1. 说明

项目地址:ingress-nginx

Nginx Ingress Controller 需要以下镜像:

注意,离线模式导入镜像可去除配置文件中 image 定义的 @sha256 配置。

1
2

registry.k8s.io/ingress-nginx/controller:v1.3.1
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0

2. 导入配置

为保证网络安全,需对内外网络进行隔离,所以将创建2个 Nginx Ingress

2.1. 创建 Nginx Ingress Class

由于 Nginx Ingress Controller 的配置过于庞大,不便于在此展示,可将文件 conf/nginx-public.yamlconf/ingress-nginx-private.yaml 推送到控制节点,再使用 kubectl apply -f ingress-nginx.yaml 导入资源。

导入完成以下命令查看结果:

1
2

kubectl get service,pods -n ingress-nginx-private -o wide
kubectl get service,pods -n ingress-nginx-public -o wide

如果一切无误,则会启动 ingress-nginx-controller,同时如果配置了 LoadBalancer ,则此时 LoadBalancer 也将绑定外部地址 。

2.2. 应用 Metallb 配置

如果你需要将 Ingress Nginx Service 的 IP 同时给其他 Service 使用,可应用此 Patch

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

cat << EOF | tee patch.yaml > /dev/null
metadata:
  annotations:
    metallb.universe.tf/allow-shared-ip: "<_metallb_tag_>" (1)
#spec:
#  externalTrafficPolicy: Local
#  ipFamilies:
#    - IPv4
#  ipFamilyPolicy: SingleStack
EOF
cat patch.yaml | sed -e "s|<_metallb_tag_>|public-ip-share|g" | tee patch-public.yaml > /dev/null
cat patch.yaml | sed -e "s|<_metallb_tag_>|private-ip-share|g" | tee patch-private.yaml > /dev/null

kubectl patch service -n ingress-nginx-public ingress-nginx-controller --type merge --patch-file patch-public.yaml
kubectl patch service -n ingress-nginx-private ingress-nginx-controller --type merge --patch-file patch-private.yaml

3. 测试

3.1. 导入测试配置

将以下配置导入到 kubernetes 下:

点击展开配置 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

apiVersion: v1
kind: ConfigMap
metadata:
  name: first-web
data:
  index.html: |
    first web demo.
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: second-web
data:
  index.html: |
    second web demo.
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-1
  labels:
    app: nginx-1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-1
  template:
    metadata:
      labels:
        app: nginx-1
    spec:
      containers:
        - name: nginx
          image: nginx:1.21.1
          ports:
            - containerPort: 80
          volumeMounts:
            - name: config
              mountPath: /usr/share/nginx/html
      volumes:
        - name: config
          configMap:
            name: first-web

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-2
  labels:
    app: nginx-2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-2
  template:
    metadata:
      labels:
        app: nginx-2
    spec:
      containers:
        - name: nginx
          image: nginx:1.21.1
          ports:
            - containerPort: 80
          volumeMounts:
            - name: config
              mountPath: /usr/share/nginx/html
      volumes:
        - name: config
          configMap:
            name: second-web
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-1-service
spec:
  selector:
    app: nginx-1
  ports:
    - protocol: TCP
      port: 80

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-2-service
spec:
  selector:
    app: nginx-2
  ports:
    - protocol: TCP
      port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-test
  annotations:
    # 重写路径
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx-private
  rules:
    - http:
        paths:
          - path: /first
            pathType: Prefix
            backend:
              service:
                name: nginx-1-service
                port:
                  number: 80
          - path: /second
            pathType: Prefix
            backend:
              service:
                name: nginx-2-service
                port:
                  number: 80

3.2. 验证测试结果

导入完成后,执行以下命令验证部署结果。

1
2
3
4
5
6
7

#!/usr/bin/env bash
# 获取 Nginx 绑定的 loadBalancer ip
CLIENT_IP=$(kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[*].ip}') (1)
# 查询路径一绑定的Service - Pod
curl http://$CLIENT_IP/first
# 查询路径二绑定的Service - Pod
curl http://$CLIENT_IP/second
其中:
1 需要配置了 LoadBalancer 此命令才可用

如果一切无误,则控制台会展示如下结果。

1
2

first web demo.
second web demo.

代码双击可复制 | 最后编辑于 2022-10-25 11:50:04 UTC+8 | 查看源码 | #4e321b