一个简单的小开发
yds
2023-11-25
目录

ingress安装

# helm安装nginx-ingress

# 添加Chart仓库

helm repo add nginx-stable https://helm.nginx.com/stable
1

# 查找Chart

helm search repo nginx-ingress
1

# 安装

添加仓库

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
1
2
helm install ingress-nginx-release ./ingress-nginx \
--set controller.service.type=NodePort \
--set controller.service.nodePorts.http=30080 \
--set controller.service.nodePorts.https=30443 \
1
2
3
4

# 服务器使用nginx做ingress转发

server {
   listen 80;
   server_name nginx.demo.why1024.com;

   location / {
       proxy_set_header   X-Real-IP $remote_addr;
       proxy_set_header   Host      $http_host;
       proxy_pass         http://0.0.0.0:30080;
   }
}
1
2
3
4
5
6
7
8
9
10

30080的端口服务器不用开放,对外始终是80端口的nginx

# 示例POD

vim nginx.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
 name: nginx
spec:
 replicas: 1
 selector:
   matchLabels:
     app: nginx
 template:
   metadata:
     labels:
       app: nginx
   spec:
     containers:
     - name: nginx
       image: nginx:latest
       volumeMounts:
       - name: html
         mountPath: /usr/share/nginx/html
       ports:
       - containerPort: 80
     volumes:
     - name: html
       persistentVolumeClaim:
         claimName: nginx

---

apiVersion: v1
kind: Service
metadata:
 name: nginx
spec:
 selector:
   app: nginx
 ports:
 - port: 80
   targetPort: 80

---

apiVersion: v1
kind: PersistentVolume
metadata:
 name: nginx
 labels:
   name: nginx
spec:
 nfs:
   path: /data/volumes/v1
   server: master01
 accessModes: ["ReadWriteMany","ReadWriteOnce"]
 capacity:
   storage: 1Gi

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
 name: nginx
spec:
 accessModes: ["ReadWriteMany","ReadWriteOnce"]
 resources:
   requests:
     storage: 1Gi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# 使用

vim nginx-demo-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: nginx-demo-ingress
spec:
 ingressClassName: nginx
 rules:
 - host: nginx.demo.why1024.com
   http:
     paths:
     - path: /
       pathType: Prefix
       backend:
         service:
           name: nginx
           port:
             number: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

annotations 和 ingressClassName不能同时设置

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-demo-ingress
annotations:
  kubernetes.io/ingress.class: nginx
spec:
rules:
- host: nginx.demo.why1024.com
  http:
    paths:
    - path: /
      pathType: Prefix
      backend:
        service:
          name: nginx
          port:
            number: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

kubectl apply -f nginx-demo-ingress.yaml

curl 10.0.24.3:30080 -H "Host: nginx.demo.why1024.com"

# ssl

kubectl create secret tls server-api.why1024.com-secret --key ./server-api.why1024.com.key --cert ./server-api.why1024.com_bundle.crt
1
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: *****-prod
 namespace: prod
 labels:
   app: *****-prod
 annotations:
   nginx.ingress.kubernetes.io/rewrite-target: / #重写路径
   nginx.ingress.kubernetes.io/ssl-redirect: 'true' #http 自动转https
   nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" #修改代理超时时间,默认是60s
   nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
   nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
 tls:
 - hosts:
   - 'app.*****.com'
   secretName: app-*****-com-secret
 rules:
   - host: "app.*****.com"
     http:
       paths:
         
         
         - path: /
           backend:
             serviceName: qwer-mobile-prod
             servicePort: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

# https

nginx

server {
    listen 80;
    server_name server-api.why1024.com;
    rewrite ^(.*) https://server-api.why1024.com permanent;
}

server {
    listen 443 ssl;
    server_name server-api.why1024.com;
    ssl_certificate conf.d/cert/tls.crt;
    ssl_certificate_key conf.d/cert/tls.key;
    ssl_session_timeout 5m;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host      $http_host;
        proxy_pass         https://0.0.0.0:30443;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

helm安装应用时开启ingress

helm install my-nginx-release -f values.yaml . \
--set serviceAccount.create=false \
--set ingress.enabled=true \
--set ingress.className=nginx \
--set ingress.hosts[0].host=nginx.my.com \
--set ingress.hosts[0].paths[0].pathType=Prefix
1
2
3
4
5
6
#DEVOPS#HELM#K8S
上次更新: 2024/09/30, 01:34:11
HELM3安装
drone安装

drone安装

最近更新
01
使用docker-compose安装mysql
09-30
02
鸿蒙app开发中的数据驱动ui渲染问题
08-01
03
LINUX连接openvpn
07-02
更多文章>
Theme by Vdoing | Copyright © 2020-2024 YDS