k8s-Ingress

https://kubernetes.github.io/ingress-nginx/deploy/ Official website Deployment Guide

Introduce : Managing services in a cluster ( Usually HTTP) External access to API object .Ingress Can provide load balancing 、SSL Terminals and name based virtual hosts .

1 Case one , You need to add a port to access the domain name

One Deployment installation

 

##  Must be implemented
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
##  This is nodeip Type of ()
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml

In the installation ingress Before , You need to edit first mandatory.yaml file , The inside of kind Change the type to demoset, And then there you are replicas Comment out , Pictured : To make sure that every node Node operation ingress

And then look at it. It's ingress No, start successfully

kubectl get pod -n ingress-nginx

Then I'm looking at svc

2. Create deployment and svc,ingress

2.1 establish deployment(pod) and svc

kubectl apply -f deployment.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-dm
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: huningfei/nginx:v1
          imagePullPolicy: IfNotPresent # If local , I don't want to pull
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx

2.2 establish ingress

kubectl apply -f ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
    - host: www.hu.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc # The name here should be the same as svc Same name
            servicePort: 80 # The port should be the same as above 

2.3 see ingress

kubectl get svc -n ingress-nginx # Look at the exposed ports

 

Edit first host file

Browser access : Keep refreshing, and you'll find that in two pod Direct alternate access

2 The second case , Direct access with domain name

One download mandatory.yaml file

https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml

 

Two edit mandatory file

1 Image address modification :image: lizhenliang/nginx-ingress-controller:0.20.0 

2 Using the host network hostNetwork: true #212 Below the line   This parameter is a prerequisite to ensure access with a domain name

3 copy , It can be changed but not changed , The default is 1 replicas: 1 #194 That's ok

4 change type kind: DaemonSet #191 That's ok , Make sure that each node Node operation ingress

 

then kubectl apply -f mandatory.yaml, see ingress

 

3 deployment and svc,ingress

3.1 establish deployment and svc

[[email protected] ingress]# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.15.4
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service 
  labels:
    app: nginx
spec:
  type: NodePort # Can not add
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx
--- # You can also use headless service
apiVersion: v1
kind: Service
metadata:
  name: nginx-service 
  labels:
    app: nginx
spec:
  selector:
    app: nginx
  clusterIP: "None"
  ports:
  - port: 80
    targetPort: 80

3.2 establish ingress

 

[[email protected] ingress]# cat ingress-nginx.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-example
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-service
          servicePort: 80

3.3 see ingress

Browser access :

3 ingress-https

One Create certificate , as well as cert storage

 

#  Generate Certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
#  Create key
kubectl create secret tls tls-secret --key tls.key --cert tls.crt

see secret

Two establish ingress-https

Among them pod and svc Using the first 1 In two cases

 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  tls:
    - hosts:
      - foo.bar.com
      secretName: tls-secret # With the above secret Same name
  rules:
    - host: foo.bar.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc
            servicePort: 80

3、 ... and Browser access

4 Nginx Conduct BasicAuth( Authentication access )

One install http

 

yum -y install httpd
htpasswd -c auth foo # Set the password
kubectl create secret generic basic-auth --from-file=auth

Check the certificate

Two establish auth-ingress

 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: foo2.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

 

3、 ... and Browser access

Enter a user name and password to access

foo password 123456

5 nginx Rewriting function

demonstration :

 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: http://www1.atguigu.com
spec:
  rules:
  - host: foo3.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

Browser access effect , visit foo3.bar.com Will jump to http://www1.atguigu.com/