k8s之ingress-nginx详解和部署方案

k8s之ingress-nginx详解和部署方案

介绍

Ingress是一个Kubernetes对象，用于管理和公开Kubernetes集群中服务的路由规则。 Ingress不会提供自己的实际负载均衡，相反，它需要一个后端负载均衡器来实现实际路由。

Nginx是一个流行的Web服务器和反向代理服务器。nginx-ingress-controller是一个开源的Ingress控制器，它使用Nginx作为后端负载均衡器。

部署nginx-ingress-controller

部署一个nginx-ingress-controller，需要执行以下步骤：

1. 部署使用RBAC的ingress-controller：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: default
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
    spec:
      containers:
        - name: controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0
          args:
            - /nginx-ingress-controller
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
            - --annotations-prefix=nginx.ingress.kubernetes.io
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443

1. Service部署使用：

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx-controller
  namespace: default
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXX:certificate/XXXXXXX-XXXXXXX-XXXXXXX
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: 80
    - name: https
      port: 443
      targetPort: 443

1. 部署所需的ConfigMap：

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-configuration
data:
  ssl-protocols: TLSv1.2 TLSv1.3

部署Ingress

在部署Ingress之前，必须将Ingress控制器作为Kubernetes集群的一部分进行部署，如上。接下来，通过创建Ingress对象来将服务公开。假设有一个名为my-service的服务，可以使用以下Ingress对象将其公开：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-service
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /my-path
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  name: http

上面的Ingress对象：

• 接受来自example.com主机的请求。
• 匹配example.com/my-path路径的请求。
• 重写请求的路径以删除/my-path前缀。
• 将请求路由到名为my-service的服务。

示例

1. 部署Ingress

创建Deployment：

apiVersion: v1
kind: Pod
metadata:
  name: hello-world-1
  labels:
    app: hello-world-1
spec:
  containers:
  - name: hello-world-1
    image: gcr.io/google-samples/hello-app:1.0
    ports:
    - containerPort: 8080

创建Service：

apiVersion: v1
kind: Service
metadata:
  name: hello-world-1
spec:
  ports:
  - port: 80
    targetPort: 8080
  selector:
    app: hello-world-1

创建Ingress：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world-1
spec:
  rules:
    - host: hello-world-1.example.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: hello-world-1
              port:
                name: http

2. 部署多条Ingress

创建Deployment：

apiVersion: v1
kind: Pod
metadata:
  name: hello-world-2
  labels:
    app: hello-world-2
spec:
  containers:
  - name: hello-world-2
    image: gcr.io/google-samples/hello-app:1.0
    ports:
    - containerPort: 8080

创建Service：

apiVersion: v1
kind: Service
metadata:
  name: hello-world-2
spec:
  ports:
  - port: 80
    targetPort: 8080
  selector:
    app: hello-world-2

创建Ingress：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world
spec:
  rules:
    - host: hello-world.example.com
      http:
        paths:
        - path: /hello-world-1
          pathType: Prefix
          backend:
            service:
              name: hello-world-1
              port:
                name: http
        - path: /hello-world-2
          pathType: Prefix
          backend:
            service:
              name: hello-world-2
              port:
                name: http

以上Ingress定义中，根据不同的请求路径，将请求路由到相应的服务中。可以通过访问http://hello-world.example.com/hello-world-1和http://hello-world.example.com/hello-world-2测试是否工作正常。

注意：不同的Ingress对象需要不同的主机名，并且每个主机名都需要在DNS中解析为Ingress控制器的IP地址。