 9月 2 13:04 tls.keyCopy the codeCreate a secret
kubectl create secret tls tls-secret --key tls.key --cert tls.crt
Copy the codeModify tomcat – ingress yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tomcat
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls: # new
- hosts: # new
- tomcat.cnsre.cn # new
secretName: tls-secret # new
rules:
- host: tomcat.cnsre.cn
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 8080
Copy the codeAfter the modification is complete, deploy it again
kubectl apply -f tomcat-ingress.yaml
Copy the codeVerification certificate
accesstomcat.cnsre.cn 