--
:
--
:
--
实战-Helm方式安装ingress-nginx(测试成功)v1-20220424
最后更新于:
v1-2022.4.24-实战-Helm方式安装ingress-nginx(测试成功)
目录
[toc]
环境
- 实验环境
1实验环境:
21、win10,vmwrokstation虚机;
32、k8s集群:3台centos7.6 1810虚机,1个master节点,2个node节点
4 k8s version:v1.22.2
5 containerd://1.5.5
63、helm:v3.7.2
74、ingress-nginx:v4.1.0
- 实验软件
链接:https://pan.baidu.com/s/1WbnzTI3II7X3jGyCKDN3GQ?pwd=83ol
提取码:83ol
2022.4.26-实验软件-《实战:ingress-nginx安装》-阳总-2022.4.26(博客分享)
前置条件
- k8s集群已存在
- k8s集群里安装了helm
1、helm方式安装Ingress-nginx
这里我们使用 Helm Chart的方式来进行安装:
- 关于helm如何安装,请查看我的文档:
实战:helm包管理-2022.4.4:https://blog.csdn.net/weixin_39246554/article/details/123955289
- 下载ingress-nginx charts包
1➜ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
2➜ helm repo update
3➜ helm fetch ingress-nginx/ingress-nginx
4➜ tar -xvf ingress-nginx-4.1.0.tgz && cd ingress-nginx
5➜ tree .
6.
7├── CHANGELOG.md
8├── Chart.yaml
9├── OWNERS
10├── README.md
11├── ci
12│ ├── controller-custom-ingressclass-flags.yaml
13│ ├── daemonset-customconfig-values.yaml
14│ ├── daemonset-customnodeport-values.yaml
15│ ├── daemonset-headers-values.yaml
16│ ├── daemonset-internal-lb-values.yaml
17│ ├── daemonset-nodeport-values.yaml
18│ ├── daemonset-podannotations-values.yaml
19│ ├── daemonset-tcp-udp-configMapNamespace-values.yaml
20│ ├── daemonset-tcp-udp-values.yaml
21│ ├── daemonset-tcp-values.yaml
22│ ├── deamonset-default-values.yaml
23│ ├── deamonset-metrics-values.yaml
24│ ├── deamonset-psp-values.yaml
25│ ├── deamonset-webhook-and-psp-values.yaml
26│ ├── deamonset-webhook-values.yaml
27│ ├── deployment-autoscaling-behavior-values.yaml
28│ ├── deployment-autoscaling-values.yaml
29│ ├── deployment-customconfig-values.yaml
30│ ├── deployment-customnodeport-values.yaml
31│ ├── deployment-default-values.yaml
32│ ├── deployment-headers-values.yaml
33│ ├── deployment-internal-lb-values.yaml
34│ ├── deployment-metrics-values.yaml
35│ ├── deployment-nodeport-values.yaml
36│ ├── deployment-podannotations-values.yaml
37│ ├── deployment-psp-values.yaml
38│ ├── deployment-tcp-udp-configMapNamespace-values.yaml
39│ ├── deployment-tcp-udp-values.yaml
40│ ├── deployment-tcp-values.yaml
41│ ├── deployment-webhook-and-psp-values.yaml
42│ ├── deployment-webhook-resources-values.yaml
43│ └── deployment-webhook-values.yaml
44├── templates
45│ ├── NOTES.txt
46│ ├── _helpers.tpl
47│ ├── _params.tpl
48│ ├── admission-webhooks
49│ │ ├── job-patch
50│ │ │ ├── clusterrole.yaml
51│ │ │ ├── clusterrolebinding.yaml
52│ │ │ ├── job-createSecret.yaml
53│ │ │ ├── job-patchWebhook.yaml
54│ │ │ ├── psp.yaml
55│ │ │ ├── role.yaml
56│ │ │ ├── rolebinding.yaml
57│ │ │ └── serviceaccount.yaml
58│ │ └── validating-webhook.yaml
59│ ├── clusterrole.yaml
60│ ├── clusterrolebinding.yaml
61│ ├── controller-configmap-addheaders.yaml
62│ ├── controller-configmap-proxyheaders.yaml
63│ ├── controller-configmap-tcp.yaml
64│ ├── controller-configmap-udp.yaml
65│ ├── controller-configmap.yaml
66│ ├── controller-daemonset.yaml
67│ ├── controller-deployment.yaml
68│ ├── controller-hpa.yaml
69│ ├── controller-ingressclass.yaml
70│ ├── controller-keda.yaml
71│ ├── controller-poddisruptionbudget.yaml
72│ ├── controller-prometheusrules.yaml
73│ ├── controller-psp.yaml
74│ ├── controller-role.yaml
75│ ├── controller-rolebinding.yaml
76│ ├── controller-service-internal.yaml
77│ ├── controller-service-metrics.yaml
78│ ├── controller-service-webhook.yaml
79│ ├── controller-service.yaml
80│ ├── controller-serviceaccount.yaml
81│ ├── controller-servicemonitor.yaml
82│ ├── default-backend-deployment.yaml
83│ ├── default-backend-hpa.yaml
84│ ├── default-backend-poddisruptionbudget.yaml
85│ ├── default-backend-psp.yaml
86│ ├── default-backend-role.yaml
87│ ├── default-backend-rolebinding.yaml
88│ ├── default-backend-service.yaml
89│ ├── default-backend-serviceaccount.yaml
90│ └── dh-param-secret.yaml
91└── values.yaml
92
934 directories, 81 files
Helm Chart 包下载下来后解压就可以看到里面包含的模板文件,其中的 ci 目录中就包含了各种场景下面安装的 Values 配置文件,values.yaml 文件中包含的是所有可配置的默认值,我们可以对这些默认值进行覆盖。
⚠️ 注意:
如果你不喜欢使用 helm chart 进行安装也可以使用下面的命令一键安装
1kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/cloud/deploy.yaml
2、创建自定义Values.yaml文件
- 然后新建一个名为
ci/daemonset-prod.yaml的 Values 文件,用来覆盖 ingress-nginx 默认的 Values 值。
注意:以下配置参数不是随便设置的,一定要是values.yaml里面有的才可以的哦;
1# vim ci/daemonset-prod.yaml
2# ci/daemonset-prod.yaml
3controller:
4 name: controller
5 image:
6 repository: cnych/ingress-nginx #老师这里是转存过的。
7 tag: "v1.1.0"
8 digest:
9
10 dnsPolicy: ClusterFirstWithHostNet
11
12 hostNetwork: true
13
14 publishService: # hostNetwork 模式下设置为false,通过节点IP地址上报ingress status数据
15 enabled: false
16
17 # 是否需要处理不带 ingressClass 注解或者 ingressClassName 属性的 Ingress 对象
18 # 设置为 true 会在控制器启动参数中新增一个 --watch-ingress-without-class 标注
19 watchIngressWithoutClass: false
20
21 kind: Deployment
22
23 tolerations: # kubeadm 安装的集群默认情况下master是有污点,需要容忍这个污点才可以部署
24 - key: "node-role.kubernetes.io/master"
25 operator: "Equal"
26 effect: "NoSchedule"
27
28 nodeSelector: # 固定到master1节点
29 kubernetes.io/hostname: master1
30
31 service: # HostNetwork 模式不需要创建service
32 enabled: false
33
34 admissionWebhooks: # 强烈建议开启 admission webhook
35 enabled: true
36 createSecretJob:
37 resources:
38 limits:
39 cpu: 10m
40 memory: 20Mi
41 requests:
42 cpu: 10m
43 memory: 20Mi
44 patchWebhookJob:
45 resources:
46 limits:
47 cpu: 10m
48 memory: 20Mi
49 requests:
50 cpu: 10m
51 memory: 20Mi
52 patch:
53 enabled: true
54 image:
55 repository: cnych/ingress-nginx-webhook-certgen #老师做了镜像转存
56 tag: v1.1.1
57 digest:
58
59defaultBackend: # 配置默认后端
60 enabled: true
61 name: defaultbackend
62 image:
63 repository: cnych/ingress-nginx-defaultbackend #老师做了镜像转存
64 tag: "1.5"
3、部署
- 然后使用如下命令安装
ingress-nginx应用到ingress-nginx的命名空间中:
1[root@master1 ingress-nginx]#helm upgrade --install ingress-nginx . -f ./ci/daemonset-prod.yaml --create-namespace --namespace ingress-nginx #upgrade如果存在的话,我就迁移更新,不存在的话,我就去安装。
2#这里我们耐心等待一会儿
3Release "ingress-nginx" has been upgraded. Happy Helming!
4NAME: ingress-nginx
5LAST DEPLOYED: Tue Apr 26 21:05:04 2022
6NAMESPACE: ingress-nginx
7STATUS: deployed
8REVISION: 2
9TEST SUITE: None
10NOTES:
11The ingress-nginx controller has been installed.
12It may take a few minutes for the LoadBalancer IP to be available.
13You can watch the status by running 'kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller'
14
15An example Ingress that makes use of the controller:
16 apiVersion: networking.k8s.io/v1
17 kind: Ingress
18 metadata:
19 name: example
20 namespace: foo
21 spec:
22 ingressClassName: nginx
23 rules:
24 - host: www.example.com
25 http:
26 paths:
27 - pathType: Prefix
28 backend:
29 service:
30 name: exampleService
31 port:
32 number: 80
33 path: /
34 # This section is only required if TLS is to be enabled for the Ingress
35 tls:
36 - hosts:
37 - www.example.com
38 secretName: example-tls
39
40If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
41
42 apiVersion: v1
43 kind: Secret
44 metadata:
45 name: example-tls
46 namespace: foo
47 data:
48 tls.crt: <base64 encoded cert>
49 tls.key: <base64 encoded key>
50 type: kubernetes.io/tls
4、验证
- 部署完成后查看 Pod 的运行状态:
1[root@master1 ingress-nginx]#kubectl get pod -n ingress-nginx -owide
2NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
3ingress-nginx-controller-r5964 1/1 Running 0 8m2s 172.29.9.51 master1 <none> <none>
4ingress-nginx-defaultbackend-84854cd6cb-8gzcm 1/1 Running 0 8m2s 10.244.1.197 node1 <none> <none>
5
6[root@master1 ingress-nginx]#kubectl get svc -n ingress-nginx
7NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
8ingress-nginx-controller-admission ClusterIP 10.106.208.0 <none> 443/TCP 8m8s
9ingress-nginx-defaultbackend ClusterIP 10.106.66.15 <none> 80/TCP 8m8s
- 查看下ingress-nginx pod的日志:
1[root@master1 ingress-nginx]# POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -n ingress-nginx -o jsonpath='{.items[0].metadata.name}')
2[root@master1 ingress-nginx]#echo $POD_NAME
3ingress-nginx-controller-r5964
4[root@master1 ingress-nginx]#kubectl logs $POD_NAME -n ingress-nginx
5-------------------------------------------------------------------------------
6NGINX Ingress controller
7 Release: v1.1.0
8 Build: cacbee86b6ccc45bde8ffc184521bed3022e7dee
9 Repository: https://github.com/kubernetes/ingress-nginx
10 nginx version: nginx/1.19.9
11
12-------------------------------------------------------------------------------
13
14W0426 13:00:16.359192 7 client_config.go:615] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
15I0426 13:00:16.359981 7 main.go:223] "Creating API client" host="https://10.96.0.1:443"
16I0426 13:00:16.387442 7 main.go:267] "Running in Kubernetes cluster" major="1" minor="22" git="v1.22.2" state="clean" commit="8b5a19147530eaac9476b0ab82980b4088bbc1b2" platform="linux/amd64"
17I0426 13:00:16.400163 7 main.go:86] "Valid default backend" service="ingress-nginx/ingress-nginx-defaultbackend"
18I0426 13:00:16.615214 7 main.go:104] "SSL fake certificate created" file="/etc/ingress-controller/ssl/default-fake-certificate.pem"
19I0426 13:00:16.704300 7 ssl.go:531] "loading tls certificate" path="/usr/local/certificates/cert" key="/usr/local/certificates/key"
20I0426 13:00:16.752208 7 nginx.go:255] "Starting NGINX Ingress controller"
21I0426 13:00:16.785466 7 event.go:282] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"ingress-nginx-controller", UID:"8e41333d-a6e7-47d6-a8e8-b1d0dab0fda7", APIVersion:"v1", ResourceVersion:"2336338", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/ingress-nginx-controller
22I0426 13:00:17.963766 7 store.go:424] "Found valid IngressClass" ingress="default/ghost" ingressclass="nginx"
23I0426 13:00:17.965404 7 event.go:282] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ghost", UID:"b421eee9-26f3-43a2-8d07-08df3c9fd814", APIVersion:"networking.k8s.io/v1", ResourceVersion:"2321677", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
24I0426 13:00:18.055029 7 nginx.go:297] "Starting NGINX process"
25I0426 13:00:18.055380 7 leaderelection.go:248] attempting to acquire leader lease ingress-nginx/ingress-controller-leader...
26I0426 13:00:18.061064 7 status.go:84] "New leader elected" identity="ingress-nginx-controller-dm4bg"
27I0426 13:00:18.061232 7 nginx.go:317] "Starting validation webhook" address=":8443" certPath="/usr/local/certificates/cert" keyPath="/usr/local/certificates/key"
28I0426 13:00:18.062097 7 controller.go:155] "Configuration changes detected, backend reload required"
29I0426 13:00:18.177454 7 controller.go:172] "Backend successfully reloaded"
30I0426 13:00:18.177565 7 controller.go:183] "Initial sync, sleeping for 1 second"
31I0426 13:00:18.177972 7 event.go:282] Event(v1.ObjectReference{Kind:"Pod", Namespace:"ingress-nginx", Name:"ingress-nginx-controller-r5964", UID:"edd71a4c-5f9d-4b3c-aa8e-b45ef67472ef", APIVersion:"v1", ResourceVersion:"2336371", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration
32I0426 13:00:57.356030 7 leaderelection.go:258] successfully acquired lease ingress-nginx/ingress-controller-leader
33I0426 13:00:57.356251 7 status.go:84] "New leader elected" identity="ingress-nginx-controller-r5964"
当看到上面的信息证明 ingress-nginx 部署成功了,这里我们安装的是最新版本的控制器。
- 安装完成后会自动创建一个名为
nginx的IngressClass对象:
1[root@master1 ingress-nginx]#kubectl get ingressclass
2NAME CONTROLLER PARAMETERS AGE
3nginx k8s.io/ingress-nginx <none> 12m
4
5[root@master1 ingress-nginx]#kubectl get ingressclass nginx -oyaml
6apiVersion: networking.k8s.io/v1
7kind: IngressClass
8metadata:
9 annotations:
10 meta.helm.sh/release-name: ingress-nginx
11 meta.helm.sh/release-namespace: ingress-nginx
12 creationTimestamp: "2022-04-26T13:00:15Z"
13 generation: 1
14 labels:
15 app.kubernetes.io/component: controller
16 app.kubernetes.io/instance: ingress-nginx
17 app.kubernetes.io/managed-by: Helm
18 app.kubernetes.io/name: ingress-nginx
19 app.kubernetes.io/part-of: ingress-nginx
20 app.kubernetes.io/version: 1.2.0
21 helm.sh/chart: ingress-nginx-4.1.0
22 name: nginx
23 resourceVersion: "2336359"
24 uid: 52bf2d88-a0d4-48e4-bb25-e07c7ae05375
25spec:
26 controller: k8s.io/ingress-nginx
不过这里我们只提供了一个 controller 属性,如果还需要配置一些额外的参数,则可以在安装的 values 文件中进行配置。
5、第一个示例
- 安装成功后,现在我们来为一个 nginx 应用创建一个 Ingress 资源,如下所示:
1# first-ingress.yaml
2apiVersion: apps/v1
3kind: Deployment
4metadata:
5 name: my-nginx
6spec:
7 selector:
8 matchLabels:
9 app: my-nginx
10 template:
11 metadata:
12 labels:
13 app: my-nginx
14 spec:
15 containers:
16 - name: my-nginx
17 image: nginx
18 ports:
19 - containerPort: 80
20---
21apiVersion: v1
22kind: Service
23metadata:
24 name: my-nginx
25 labels:
26 app: my-nginx
27spec:
28 ports:
29 - port: 80
30 protocol: TCP
31 name: http
32 selector:
33 app: my-nginx
34---
35apiVersion: networking.k8s.io/v1
36kind: Ingress
37metadata:
38 name: my-nginx
39 namespace: default
40spec:
41 ingressClassName: nginx # 使用 nginx 的 IngressClass(关联的 ingress-nginx 控制器)
42 rules:
43 - host: ngdemo.qikqiak.com # 将域名映射到 my-nginx 服务
44 http:
45 paths:
46 - path: /
47 pathType: Prefix
48 backend:
49 service: # 将所有请求发送到 my-nginx 服务的 80 端口
50 name: my-nginx
51 port:
52 number: 80
53# 不过需要注意大部分Ingress控制器都不是直接转发到Service,而是只是通过Service来获取后端的Endpoints列表(因此这里的svc只起到了一个服务发现的作用),直接转发到Pod,这样可以减少网络跳转,提高性能!!!
- 直接创建上面的资源对象:
1[root@master1 ingress-nginx]#kubectl apply -f first-ingress.yaml
2deployment.apps/my-nginx created
3service/my-nginx created
4ingress.networking.k8s.io/my-nginx created
5
6[root@master1 ingress-nginx]#kubectl get po
7NAME READY STATUS RESTARTS AGE
8my-nginx-7c4ff94949-hrxbh 1/1 Running 0 70s
9[root@master1 ingress-nginx]#kubectl get svc
10NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
11kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 177d
12my-nginx ClusterIP 10.101.20.210 <none> 80/TCP 72s
13
14
15记得在本地pc里配置下域名解析:
16C:\WINDOWS\System32\drivers\etc
17172.29.9.51 ngdemo.qikqiak.com
18
19[root@master1 ingress-nginx]#kubectl get ingress
20NAME CLASS HOSTS ADDRESS PORTS AGE
21my-nginx nginx ngdemo.qikqiak.com 172.29.9.51 80 2m19s
在上面的 Ingress 资源对象中我们使用配置 ingressClassName: nginx 指定让我们安装的 ingress-nginx 这个控制器来处理我们的 Ingress 资源,配置的匹配路径类型为前缀的方式去匹配 /,将来自域名 ngdemo.qikqiak.com 的所有请求转发到 my-nginx 服务的后端 Endpoints 中去。
上面资源创建成功后,然后我们可以将域名 ngdemo.qikqiak.com 解析到 ingress-nginx 所在的边缘节点中的任意一个,当然也可以在本地 /etc/hosts 中添加对应的映射也可以,然后就可以通过域名进行访问了。
(本地测试这里直接配置了hosts,但线上的还一般就是用dns了)
- 验证
安装完成。😘
关于我
我的博客主旨:
- 排版美观,语言精炼;
- 文档即手册,步骤明细,拒绝埋坑,提供源码;
- 本人实战文档都是亲测成功的,各位小伙伴在实际操作过程中如有什么疑问,可随时联系本人帮您解决问题,让我们一起进步!
🍀 微信二维码 x2675263825 (舍得), qq:2675263825。
🍀 微信公众号 《云原生架构师实战》
🍀 语雀
https://www.yuque.com/xyy-onlyone
🍀 csdn https://blog.csdn.net/weixin_39246554?spm=1010.2135.3001.5421
🍀 知乎 https://www.zhihu.com/people/foryouone
最后
好了,关于本次就到这里了,感谢大家阅读,最后祝大家生活快乐,每天都过的有意义哦,我们下期见!
1
📡
推荐使用微信支付
推荐使用支付宝
