资料

Ingress-NGINX version k8s supported version Alpine Version Nginx Version
v1.5.1 1.25, 1.24, 1.23 3.16.2 1.21.6
v1.4.0 1.25, 1.24, 1.23, 1.22 3.16.2 1.19.10†
v1.3.1 1.24, 1.23, 1.22, 1.21, 1.20 3.16.2 1.19.10†
v1.3.0 1.24, 1.23, 1.22, 1.21, 1.20 3.16.0 1.19.10†

前置条件依赖

安装MetalLB

安装

使用 Helm 3 安装 Nginx Ingress Controller

注意:Ingress Controller它也是个应用程序,也有 service、deployment、pod 进行工作

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update


## 查看确认
[root@k8s-master k8s]# helm search repo ingress-nginx -l | grep -E "1.5.1|1.4.0|1.3.1"

ingress-nginx/ingress-nginx     4.4.2           1.5.1           Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx     4.4.0           1.5.1           Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx     4.3.0           1.4.0           Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx     4.2.5           1.3.1           Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx     4.2.4           1.3.1           Ingress controller for Kubernetes using NGINX a...




## 添加环境变量统一管理ingress-nginx 版本与工作命令空间;当前K8s集群版本为 v1.20.6
export NGINX_CHART_VERSION=4.2.5
helm pull ingress-nginx/ingress-nginx --version NGINX_CHART_VERSION


## 为 NGINX Ingress Controller 创建命名空间
export NGINX_ING_NAMESPACE=ingress-nginx-ns

# 在NGINX_ING_NAMESPACE 命名空间下创建, Ingress Controller是可以独立部署在自己的命名空间中

-----------------------------------------------------------------------------------

## 如果希望动态更改Ingress控制器副本的数量,请使用 Deployment。
## --set controller.kind=deployment
## 如果希望在所有节点上部署Ingress控制器,  请使用 DaemonSet。
## --set controller.kind=daemonset

##  是Pod的副本数
## --set controller.replicaCount

## Service 类型: NodePort            例如  443:30443    可以 通过宿主机 443 端口访问, 还可以通过 30443 端口进行访问
## Service 类型: LoadBalancer        例如  443:30443    只能 通过宿主机 443 端口访问, 并且30xxx端口是随机生成的

## LoadBalancer 类型的 Service,可以自动调用云服务商在 IaaS 层面的接口(宿主机的接口),并自动创建 LoadBalancer,将其指向该 Service
## 通俗的讲, 需要有外接的硬件设备,在通过设备访问80|443端口实现负载均衡访问;  或者使用 MetalLB实现软的负载均衡
## 安装MetalLB来解决K8S service LoadBalancer问题
##   http://www.dev-share.top/2020/08/14/%e4%bd%bf%e7%94%a8metallb%e6%9d%a5%e8%a7%a3%e5%86%b3k8s-service-loadbalancer%e9%97%ae%e9%a2%98/
## --set controller.service.type=LoadBalancer

创建 values.yaml

## Default 404 backend
## 默认不启动
defaultBackend:
  ## 默认不启动
  #enabled: false
  enabled: true
  name: defaultbackend
  image:
    #registry: registry.k8s.io
    #image: defaultbackend-amd64
    registry: cnagent
    image: defaultbackend-amd64
    tag: "1.5"
    pullPolicy: IfNotPresent
    # nobody user -> uid 65534
    runAsUser: 65534
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false


controller:
  name: controller
  # -- Use a `DaemonSet` or `Deployment`
  kind: DaemonSet
  replicaCount: 1

  image:
    #registry: registry.k8s.io
    #image: ingress-nginx/controller
    registry: cnagent
    image: ingress-nginx-controller
    tag: "v1.3.1"
    # 必须要用,否则拉取镜像会失败
    digest: sha256:d3642f55a6a7a102a9a579b3382fe73869c73890de4c94f28e36ba5e07925944
    pullPolicy: IfNotPresent

  # -- Configures the controller container name
  containerName: controller
  # -- Configures the ports that the nginx-controller listens on
  containerPort:
    http: 80
    https: 443

  service:
    enabled: true
    type: LoadBalancer

    ## type: NodePort
    ## nodePorts:
    ##   http: 32080
    ##   https: 32443
    ##   tcp:
    ##     8080: 32808
    nodePorts:
      http: ""
      https: ""
      tcp: {}
      udp: {}


    enableHttp: true
    enableHttps: true
    ports:
      http: 80
      https: 443

    targetPorts:
      http: http
      https: https

  ## web钩子
  admissionWebhooks:
    patch:
      enabled: true
      image:
        #registry: registry.k8s.io
        #image: ingress-nginx/kube-webhook-certgen
        registry: cnagent
        image: ingress-nginx-kube-webhook-certgen
        tag: v1.3.0
        digest: sha256:fe821886866f174069dbb1e3af741662efb44952e39d66488d1fb811673440b7
        pullPolicy: IfNotPresent



# -- TCP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
## 开启TCP代理功能
tcp: {}
#tcp:
#  8080: "default/example-tcp-svc:9000"
#tcp:
#  9094: "kafka-ns/kafka-3-2-3-0-external:9094"
#  9095: "kafka-ns/kafka-3-2-3-1-external:9094"
#  9096: "kafka-ns/kafka-3-2-3-2-external:9094"

# -- UDP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
## 开启UDP代理功能
udp: {}
#udp:
#  53: "kube-system/kube-dns:53"

部署/卸载

## 启动
helm install gateway ./ingress-nginx-NGINX_CHART_VERSION.tgz -f values.yaml -nNGINX_ING_NAMESPACE --create-namespace

## 更新(要强制更新)
helm upgrade gateway ./ingress-nginx-NGINX_CHART_VERSION.tgz -f values.yaml -nNGINX_ING_NAMESPACE --force

# 卸载
helm uninstall gateway -n $NGINX_ING_NAMESPACE

查看 运行情况

[root@k8s-master k8s]# kubectl -n $NGINX_ING_NAMESPACE get all


NAME                                                      READY   STATUS    RESTARTS   AGE
pod/gateway-ingress-nginx-controller-2b8l5                1/1     Running   0          102s
pod/gateway-ingress-nginx-controller-2s8ww                1/1     Running   0          102s
pod/gateway-ingress-nginx-controller-mzb45                1/1     Running   0          102s
pod/gateway-ingress-nginx-controller-q4d9z                1/1     Running   0          102s
pod/gateway-ingress-nginx-controller-z67gq                1/1     Running   0          102s
pod/gateway-ingress-nginx-defaultbackend-bf75d4b5-ktttz   1/1     Running   0          102s


NAME                                                 TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)                                                                   AGE
service/gateway-ingress-nginx-controller             LoadBalancer   10.96.179.94    192.168.101.100   80:30368/TCP,443:30275/TCP,9094:31895/TCP,9095:31808/TCP,9096:32339/TCP   102s
service/gateway-ingress-nginx-controller-admission   ClusterIP      10.96.135.75                443/TCP                                                                   102s
service/gateway-ingress-nginx-defaultbackend         ClusterIP      10.96.150.240               80/TCP                                                                    102s


NAME                                              DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/gateway-ingress-nginx-controller   5         5         5       5            5           kubernetes.io/os=linux   102s


NAME                                                   READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gateway-ingress-nginx-defaultbackend   1/1     1            1           102s


NAME                                                            DESIRED   CURRENT   READY   AGE
replicaset.apps/gateway-ingress-nginx-defaultbackend-bf75d4b5   1         1         1       102s


测试链接

## 返回 html,表示链接成功,因为没有程序,所以返回 404
## 请求的IP地址, 必须是 pod/gateway-ingress-nginx Pod所在的节点的地址
[root@k8s-master ~]# curl 192.168.101.100
## 因为开启了 defaultBackend 所以会返回这样的信息
default backend - 404

关注后解锁

分类: Kubernetesnginx

毛巳煜

高级软件开发全栈架构师

工信部备案号:辽ICP备17016257号-2