1.打标签
由于nginx要部署到指定节点上,所以需要对node打个label,通过nodeSelector调度到节点上,同时要确保部署节点主机的80、443、18080、10254端口没有被占用。
kubectl label node ss-1-centos221 nginx-ingress=nginx
kubectl label node ss-1-centos221-2 nginx-ingress=nginx
2.准备nginx-ingress-controller部署文件
2.1 nginx-ingress-controller-rbac.yaml :设置rabc权限
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
| --- apiVersion: v1 kind: ServiceAccount metadata: name: nginx-ingress-serviceaccount namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: nginx-ingress-clusterrole rules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - "" resources: - services verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "extensions" resources: - ingresses/status verbs: - update --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: nginx-ingress-role namespace: kube-system rules: - apiGroups: - "" resources: - configmaps - pods - secrets - namespaces verbs: - get - apiGroups: - "" resources: - configmaps resourceNames: - "ingress-controller-leader-nginx" verbs: - get - update - apiGroups: - "" resources: - configmaps verbs: - create - apiGroups: - "" resources: - endpoints verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: nginx-ingress-role-nisa-binding namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-ingress-role subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: nginx-ingress-clusterrole-nisa-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-ingress-clusterrole subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: kube-system
|
2.2 nginx-ingress-controller-cm.yaml :设置配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
| --- kind: ConfigMap apiVersion: v1 metadata: name: nginx-configuration namespace: kube-system labels: app: ingress-nginx data: enable-vts-status: "true" vts-default-filter-key: "$server_name" proxy-body-size: 20m upstream-keepalive-connections: "300" access-log-path: "/var/log/nginx/access.log" error-log-path: "/var/log/nginx/error.log" --- kind: ConfigMap apiVersion: v1 metadata: name: tcp-services namespace: kube-system data: 1068: "default/example-service-nodeport:80" --- kind: ConfigMap apiVersion: v1 metadata: name: udp-services namespace: kube-system
|
2.3 nginx-ingress-controller-ds.yaml :设置nginx-ingress-controller启动配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
| --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: nginx-ingress-controller namespace: kube-system spec: selector: matchLabels: app: ingress-nginx template: metadata: labels: app: ingress-nginx annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' spec: serviceAccountName: nginx-ingress-serviceaccount hostNetwork: true dnsPolicy: ClusterFirstWithHostNet volumes: - name: nginx-log hostPath: path: /var/log/nginx - name: host-time hostPath: path: /etc/localtime containers: - name: nginx-ingress-controller image:k8s.qingye.info/test/nginx-ingress-controller:0.15.0 args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --annotations-prefix=nginx.ingress.kubernetes.io env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 hostPort: 80 - name: https containerPort: 443 hostPort: 443 - name: tcp containerPort: 18080 hostPort: 18080 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - name: nginx-log mountPath: /var/log/nginx/ - name: host-time mountPath: /etc/localtime tolerations: - key: "node-role.kubernetes.io/node" operator: "Equal" value: "" effect: "NoSchedule" nodeSelector: nginx-ingress: "nginx" --- kind: Service apiVersion: v1 metadata: name: nginx-ingress-controller-service namespace: kube-system spec: selector: app: ingress-nginx ports: - protocol: TCP port: 80 name: http - protocol: TCP port: 443 name: https
|
2.4 default-http-backend.yaml :设置默认后端
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
| --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: default-http-backend labels: app: default-http-backend namespace: kube-system spec: replicas: 1 selector: matchLabels: app: default-http-backend template: metadata: labels: app: default-http-backend spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend image:k8s.qingye.info/test/defaultbackend:1.4 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 8080 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi --- apiVersion: v1 kind: Service metadata: name: default-http-backend namespace: kube-system labels: app: default-http-backend spec: ports: - port: 80 targetPort: 8080 selector: app: default-http-backend
|
3.开始安装
kubectl create -f nginx-ingress-controller-rbac.yaml
kubectl create -f nginx-ingress-controller-cm.yaml
kubectl create -f nginx-ingress-controller-ds.yaml
kubectl create -f default-http-backend.yaml
4.安装完毕后,看下有没成功启动
kubectl get pod -n kube-system |egrep “backend|nginx”

启动成功。可以访问管理页面查看流量状态 http://ip:18080/nginx_status 或者http://ip:18080/nginx_status

5.配置ingres,以下是一个例子
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
| apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-ingress-scope namespace: kube-system annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/vts-filter-key: $uri $server_name prometheus.io/probe: 'true' spec: rules: - host: k8s.scope.qingye.cn http: paths: - path: / backend: serviceName: weave-scope-app servicePort: 80
|