Kubernetes K8S之Ingress詳解與示例

Ingress概述

Ingress 是對集群中服務(wù)的外部訪問進行管理的 API 對象,典型的訪問方式是 HTTP和HTTPS。

Ingress 可以提供負載均衡、SSL 和基于名稱的虛擬托管。

必須具有 ingress 控制器【例如 ingress-nginx】才能滿足 Ingress 的要求。僅創(chuàng)建 Ingress 資源無效。

Ingress 是什么

Ingress 公開了從集群外部到集群內(nèi) services 的 HTTP 和 HTTPS 路由。 流量路由由 Ingress 資源上定義的規(guī)則控制。

1? internet

2? ? ? |

3 [ Ingress ]

4 --|-----|--

5 [ Services ]

可以將 Ingress 配置為提供服務(wù)外部可訪問的 URL、負載均衡流量、 SSL / TLS,以及提供基于名稱的虛擬主機。Ingress 控制器 通常負責(zé)通過負載均衡器來實現(xiàn) Ingress,盡管它也可以配置邊緣路由器或其他前端來幫助處理流量。

Ingress 不會公開任意端口或協(xié)議。若將 HTTP 和 HTTPS 以外的服務(wù)公開到 Internet 時,通常使用 Service.Type=NodePort 或者 Service.Type=LoadBalancer 類型的服務(wù)。

以Nginx Ingress為例,圖如下

Ingress示例

架構(gòu)圖

部署Ingress-Nginx

該Nginx是經(jīng)過改造的,而不是傳統(tǒng)的Nginx。

Ingress-Nginx官網(wǎng)地址

https://kubernetes.github.io/ingress-nginx/

Ingress-Nginx GitHub地址

https://github.com/kubernetes/ingress-nginx

本次下載版本:nginx-0.30.0

鏡像下載與重命名

1 docker pull registry.cn-beijing.aliyuncs.com/google_registry/nginx-ingress-controller:0.30.0

2 docker tag 89ccad40ce8e quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0

3 docker rmi? registry.cn-beijing.aliyuncs.com/google_registry/nginx-ingress-controller:0.30.0

ingress-nginx的yaml文件修改后并啟動

復(fù)制代碼

1 # 當(dāng)前目錄

2 [root@k8s-master ingress]# pwd

3 /root/k8s_practice/ingress

4 # 獲取NGINX: 0.30.0

5 [root@k8s-master ingress]# wget https://github.com/kubernetes/ingress-nginx/archive/nginx-0.30.0.tar.gz

6 [root@k8s-master ingress]# tar xf nginx-0.30.0.tar.gz

7 # yaml文件在下載包中的位置:ingress-nginx-nginx-0.30.0/deploy/static/mandatory.yaml

8 [root@k8s-master ingress]# cp -a ingress-nginx-nginx-0.30.0/deploy/static/mandatory.yaml ./

9 [root@k8s-master ingress]#

10 # yaml文件配置修改

11 [root@k8s-master ingress]# vim mandatory.yaml

12 ………………

13 apiVersion: apps/v1

14 kind: DaemonSet? # 從Deployment改為DaemonSet

15 metadata:

16? name: nginx-ingress-controller

17? namespace: ingress-nginx

18? labels:

19? ? app.kubernetes.io/name: ingress-nginx

20? ? app.kubernetes.io/part-of: ingress-nginx

21 spec:

22? #replicas: 1? # 注釋掉

23 ………………

24? ? ? nodeSelector:

25? ? ? ? kubernetes.io/hostname: k8s-master? # 修改處

26? ? ? # 如下幾行為新加行? 作用【允許在master節(jié)點運行】

27? ? ? tolerations:

28? ? ? - key: node-role.kubernetes.io/master

29? ? ? ? effect: NoSchedule

30 ………………

31? ? ? ? ? ports:

32? ? ? ? ? ? - name: http

33? ? ? ? ? ? ? containerPort: 80

34? ? ? ? ? ? ? hostPort: 80? ? # 添加處【可在宿主機通過該端口訪問Pod】

35? ? ? ? ? ? ? protocol: TCP

36? ? ? ? ? ? - name: https

37? ? ? ? ? ? ? containerPort: 443

38? ? ? ? ? ? ? hostPort: 443? # 添加處【可在宿主機通過該端口訪問Pod】

39? ? ? ? ? ? ? protocol: TCP

40 ………………

41 [root@k8s-master ingress]#

42 [root@k8s-master ingress]# kubectl apply -f mandatory.yaml

43 namespace/ingress-nginx created

44 configmap/nginx-configuration created

45 configmap/tcp-services created

46 configmap/udp-services created

47 serviceaccount/nginx-ingress-serviceaccount created

48 clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created

49 role.rbac.authorization.k8s.io/nginx-ingress-role created

50 rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created

51 clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created

52 daemonset.apps/nginx-ingress-controller created

53 limitrange/ingress-nginx created

54 [root@k8s-master ingress]#

55 [root@k8s-master ingress]# kubectl get ds -n ingress-nginx -o wide

56 NAME? ? ? ? ? ? ? ? ? ? ? DESIRED? CURRENT? READY? UP-TO-DATE? AVAILABLE? NODE SELECTOR? ? ? ? ? ? ? ? ? ? ? AGE? ? CONTAINERS? ? ? ? ? ? ? ? IMAGES? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? SELECTOR

57 nginx-ingress-controller? 1? ? ? ? 1? ? ? ? 1? ? ? 1? ? ? ? ? ? 1? ? ? ? ? kubernetes.io/hostname=k8s-master? 9m47s? nginx-ingress-controller? quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0? app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/part-of=ingress-nginx

58 [root@k8s-master ingress]#

59 [root@k8s-master ingress]# kubectl get pod -n ingress-nginx -o wide

60 NAME? ? ? ? ? ? ? ? ? ? ? ? ? ? READY? STATUS? ? RESTARTS? AGE? ? IP? ? ? ? ? ? NODE? ? ? ? NOMINATED NODE? READINESS GATES

61 nginx-ingress-controller-rrbh9? 1/1? ? Running? 0? ? ? ? ? 9m55s? 10.244.0.46? k8s-master? <none>? ? ? ? ? <none>

復(fù)制代碼

deply_service1的yaml信息

yaml文件

復(fù)制代碼

1 [root@k8s-master ingress]# pwd

2 /root/k8s_practice/ingress

3 [root@k8s-master ingress]# cat deply_service1.yaml

4 apiVersion: apps/v1

5 kind: Deployment

6 metadata:

7? name: myapp-deploy1

8? namespace: default

9 spec:

10? replicas: 3

11? selector:

12? ? matchLabels:

13? ? ? app: myapp

14? ? ? release: v1

15? template:

16? ? metadata:

17? ? ? labels:

18? ? ? ? app: myapp

19? ? ? ? release: v1

20? ? ? ? env: test

21? ? spec:

22? ? ? containers:

23? ? ? - name: myapp

24? ? ? ? image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1

25? ? ? ? imagePullPolicy: IfNotPresent

26? ? ? ? ports:

27? ? ? ? - name: http

28? ? ? ? ? containerPort: 80

29 ---

30 apiVersion: v1

31 kind: Service

32 metadata:

33? name: myapp-clusterip1

34? namespace: default

35 spec:

36? type: ClusterIP? # 默認類型

37? selector:

38? ? app: myapp

39? ? release: v1

40? ports:

41? - name: http

42? ? port: 80

43? ? targetPort: 80

復(fù)制代碼

啟動Deployment和Service

1 [root@k8s-master ingress]# kubectl apply -f deply_service1.yaml

2 deployment.apps/myapp-deploy1 created

3 service/myapp-clusterip1 created

查看Deploy狀態(tài)和信息

復(fù)制代碼

1 [root@k8s-master ingress]# kubectl get deploy -o wide

2 NAME? ? ? ? ? ? READY? UP-TO-DATE? AVAILABLE? AGE? CONTAINERS? IMAGES? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? SELECTOR

3 myapp-deploy1? 3/3? ? 3? ? ? ? ? ? 3? ? ? ? ? 28s? myapp? ? ? ? registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1? app=myapp,release=v1

4 [root@k8s-master ingress]#

5 [root@k8s-master ingress]# kubectl get rs -o wide

6 NAME? ? ? ? ? ? ? ? ? ? ? DESIRED? CURRENT? READY? AGE? CONTAINERS? IMAGES? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? SELECTOR

7 myapp-deploy1-5695bb5658? 3? ? ? ? 3? ? ? ? 3? ? ? 30s? myapp? ? ? ? registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1? app=myapp,pod-template-hash=5695bb5658,release=v1

8 [root@k8s-master ingress]#

9 [root@k8s-master ingress]# kubectl get pod -o wide --show-labels

10 NAME? ? ? ? ? ? ? ? ? ? ? ? ? ? READY? STATUS? ? RESTARTS? AGE? IP? ? ? ? ? ? NODE? ? ? ? NOMINATED NODE? READINESS GATES? LABELS

11 myapp-deploy1-5695bb5658-n6548? 1/1? ? Running? 0? ? ? ? ? 36s? 10.244.2.144? k8s-node02? <none>? ? ? ? ? <none>? ? ? ? ? ? app=myapp,env=test,pod-template-hash=5695bb5658,release=v1

12 myapp-deploy1-5695bb5658-rqcpb? 1/1? ? Running? 0? ? ? ? ? 36s? 10.244.2.143? k8s-node02? <none>? ? ? ? ? <none>? ? ? ? ? ? app=myapp,env=test,pod-template-hash=5695bb5658,release=v1

13 myapp-deploy1-5695bb5658-vv6gm? 1/1? ? Running? 0? ? ? ? ? 36s? 10.244.3.200? k8s-node01? <none>? ? ? ? ? <none>? ? ? ? ? ? app=myapp,env=test,pod-template-hash=5695bb5658,release=v1

復(fù)制代碼

curl訪問pod

復(fù)制代碼

1 [root@k8s-master ingress]# curl 10.244.2.144

2 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

3 [root@k8s-master ingress]#

4 [root@k8s-master ingress]# curl 10.244.2.144/hostname.html

5 myapp-deploy1-5695bb5658-n6548

6 [root@k8s-master ingress]#

7 [root@k8s-master ingress]# curl 10.244.2.143/hostname.html

8 myapp-deploy1-5695bb5658-rqcpb

9 [root@k8s-master ingress]#

10 [root@k8s-master ingress]# curl 10.244.3.200/hostname.html

11 myapp-deploy1-5695bb5658-vv6gm

復(fù)制代碼

查看Service狀態(tài)和信息

1 [root@k8s-master ingress]# kubectl get svc -o wide

2 NAME? ? ? ? ? ? ? TYPE? ? ? ? CLUSTER-IP? ? ? EXTERNAL-IP? PORT(S)? AGE? ? SELECTOR

3 kubernetes? ? ? ? ClusterIP? 10.96.0.1? ? ? <none>? ? ? ? 443/TCP? 19d? ? <none>

4 myapp-clusterip1? ClusterIP? 10.104.146.14? <none>? ? ? ? 80/TCP? ? 5m38s? app=myapp,release=v1

curl訪問svc

復(fù)制代碼

1 [root@k8s-master ingress]# curl 10.104.146.14

2 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

3 [root@k8s-master ingress]#

4 [root@k8s-master ingress]# curl 10.104.146.14/hostname.html

5 myapp-deploy1-5695bb5658-n6548

6 [root@k8s-master ingress]#

7 [root@k8s-master ingress]# curl 10.104.146.14/hostname.html

8 myapp-deploy1-5695bb5658-vv6gm

9 [root@k8s-master ingress]#

10 [root@k8s-master ingress]# curl 10.104.146.14/hostname.html

11 myapp-deploy1-5695bb5658-rqcpb

復(fù)制代碼

deply_service2的yaml信息

yaml文件

復(fù)制代碼

1 [root@k8s-master ingress]# pwd

2 /root/k8s_practice/ingress

3 [root@k8s-master ingress]# cat deply_service2.yaml

4 apiVersion: apps/v1

5 kind: Deployment

6 metadata:

7? name: myapp-deploy2

8? namespace: default

9 spec:

10? replicas: 3

11? selector:

12? ? matchLabels:

13? ? ? app: myapp

14? ? ? release: v2

15? template:

16? ? metadata:

17? ? ? labels:

18? ? ? ? app: myapp

19? ? ? ? release: v2

20? ? ? ? env: test

21? ? spec:

22? ? ? containers:

23? ? ? - name: myapp

24? ? ? ? image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2

25? ? ? ? imagePullPolicy: IfNotPresent

26? ? ? ? ports:

27? ? ? ? - name: http

28? ? ? ? ? containerPort: 80

29 ---

30 apiVersion: v1

31 kind: Service

32 metadata:

33? name: myapp-clusterip2

34? namespace: default

35 spec:

36? type: ClusterIP? # 默認類型

37? selector:

38? ? app: myapp

39? ? release: v2

40? ports:

41? - name: http

42? ? port: 80

43? ? targetPort: 80

復(fù)制代碼

啟動Deployment和Service

1 [root@k8s-master ingress]# kubectl apply -f deply_service2.yaml

2 deployment.apps/myapp-deploy2 created

3 service/myapp-clusterip2 created

查看Deploy狀態(tài)和信息

復(fù)制代碼

1 [root@k8s-master ingress]# kubectl get deploy myapp-deploy2 -o wide

2 NAME? ? ? ? ? ? READY? UP-TO-DATE? AVAILABLE? AGE? CONTAINERS? IMAGES? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? SELECTOR

3 myapp-deploy2? 3/3? ? 3? ? ? ? ? ? 3? ? ? ? ? 9s? ? myapp? ? ? ? registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2? app=myapp,release=v2

4 [root@k8s-master ingress]#

5 [root@k8s-master ingress]# kubectl get rs? -o wide

6 NAME? ? ? ? ? ? ? ? ? ? ? DESIRED? CURRENT? READY? AGE? ? CONTAINERS? IMAGES? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? SELECTOR

7 myapp-deploy1-5695bb5658? 3? ? ? ? 3? ? ? ? 3? ? ? 7m23s? myapp? ? ? ? registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1? app=myapp,pod-template-hash=5695bb5658,release=v1? # 之前創(chuàng)建的

8 myapp-deploy2-54f48f879b? 3? ? ? ? 3? ? ? ? 3? ? ? 15s? ? myapp? ? ? ? registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2? app=myapp,pod-template-hash=54f48f879b,release=v2? # 當(dāng)前deploy創(chuàng)建的

9 [root@k8s-master ingress]#

10 [root@k8s-master ingress]# kubectl get pod -o wide --show-labels -l "release=v2"

11 NAME? ? ? ? ? ? ? ? ? ? ? ? ? ? READY? STATUS? ? RESTARTS? AGE? IP? ? ? ? ? ? NODE? ? ? ? NOMINATED NODE? READINESS GATES? LABELS

12 myapp-deploy2-54f48f879b-7pxwp? 1/1? ? Running? 0? ? ? ? ? 25s? 10.244.3.201? k8s-node01? <none>? ? ? ? ? <none>? ? ? ? ? ? app=myapp,env=test,pod-template-hash=54f48f879b,release=v2

13 myapp-deploy2-54f48f879b-lqlh2? 1/1? ? Running? 0? ? ? ? ? 25s? 10.244.2.146? k8s-node02? <none>? ? ? ? ? <none>? ? ? ? ? ? app=myapp,env=test,pod-template-hash=54f48f879b,release=v2

14 myapp-deploy2-54f48f879b-pfvnn? 1/1? ? Running? 0? ? ? ? ? 25s? 10.244.2.145? k8s-node02? <none>? ? ? ? ? <none>? ? ? ? ? ? app=myapp,env=test,pod-template-hash=54f48f879b,release=v2

復(fù)制代碼

查看Service狀態(tài)和信息

1 [root@k8s-master ingress]# kubectl get svc -o wide?

2 NAME? ? ? ? ? ? ? TYPE? ? ? ? CLUSTER-IP? ? ? EXTERNAL-IP? PORT(S)? AGE? ? SELECTOR

3 kubernetes? ? ? ? ClusterIP? 10.96.0.1? ? ? <none>? ? ? ? 443/TCP? 19d? ? <none>

4 myapp-clusterip1? ClusterIP? 10.104.146.14? <none>? ? ? ? 80/TCP? ? 8m9s? app=myapp,release=v1

5 myapp-clusterip2? ClusterIP? 10.110.181.62? <none>? ? ? ? 80/TCP? ? 61s? ? app=myapp,release=v2

curl訪問svc

復(fù)制代碼

1 [root@k8s-master ingress]# curl 10.110.181.62

2 Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

3 [root@k8s-master ingress]#

4 [root@k8s-master ingress]# curl 10.110.181.62/hostname.html

5 myapp-deploy2-54f48f879b-lqlh2

6 [root@k8s-master ingress]#

7 [root@k8s-master ingress]# curl 10.110.181.62/hostname.html

8 myapp-deploy2-54f48f879b-7pxwp

9 [root@k8s-master ingress]#

10 [root@k8s-master ingress]# curl 10.110.181.62/hostname.html

11 myapp-deploy2-54f48f879b-pfvnn

復(fù)制代碼

Ingress HTTP代理訪問

yaml文件【由于自建的service在默認default名稱空間,因此這里也是default名稱空間】

復(fù)制代碼

1 [root@k8s-master ingress]# pwd

2 /root/k8s_practice/ingress

3 [root@k8s-master ingress]# cat ingress-http.yaml

4 apiVersion: networking.k8s.io/v1beta1

5 kind: Ingress

6 metadata:

7? name: nginx-http

8? namespace: default

9 spec:

10? rules:

11? ? - host: www.zhangtest.com

12? ? ? http:

13? ? ? ? paths:

14? ? ? ? - path: /

15? ? ? ? ? backend:

16? ? ? ? ? ? serviceName: myapp-clusterip1

17? ? ? ? ? ? servicePort: 80

18? ? - host: blog.zhangtest.com

19? ? ? http:

20? ? ? ? paths:

21? ? ? ? - path: /

22? ? ? ? ? backend:

23? ? ? ? ? ? serviceName: myapp-clusterip2

24? ? ? ? ? ? servicePort: 80

復(fù)制代碼

啟動ingress http并查看狀態(tài)

復(fù)制代碼

1 [root@k8s-master ingress]# kubectl apply -f ingress-http.yaml

2 ingress.networking.k8s.io/nginx-http created

3 [root@k8s-master ingress]#

4 [root@k8s-master ingress]# kubectl get ingress -o wide

5 NAME? ? ? ? HOSTS? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ADDRESS? PORTS? AGE

6 nginx-http? www.zhangtest.com,blog.zhangtest.com? ? ? ? ? ? 80? ? ? 9s

復(fù)制代碼

查看nginx配置文件

復(fù)制代碼

1 [root@k8s-master ~]# kubectl get pod -A | grep 'ingre'

2 ingress-nginx? ? ? ? ? nginx-ingress-controller-rrbh9? ? ? ? ? ? ? 1/1? ? Running? 0? ? ? ? ? 27m

3 [root@k8s-master ~]#

4 [root@k8s-master ~]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-rrbh9 bash

5 bash-5.0$ cat /etc/nginx/nginx.conf

6 …………

7 ##### 可見server www.zhangtest.com 和 server blog.zhangtest.com的配置

復(fù)制代碼

瀏覽器訪問

hosts文件修改,添加如下信息

1 文件位置:C:\WINDOWS\System32\drivers\etc\hosts

2 添加信息如下:

3 # K8S ingress學(xué)習(xí)

4 10.0.0.110? www.zhangtest.com? blog.zhangtest.com

瀏覽器訪問www.zhangtest.com

1 http://www.zhangtest.com/

2 http://www.zhangtest.com/hostname.html

瀏覽器訪問blog.zhangtest.com

1 http://blog.zhangtest.com/

2 http://blog.zhangtest.com/hostname.html

當(dāng)然:除了用瀏覽器訪問外,也可以在Linux使用curl訪問。前提是修改/etc/hosts文件,對上面的兩個域名進行解析。

Ingress HTTPS代理訪問

SSL證書創(chuàng)建

復(fù)制代碼

1 [root@k8s-master cert]# pwd

2 /root/k8s_practice/ingress/cert

3 [root@k8s-master cert]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BeiJing/O=BTC/OU=MOST/CN=zhang/emailAddress=ca@test.com"

4 Generating a 2048 bit RSA private key

5 ......................................................+++

6 ........................+++

7 writing new private key to 'tls.key'

8 -----

9 [root@k8s-master cert]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt

10 secret/tls-secret created

復(fù)制代碼

創(chuàng)建ingress https

yaml文件【由于自建的service在默認default名稱空間,因此這里也是default名稱空間】

復(fù)制代碼

1 [root@k8s-master ingress]# pwd

2 /root/k8s_practice/ingress

3 [root@k8s-master ingress]# cat ingress-https.yaml

4 apiVersion: networking.k8s.io/v1beta1

5 kind: Ingress

6 metadata:

7? name: nginx-https

8? namespace: default

9 spec:

10? tls:

11? ? - hosts:

12? ? ? - www.zhangtest.com

13? ? ? - blog.zhangtest.com

14? ? ? secretName: tls-secret

15? rules:

16? ? - host: www.zhangtest.com

17? ? ? http:

18? ? ? ? paths:

19? ? ? ? - path: /

20? ? ? ? ? backend:

21? ? ? ? ? ? serviceName: myapp-clusterip1

22? ? ? ? ? ? servicePort: 80

23? ? - host: blog.zhangtest.com

24? ? ? http:

25? ? ? ? paths:

26? ? ? ? - path: /

27? ? ? ? ? backend:

28? ? ? ? ? ? serviceName: myapp-clusterip2

29? ? ? ? ? ? servicePort: 80

復(fù)制代碼

啟動ingress https并查看狀態(tài)

復(fù)制代碼

1 [root@k8s-master ingress]# kubectl apply -f ingress-https.yaml

2 ingress.networking.k8s.io/nginx-https created

3 [root@k8s-master ingress]#

4 [root@k8s-master ingress]# kubectl get ingress -o wide

5 NAME? ? ? ? ? HOSTS? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ADDRESS? PORTS? ? AGE

6 nginx-https? www.zhangtest.com,blog.zhangtest.com? ? ? ? ? ? 80, 443? 8s

復(fù)制代碼

瀏覽器訪問

hosts文件修改,添加如下信息

1 文件位置:C:\WINDOWS\System32\drivers\etc\hosts

2 添加信息如下:

3 # K8S ingress學(xué)習(xí)

4 10.0.0.110? www.zhangtest.com? blog.zhangtest.com

瀏覽器訪問www.zhangtest.com

1 https://www.zhangtest.com/

2 https://www.zhangtest.com/hostname.html

瀏覽器訪問blog.zhangtest.com

1 https://blog.zhangtest.com/

2 https://blog.zhangtest.com/hostname.html

Ingress-Nginx實現(xiàn)BasicAuth認證

官網(wǎng)地址:

https://kubernetes.github.io/ingress-nginx/examples/auth/basic/

準備工作

復(fù)制代碼

1 [root@k8s-master ingress]# pwd

2 /root/k8s_practice/ingress

3 [root@k8s-master ingress]# yum install -y httpd

4 [root@k8s-master ingress]# htpasswd -c auth foo

5 New password: #輸入密碼

6 Re-type new password: #重復(fù)輸入的密碼

7 Adding password for user foo? ##### 此時會生成一個 auth文件

8 [root@k8s-master ingress]# kubectl create secret generic basic-auth --from-file=auth

9 secret/basic-auth created

10 [root@k8s-master ingress]#

11 [root@k8s-master ingress]# kubectl get secret basic-auth -o yaml

12 apiVersion: v1

13 data:

14? auth: Zm9vOiRhcHIxJFpaSUJUMDZOJDVNZ3hxdkpFNWVRTi9NdnZCcVpHaC4K

15 kind: Secret

16 metadata:

17? creationTimestamp: "2020-08-17T09:42:04Z"

18? name: basic-auth

19? namespace: default

20? resourceVersion: "775573"

21? selfLink: /api/v1/namespaces/default/secrets/basic-auth

22? uid: eef0853b-a52b-4684-922a-817e4cd9e9ca

23 type: Opaque

復(fù)制代碼

ingress yaml文件

復(fù)制代碼

1 [root@k8s-master ingress]# pwd

2 /root/k8s_practice/ingress

3 [root@k8s-master ingress]# cat nginx_basicauth.yaml

4 apiVersion: networking.k8s.io/v1beta1

5 kind: Ingress

6 metadata:

7? name: ingress-with-auth

8? annotations:

9? ? # type of authentication

10? ? nginx.ingress.kubernetes.io/auth-type: basic

11? ? # name of the secret that contains the user/password definitions

12? ? nginx.ingress.kubernetes.io/auth-secret: basic-auth

13? ? # message to display with an appropriate context why the authentication is required

14? ? nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'

15 spec:

16? rules:

17? - host: auth.zhangtest.com

18? ? http:

19? ? ? paths:

20? ? ? - path: /

21? ? ? ? backend:

22? ? ? ? ? serviceName: myapp-clusterip1

23? ? ? ? ? servicePort: 80

復(fù)制代碼

啟動ingress并查看狀態(tài)

復(fù)制代碼

1 [root@k8s-master ingress]# kubectl apply -f nginx_basicauth.yaml

2 ingress.networking.k8s.io/ingress-with-auth created

3 [root@k8s-master ingress]#

4 [root@k8s-master ingress]# kubectl get ingress -o wide

5 NAME? ? ? ? ? ? ? ? HOSTS? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ADDRESS? PORTS? ? AGE

6 ingress-with-auth? auth.zhangtest.com? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 80? ? ? ? 6s

復(fù)制代碼

瀏覽器訪問

hosts文件修改,添加如下信息

1 文件位置:C:\WINDOWS\System32\drivers\etc\hosts

2 添加信息如下:

3 # K8S ingress學(xué)習(xí)

4 10.0.0.110? www.zhangtest.com? blog.zhangtest.com auth.zhangtest.com

瀏覽器訪問auth.zhangtest.com

http://auth.zhangtest.com/

Ingress-Nginx實現(xiàn)Rewrite重寫

官網(wǎng)地址:

https://kubernetes.github.io/ingress-nginx/examples/rewrite/

重寫可以使用以下注解控制:

名稱 描述 值

nginx.ingress.kubernetes.io/rewrite-target 必須重定向的目標URL String

nginx.ingress.kubernetes.io/ssl-redirect 指示位置部分是否只能由SSL訪問(當(dāng)Ingress包含證書時,默認為True) Bool

nginx.ingress.kubernetes.io/force-ssl-redirect 即使Ingress沒有啟用TLS,也強制重定向到HTTPS Bool

nginx.ingress.kubernetes.io/app-root 定義應(yīng)用程序根目錄,Controller在“/”上下文中必須重定向該根目錄 String

nginx.ingress.kubernetes.io/use-regex 指示Ingress上定義的路徑是否使用正則表達式 Bool

ingress yaml文件

復(fù)制代碼

1 [root@k8s-master ingress]# pwd

2 /root/k8s_practice/ingress

3 [root@k8s-master ingress]# cat nginx_rewrite.yaml

4 apiVersion: networking.k8s.io/v1beta1

5 kind: Ingress

6 metadata:

7? annotations:

8? ? nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com

9? name: rewrite

10? namespace: default

11 spec:

12? rules:

13? - host: rewrite.zhangtest.com

14? ? http:

15? ? ? paths:

16? ? ? - backend:

17? ? ? ? ? serviceName: myapp-clusterip1

18? ? ? ? ? servicePort: 80

復(fù)制代碼

啟動ingress并查看狀態(tài)

復(fù)制代碼

1 [root@k8s-master ingress]# kubectl apply -f nginx_rewrite.yaml

2 ingress.networking.k8s.io/rewrite created

3 [root@k8s-master ingress]#

4 [root@k8s-master ingress]# kubectl get ingress -o wide

5 NAME? ? ? ? ? ? ? ? HOSTS? ? ? ? ? ? ? ? ? ADDRESS? ? ? ? ? PORTS? ? AGE

6 rewrite? ? ? ? ? ? rewrite.zhangtest.com? ? ? ? ? ? ? ? ? ? 80? ? ? ? 13s

復(fù)制代碼

瀏覽器訪問

hosts文件修改,添加如下信息

1 文件位置:C:\WINDOWS\System32\drivers\etc\hosts

2 添加信息如下:

3 # K8S ingress學(xué)習(xí)

4 10.0.0.110? www.zhangtest.com? blog.zhangtest.com auth.zhangtest.com? rewrite.zhangtest.com


深圳網(wǎng)站優(yōu)化www.zg886.cn

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

友情鏈接更多精彩內(nèi)容