Ingress-nginx

1、資料信息:

Ingress-nginx github地址:https://guthub.com/kubernetes/ingress-nginx
Ingress-nginx 官方網(wǎng)站:https://kubernetes.github.io/ingress-nginx

2、Ingress訪問(wèn)方式

ingress訪問(wèn)方式.png

3、Ingress訪問(wèn)原理

ingress訪問(wèn)原理.png

4、部署Ingress-nginx

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
查看
kubectl get pod -n ingress-nginx

5、部署暴露模式(NodePort模式)

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

6、Ingress Http代理訪問(wèn)

示例

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-dm
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
  - host: liuchao.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

訪問(wèn):域名:NodePort

7、Ingress Https代理訪問(wèn)

7.1、創(chuàng)建證書(shū),以及cart存儲(chǔ)方式

[root@master https]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/0=nginxsvc"  //生成證書(shū)
[root@master https]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt    //創(chuàng)建

7.2、進(jìn)行ingress創(chuàng)建

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx3
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: nginx3
    spec:
      containers:
      - name: nginx3
        image: nginx:1.10
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx3
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx3
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: https
spec:
  tls:
    - hosts:
      - liuchao1.com
      secretName: tls-secret
  rules:
    - host: liuchao1.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx3
            servicePort: 80

7.3、使用https訪問(wèn)

8、Nginx進(jìn)行BasicAuth(技術(shù)認(rèn)證)

示例

環(huán)境安裝

yum -y install httpd
htpasswd -c auth(文件) foo(用戶(hù))
kubectl create secret generic basic-auth --from-file=auth

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: liuchao2.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

訪問(wèn):域名:http協(xié)議端口

9、nginx進(jìn)行重寫(xiě)

nginx重寫(xiě).png

示例

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: https://liuchao.com:31170
spec:
  rules:
  - host: liuchao1.com
    http:
      paths:
      - path:
        backend:
          serviceName: nginx-svc
          servicePort: 80

訪問(wèn)liuchao1.com跳轉(zhuǎn)到liuchao.com

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容