ingress安装
# helm安装nginx-ingress
# 添加Chart仓库
helm repo add nginx-stable https://helm.nginx.com/stable
1
# 查找Chart
helm search repo nginx-ingress
1
# 安装
添加仓库
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
1
2
2
helm install ingress-nginx-release ./ingress-nginx \
--set controller.service.type=NodePort \
--set controller.service.nodePorts.http=30080 \
--set controller.service.nodePorts.https=30443 \
1
2
3
4
2
3
4
# 服务器使用nginx做ingress转发
server {
listen 80;
server_name nginx.demo.why1024.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://0.0.0.0:30080;
}
}
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
30080的端口服务器不用开放,对外始终是80端口的nginx
# 示例POD
vim nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
ports:
- containerPort: 80
volumes:
- name: html
persistentVolumeClaim:
claimName: nginx
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nginx
labels:
name: nginx
spec:
nfs:
path: /data/volumes/v1
server: master01
accessModes: ["ReadWriteMany","ReadWriteOnce"]
capacity:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nginx
spec:
accessModes: ["ReadWriteMany","ReadWriteOnce"]
resources:
requests:
storage: 1Gi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# 使用
vim nginx-demo-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-demo-ingress
spec:
ingressClassName: nginx
rules:
- host: nginx.demo.why1024.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
number: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
annotations 和 ingressClassName不能同时设置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-demo-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: nginx.demo.why1024.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
number: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
kubectl apply -f nginx-demo-ingress.yaml
curl 10.0.24.3:30080 -H "Host: nginx.demo.why1024.com"
# ssl
kubectl create secret tls server-api.why1024.com-secret --key ./server-api.why1024.com.key --cert ./server-api.why1024.com_bundle.crt
1
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: *****-prod
namespace: prod
labels:
app: *****-prod
annotations:
nginx.ingress.kubernetes.io/rewrite-target: / #重写路径
nginx.ingress.kubernetes.io/ssl-redirect: 'true' #http 自动转https
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" #修改代理超时时间,默认是60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
tls:
- hosts:
- 'app.*****.com'
secretName: app-*****-com-secret
rules:
- host: "app.*****.com"
http:
paths:
- path: /
backend:
serviceName: qwer-mobile-prod
servicePort: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# https
nginx
server {
listen 80;
server_name server-api.why1024.com;
rewrite ^(.*) https://server-api.why1024.com permanent;
}
server {
listen 443 ssl;
server_name server-api.why1024.com;
ssl_certificate conf.d/cert/tls.crt;
ssl_certificate_key conf.d/cert/tls.key;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://0.0.0.0:30443;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
helm安装应用时开启ingress
helm install my-nginx-release -f values.yaml . \
--set serviceAccount.create=false \
--set ingress.enabled=true \
--set ingress.className=nginx \
--set ingress.hosts[0].host=nginx.my.com \
--set ingress.hosts[0].paths[0].pathType=Prefix
1
2
3
4
5
6
2
3
4
5
6
上次更新: 2024/08/08, 06:59:58