Kubernetes负载均衡器-Nginx ingress安装

时间 2019-11-07

标签 kubernetes 负载均衡器 nginx ingress 安装栏目负载均衡繁體版

原文原文链接

安装Nginx ingress

Nginx ingress 使用ConfigMap来管理Nginx配置，nginx是你们熟知的代理和负载均衡软件，比起Traefik来讲功能更增强大.html

咱们使用helm来部署，chart保存在私有的仓库中，请确保您已经安装和配置好helm，helm安装使用见使用Helm管理kubernetes应用。node

镜像准备

安装时须要用到的镜像有：nginx

sophos/nginx-vts-exporter:v0.6
gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
gcr.io/google_containers/defaultbackend:1.3

gcr.io中的那个两个镜像我复制了一份到时速云，可供你们下载：git

index.tenxcloud.com/jimmy/defaultbackend:1.3
index.tenxcloud.com/jimmy/nginx-ingress-controller:0.9.0-beta.15

Docker hub上的那个镜像能够直接下载，全部的安装时须要的配置保存在../manifests/nginx-ingress目录下。github

步骤详解

安装nginx-ingress chart到本地repo中json

修改values.yaml配置，启用RBAC支持，相关配置见nginx-ingress chart。api

注意：把values.yaml里面的hostnetwork改成true，由于ingress要使用主机网络。

helm package .

查看niginx-ingress网络

$ helm search nginx-ingress
NAME                    VERSION    DESCRIPTION
local/nginx-ingress     0.8.9      An nginx Ingress controller that uses ConfigMap...
stable/nginx-ingress    0.8.9      An nginx Ingress controller that uses ConfigMap...
stable/nginx-lego       0.3.0      Chart for nginx-ingress-controller and kube-lego

使用helm部署nginx-ingressapp

$ helm install --name nginx-ingress local/nginx-ingress
NAME:   nginx-ingress
LAST DEPLOYED: Fri Oct 27 18:26:58 2017
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> rbac.authorization.k8s.io/v1beta1/Role
NAME                         KIND
nginx-ingress-nginx-ingress  Role.v1beta1.rbac.authorization.k8s.io

==> rbac.authorization.k8s.io/v1beta1/RoleBinding
nginx-ingress-nginx-ingress  RoleBinding.v1beta1.rbac.authorization.k8s.io

==> v1/Service
NAME                                         CLUSTER-IP      EXTERNAL-IP  PORT(S)                     AGE
nginx-ingress-nginx-ingress-controller       10.254.100.108  <nodes>      80:30484/TCP,443:31053/TCP  1s
nginx-ingress-nginx-ingress-default-backend  10.254.58.156   <none>       80/TCP                      1s

==> extensions/v1beta1/Deployment
NAME                                         DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
nginx-ingress-nginx-ingress-default-backend  1        1        1           0          1s
nginx-ingress-nginx-ingress-controller       1        1        1           0          1s

==> v1/ConfigMap
NAME                                    DATA  AGE
nginx-ingress-nginx-ingress-controller  1     1s

==> v1/ServiceAccount
NAME                         SECRETS  AGE
nginx-ingress-nginx-ingress  1        1s

==> rbac.authorization.k8s.io/v1beta1/ClusterRole
NAME                         KIND
nginx-ingress-nginx-ingress  ClusterRole.v1beta1.rbac.authorization.k8s.io

==> rbac.authorization.k8s.io/v1beta1/ClusterRoleBinding
nginx-ingress-nginx-ingress  ClusterRoleBinding.v1beta1.rbac.authorization.k8s.io


NOTES:
The nginx-ingress controller has been installed.
Get the application URL by running these commands:
  export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller)
  export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller)
  export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}")

  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."

An example Ingress that makes use of the controller:

  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

访问Nginx负载均衡

首先获取Nginx的地址，从咱们使用helm安装nginx-ingress命令的输出中那个能够看到提示，根据提示执行能够看到nginx的http和https地址：

export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller)
  export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller)
  export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}")

  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
  Visit http://172.20.0.113:30484 to access your application via HTTP.
  Visit https://172.20.0.113:31053 to access your application via HTTPS.

http地址：http://172.20.0.113:30484
https地址：https://172.20.0.113:31053

咱们分别在http和https地址上测试一下：

/healthz返回200
/返回404错误

curl -v http://172.20.0.113:30484/healthz
# 返回200
curl -v http://172.20.0.113:30484/
# 返回404
curl -v --insecure http://172.20.0.113:30484/healthz
# 返回200
curl -v --insecure http://172.20.0.113:30484/
# 返回404

删除nginx-ingress

helm delete --purge nginx-ingress

使用--purge参数能够完全删除release不留下记录，不然下一次部署的时候不能使用重名的release。

参考

Ingress-nginx github

Nginx chart configuration

使用Helm管理kubernetes应用