跳到主要内容

ingress-nginx

相同类型工具

Traefik:这种设计就是为微服务这种动态生成而生的

Envoy :去做微服务的大家都比较倾向于Envoy

官网

https://kubernetes.github.io/ingress-nginx/deploy/#quick-start

官方仓库云版本

https://github.com/kubernetes/ingress-nginx/blob/main/deploy/static/provider/cloud/deploy.yaml

修改
有如下几处可按需修改:
DaemonSet:修改 Deployment 为 DaemonSet,移除 strategy 字段;
hostNetwork:使用宿主机的网络;
nodeSelector:添加标签选择器(可选);
将名为 ingress-nginx-controller 的 Service 类型改为 ClusterIP(要删除 externalTrafficPolicy 字段);
镜像源在国外,是否更替

https://github.com/kubernetes/ingress-nginx/releases

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm pull ingress-nginx/ingress-nginx

helm show values ingress-nginx-4.10.0.tar > value.yaml

修改 value.yaml 按照上面的要求

安装 controller
helm install ingress-nginx  ingress-nginx-4.10.0.tgz  -f va.yaml



ingress.yaml 文件

# 新版本k8s的ingress配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-nginx-arick
  annotations:
    # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
    # nginx.ingress.kubernetes.io/configuration-snippet: |
    #   if ($host != 'www.boge.com' ) {
    #     rewrite ^ https://www.boge.com$request_uri permanent;
    #   }
spec:
  ingressClassName: nginx
  rules:
    - host: boge.com
      http:
        paths:
          - backend:
              service:
                name: httptest
                port:
                  number: 80
            path: /
            pathType: Prefix
    - host: m.boge.com
      http:
        paths:
          - backend:
              service:
                name: httptest
                port:
                  number: 80
            path: /
            pathType: Prefix
    - host: www.boge.com
      http:
        paths:
          - backend:
              service:
                name: httptest
                port:
                  number: 80
            path: /
            pathType: Prefix
#  tls:
#      - hosts:
#          - boge.com
#          - m.boge.com
#          - www.boge.com
#        secretName: boge-com-tls

#  kubectl -n <namespace> create secret tls boge-com-tls --key boge.key --cert boge.csr

kubectl apply -f code/api/httptest/k8s/ingress.yaml

示例文件

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
  namespace: foo
spec:
  ingressClassName: nginx
  rules:
    - host: www.example.com
      http:
        paths:
          - pathType: Prefix
            backend:
              service:
                name: exampleService
                port:
                  number: 80
            path: /
  # This section is only required if TLS is to be enabled for the Ingress
  tls:
    - hosts:
      - www.example.com
      secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

apiVersion: v1
kind: Secret
metadata:
  name: example-tls
  namespace: foo
data:
  tls.crt: <base64 encoded cert>
  tls.key: <base64 encoded key>
type: kubernetes.io/tls