资料
- 详解 Ingress
- K8s官网 Ingress 控制器
- 安装 Helm
- 官网安装 Nginx Ingress Controller
- Github charts 源码(含values配置参数)
- K8s和ingress-controller版本对照关系
Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version |
---|---|---|---|
v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 |
v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† |
v1.3.1 |
1.24, 1.23, 1.22, 1.21, 1.20 |
3.16.2 | 1.19.10† |
v1.3.0 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.0 | 1.19.10† |
前置条件依赖
安装MetalLB
安装
使用 Helm 3 安装 Nginx Ingress Controller
注意
:Ingress Controller它也是个应用程序,也有 service、deployment、pod 进行工作
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
## 查看确认
[root@k8s-master k8s]# helm search repo ingress-nginx -l | grep -E "1.5.1|1.4.0|1.3.1"
ingress-nginx/ingress-nginx 4.4.2 1.5.1 Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx 4.4.0 1.5.1 Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx 4.3.0 1.4.0 Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx 4.2.5 1.3.1 Ingress controller for Kubernetes using NGINX a...
ingress-nginx/ingress-nginx 4.2.4 1.3.1 Ingress controller for Kubernetes using NGINX a...
## 添加环境变量统一管理ingress-nginx 版本与工作命令空间;当前K8s集群版本为 v1.20.6
export NGINX_CHART_VERSION=4.2.5
helm pull ingress-nginx/ingress-nginx --version NGINX_CHART_VERSION
## 为 NGINX Ingress Controller 创建命名空间
export NGINX_ING_NAMESPACE=ingress-nginx-ns
# 在NGINX_ING_NAMESPACE 命名空间下创建, Ingress Controller是可以独立部署在自己的命名空间中
-----------------------------------------------------------------------------------
## 如果希望动态更改Ingress控制器副本的数量,请使用 Deployment。
## --set controller.kind=deployment
## 如果希望在所有节点上部署Ingress控制器, 请使用 DaemonSet。
## --set controller.kind=daemonset
## 是Pod的副本数
## --set controller.replicaCount
## Service 类型: NodePort 例如 443:30443 可以 通过宿主机 443 端口访问, 还可以通过 30443 端口进行访问
## Service 类型: LoadBalancer 例如 443:30443 只能 通过宿主机 443 端口访问, 并且30xxx端口是随机生成的
## LoadBalancer 类型的 Service,可以自动调用云服务商在 IaaS 层面的接口(宿主机的接口),并自动创建 LoadBalancer,将其指向该 Service
## 通俗的讲, 需要有外接的硬件设备,在通过设备访问80|443端口实现负载均衡访问; 或者使用 MetalLB实现软的负载均衡
## 安装MetalLB来解决K8S service LoadBalancer问题
## http://www.dev-share.top/2020/08/14/%e4%bd%bf%e7%94%a8metallb%e6%9d%a5%e8%a7%a3%e5%86%b3k8s-service-loadbalancer%e9%97%ae%e9%a2%98/
## --set controller.service.type=LoadBalancer
创建 values.yaml
## Default 404 backend
## 默认不启动
defaultBackend:
## 默认不启动
#enabled: false
enabled: true
name: defaultbackend
image:
#registry: registry.k8s.io
#image: defaultbackend-amd64
registry: cnagent
image: defaultbackend-amd64
tag: "1.5"
pullPolicy: IfNotPresent
# nobody user -> uid 65534
runAsUser: 65534
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
controller:
name: controller
# -- Use a `DaemonSet` or `Deployment`
kind: DaemonSet
replicaCount: 1
image:
#registry: registry.k8s.io
#image: ingress-nginx/controller
registry: cnagent
image: ingress-nginx-controller
tag: "v1.3.1"
# 必须要用,否则拉取镜像会失败
digest: sha256:d3642f55a6a7a102a9a579b3382fe73869c73890de4c94f28e36ba5e07925944
pullPolicy: IfNotPresent
# -- Configures the controller container name
containerName: controller
# -- Configures the ports that the nginx-controller listens on
containerPort:
http: 80
https: 443
service:
enabled: true
type: LoadBalancer
## type: NodePort
## nodePorts:
## http: 32080
## https: 32443
## tcp:
## 8080: 32808
nodePorts:
http: ""
https: ""
tcp: {}
udp: {}
enableHttp: true
enableHttps: true
ports:
http: 80
https: 443
targetPorts:
http: http
https: https
## web钩子
admissionWebhooks:
patch:
enabled: true
image:
#registry: registry.k8s.io
#image: ingress-nginx/kube-webhook-certgen
registry: cnagent
image: ingress-nginx-kube-webhook-certgen
tag: v1.3.0
digest: sha256:fe821886866f174069dbb1e3af741662efb44952e39d66488d1fb811673440b7
pullPolicy: IfNotPresent
# -- TCP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
## 开启TCP代理功能
tcp: {}
#tcp:
# 8080: "default/example-tcp-svc:9000"
#tcp:
# 9094: "kafka-ns/kafka-3-2-3-0-external:9094"
# 9095: "kafka-ns/kafka-3-2-3-1-external:9094"
# 9096: "kafka-ns/kafka-3-2-3-2-external:9094"
# -- UDP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
## 开启UDP代理功能
udp: {}
#udp:
# 53: "kube-system/kube-dns:53"
部署/卸载
## 启动
helm install gateway ./ingress-nginx-NGINX_CHART_VERSION.tgz -f values.yaml -nNGINX_ING_NAMESPACE --create-namespace
## 更新(要强制更新)
helm upgrade gateway ./ingress-nginx-NGINX_CHART_VERSION.tgz -f values.yaml -nNGINX_ING_NAMESPACE --force
# 卸载
helm uninstall gateway -n $NGINX_ING_NAMESPACE
查看 运行情况
[root@k8s-master k8s]# kubectl -n $NGINX_ING_NAMESPACE get all
NAME READY STATUS RESTARTS AGE
pod/gateway-ingress-nginx-controller-2b8l5 1/1 Running 0 102s
pod/gateway-ingress-nginx-controller-2s8ww 1/1 Running 0 102s
pod/gateway-ingress-nginx-controller-mzb45 1/1 Running 0 102s
pod/gateway-ingress-nginx-controller-q4d9z 1/1 Running 0 102s
pod/gateway-ingress-nginx-controller-z67gq 1/1 Running 0 102s
pod/gateway-ingress-nginx-defaultbackend-bf75d4b5-ktttz 1/1 Running 0 102s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gateway-ingress-nginx-controller LoadBalancer 10.96.179.94 192.168.101.100 80:30368/TCP,443:30275/TCP,9094:31895/TCP,9095:31808/TCP,9096:32339/TCP 102s
service/gateway-ingress-nginx-controller-admission ClusterIP 10.96.135.75 443/TCP 102s
service/gateway-ingress-nginx-defaultbackend ClusterIP 10.96.150.240 80/TCP 102s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/gateway-ingress-nginx-controller 5 5 5 5 5 kubernetes.io/os=linux 102s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/gateway-ingress-nginx-defaultbackend 1/1 1 1 102s
NAME DESIRED CURRENT READY AGE
replicaset.apps/gateway-ingress-nginx-defaultbackend-bf75d4b5 1 1 1 102s
测试链接
## 返回 html,表示链接成功,因为没有程序,所以返回 404
## 请求的IP地址, 必须是 pod/gateway-ingress-nginx Pod所在的节点的地址
[root@k8s-master ~]# curl 192.168.101.100
## 因为开启了 defaultBackend 所以会返回这样的信息
default backend - 404
关注后解锁