从 Ingress 开始有了域名
Ingress 公开了从集群外部到集群内服务的 HTTP 和 HTTPS 路由。 流量路由由 Ingress 资源上定义的规则控制。
Ingress 可以提供负载均衡、TLS 证书以及域名。
本文要部署的 Ingress 控制器是 ingress-nginx
前置条件:
安装
添加 ingress-nginx 仓库
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
根据 Supported Versions table 查找合适的 ingress-nginx chart 版本,因为作者部署的 k8s 版本是 1.23,所以选择 chart 的版本是 4.5.2。
helm search repo ingress-nginx -l
# NAME CHART VERSION APP VERSION DESCRIPTION
# ingress-nginx/ingress-nginx 4.7.0 1.8.0 Ingress controller for Kubernetes using NGINX
# ingress-nginx/ingress-nginx 4.6.1 1.7.1 Ingress controller for Kubernetes using NGINX
# ingress-nginx/ingress-nginx 4.6.0 1.7.0 Ingress controller for Kubernetes using NGINX
# ingress-nginx/ingress-nginx 4.5.2 1.6.4 Ingress controller for Kubernetes using NGINX
生成 values.yaml
helm show values ingress-nginx/ingress-nginx --version 4.5.2 > values.yaml
如果有需要,修改 values.yaml,更改配置,但现在不需要。
如果你想查看将要部署的清单,可以运行如下命令:
helm template ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx --create-namespace -f ./values.yaml --version 4.5.2 > ingress-nginx.yaml
安装 ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx --create-namespace -f ./values.yaml --version 4.5.2
执行如下命令可以卸载重来:
helm uninstall ingress-nginx -n ingress-nginx
查看 EXTERNAL-IP
kubectl get svc -n ingress-nginx
# NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
# ingress-nginx-controller LoadBalancer 10.104.7.237 192.168.32.64 80:32168/TCP,443:31027/TCP 11s
# ingress-nginx-controller-admission ClusterIP 10.98.250.70 <none> 443/TCP 11s
请留意 EXTERNAL-IP 为 192.168.32.64
等待
kubectl get pods -n ingress-nginx -w
# NAME READY STATUS RESTARTS AGE
# ingress-nginx-admission-create--1-jp6ww 0/1 Completed 0 23s
# ingress-nginx-admission-patch--1-xh4gn 0/1 Completed 1 23s
# ingress-nginx-controller-5c8d66c76d-4slrh 0/1 ContainerCreating 0 23s
# ingress-nginx-controller-5c8d66c76d-4slrh 0/1 Running 0 39s
# ingress-nginx-controller-5c8d66c76d-4slrh 1/1 Running 0 50s
测试
部署
kubectl apply -f whoami.yaml
# ingress/nginx/whoami.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
labels:
app: containous
name: whoami
spec:
replicas: 2
selector:
matchLabels:
app: containous
task: whoami
template:
metadata:
labels:
app: containous
task: whoami
spec:
containers:
- name: containouswhoami
image: containous/whoami
resources:
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- name: http
port: 80
selector:
app: containous
task: whoami
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: whoami.todoit.tech
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
number: 80
查看 ingress 信息
kubectl get ingress
# NAME CLASS HOSTS ADDRESS PORTS AGE
# whoami-ingress <none> whoami.todoit.tech 192.168.32.64 80 35s
此时 curl 192.168.32.64, 会得到 404 的信息
这里给 whoami 配置了一个域名 whoami.todoit.tech
,在宿主机将该域名映射到 192.168.32.64。为了方便,我使用 SwitchHosts 这款应用来做域名映射,可以到 GitHub 下载安装。
在浏览器输入 whoami.todoit.tech,没有意外的话,可以看到,有意外的话可以使用 safari 打开。
由于我没有配备 SSL 证书,浏览器提示我们不安全,可以通过使用 cert-manager 签发免费证书来解决这个问题。
清理
kubectl delete -f whoami.yaml
# deployment.apps "whoami" deleted
# service "whoami" deleted
# ingress.networking.k8s.io "whoami-ingress" deleted