树莓派玩转Kubernetes-3-安装nginx-ingress.md

, 评论

ingress-controller作为反向代理将外部流量导入集群内部,将Kubernetes内部的Service暴露出来,在Ingress对象中通过域名匹配Service,这样就可以直接通过域名访问到集群内部的服务了。我使用了kubernetes最为流行的”包管理器”helm来安装ingress-nginx。

安装Helm

先安装helm,使用helm来安装ingress-nginx,按照helm的官方文档,安装过程如下:

1
2
3
4
5
curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
sudo apt-get install apt-transport-https --yes
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm

Helm安装ingress-nginx

官方文档在此:using Helm install nginx-ingress

首先添加nginx-ingress的仓库并更新:

1
2
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

拉取nginx-ingress安装包:

1
helm pull ingress-nginx/ingress-nginx

在当前目录下有一个ingress-nginx-3.34.0.tgz的文件,解压该文件:

1
tar -vxf ingress-nginx-3.34.0.tgz

然后进入ingress-nginx目录内,编辑values.yaml, 主要改动如下:
使用hostNetwork模式,并且修改dns策略为ClusterFirstWithHostNet,指定某几台node专门跑ingress,并且使用DaemoSet来进行部署,添加nodeSelector

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
...
# Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
  # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
  # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
  dnsPolicy: ClusterFirstWithHostNet  # 修改dns策略为ClusterFirstWithHostNet
...

...
  # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
  # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
  # is merged
  hostNetwork: true                   # 使用hostNetwork模式
...

...
  ## DaemonSet or Deployment
  ##
  kind: DaemonSet                     # 使用DaemoSet来进行部署
...

...
  ## Node labels for controller pod assignment
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector:
    kubernetes.io/os: linux
    ingress: "true"                   # 在nodeSelector指定ingress=ture的节点(主节点)来部署
...

...
    ports:
      http: 80
      https: 443

    targetPorts:
      http: http
      https: https

    type: ClusterIP                   # 修改为ClusterIP
...

创建ingress-nginx的namespace:

1
2
pi@RPi-0:~ $ kubectl create ns ingress-nginx
namespace/ingress-nginx created

准备将ingress-nginx安装到rpi-0即主节点上,给主节点打上ingress=true的label:

1
2
pi@RPi-0:~ $ kubectl label node rpi-0 ingress=true
node/rpi-0 labeled

此时主节点还不被允许调度任务:

1
2
pi@RPi-0:~ $ kubectl describe node rpi-0 |grep Taints
Taints:             NoSchedule

给主节点打上污点:

1
kubectl taint nodes rpi-0 node-role.kubernetes.io/master-

再次查看, 已经允许被调度:

1
2
pi@RPi-0:~ $ kubectl describe node rpi-0 |grep Taints
Taints:             <none>

安装ingress-nginx:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
pi@RPi-0:~/ingress-nginx $ helm install ingress-nginx -n ingress-nginx .
NAME: ingress-nginx
LAST DEPLOYED: Fri Jul  9 14:38:20 2021
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
Get the application URL by running these commands:
  export POD_NAME=$(kubectl --namespace ingress-nginx get pods -o jsonpath="{.items[0].metadata.name}" -l "app=ingress-nginx,component=controller,release=ingress-nginx")
  kubectl --namespace ingress-nginx port-forward $POD_NAME 8080:80
  echo "Visit http://127.0.0.1:8080 to access your application."

An example Ingress that makes use of the controller:

  apiVersion: networking.k8s.io/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

ingress-nginx部署完毕,可以部署一个简单的应用来测试。

teax天灌丘第一程序员

I missed nothing not to say