做优化需要发多少个网站,网站友情链接代码,西湖区商城网站建设,网站进度表目录
一 手动部署-官网版 1.1 获取资源1.2 安装RBAC1.3 安装基础资源1.4 安装ingress controllers1.5 创建ingress controllers service二 手动部署-github社区版(推荐#xff09; 2.1 获取资源2.2 创建default backend2.3 确认验证三 ingress使用 3.1 创建demo环境3.2 创建i…目录
一 手动部署-官网版 1.1 获取资源1.2 安装RBAC1.3 安装基础资源1.4 安装ingress controllers1.5 创建ingress controllers service二 手动部署-github社区版(推荐 2.1 获取资源2.2 创建default backend2.3 确认验证三 ingress使用 3.1 创建demo环境3.2 创建ingress策略3.3 确认验证四 ingress https使用4.1 创建证书 4.2 创建secret4.3 创建TLS ingress策略4.4 确认验证一 手动部署-官网版 1.1 获取资源 1 [rootmaster01 ~]# mkdir ingress2 [rootmaster01 ~]# cd ingress/3 [rootmaster01 ingress]# git clone https://github.com/nginxinc/kubernetes-ingress/4 [rootmaster01 ingress]# cd kubernetes-ingress/deployments5 [rootmaster01 ingress]# git checkout v1.7.0 1.2 安装RBAC 1 [rootmaster01 deployments]# kubectl apply -f common/ns-and-sa.yaml #部署namespace及ServiceAccount2 [rootmaster01 deployments]# kubectl apply -f rbac/rbac.yaml #部署RBAC角色及权限等 1.3 安装基础资源 1 [rootmaster01 deployments]# kubectl apply -f common/default-server-secret.yaml
说明
创建TLS证书和NGINX中默认服务器的secret。默认服务器返回Not Found页面其中包含404状态代码用于未定义的所有访问规则请求的返回值。默认包含了一个自签名的证书和生成的密钥。 1 [rootmaster01 deployments]# kubectl apply -f common/nginx-config.yaml2 [rootmaster01 deployments]# kubectl apply -f common/vs-definition.yaml3 [rootmaster01 deployments]# kubectl apply -f common/vsr-definition.yaml4 [rootmaster01 deployments]# kubectl apply -f common/ts-definition.yaml #创建虚拟主机5 [rootmaster01 deployments]# kubectl apply -f common/gc-definition.yaml6 [rootmaster01 deployments]# kubectl apply -f common/global-configuration.yaml1.4 安装ingress controllers 1 [rootmaster01 deployments]# vi daemon-set/nginx-ingress.yaml 1 ……2 - -global-configuration$(POD_NAMESPACE)/nginx-configuration3 ……1 [rootmaster01 deployments]# kubectl apply -f daemon-set/nginx-ingress.yaml2 [rootmaster01 deployments]# kubectl get pods --namespacenginx-ingress3 NAME READY STATUS RESTARTS AGE4 5 nginx-ingress-cqv2m 1/1 Running 0 43s6 nginx-ingress-fpmbv 1/1 Running 0 43s7 nginx-ingress-kdl9p 1/1 Running 0 43s8 nginx-ingress-lggw9 1/1 Running 0 43s9 nginx-ingress-lnw28 1/1 Running 0 43s10 nginx-ingress-z8rn8 1/1 Running 0 43s1.5 创建ingress controllers service
[rootmaster01 deployments]# vi service/nodeport.yaml 1 apiVersion: v12 kind: Service3 metadata:4 name: nginx-ingress5 namespace: nginx-ingress6 spec:7 type: NodePort8 ports:9 - port: 8010 targetPort: 8011 protocol: TCP12 name: http13 nodePort: 3001114 - port: 44315 targetPort: 44316 protocol: TCP17 name: https18 nodePort: 3001219 selector:20 app: nginx-ingress1 [rootmaster01 deployments]# kubectl create -f service/nodeport.yaml2 [rootmaster01 deployments]# kubectl get svc nginx-ingress --namespacenginx-ingress3 [rootmaster01 deployments]# kubectl describe svc nginx-ingress --namespacenginx-ingress参考文档https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/。
二 手动部署-github社区版(推荐 2.1 获取资源 1 [rootmaster01 ~]# mkdir ingress2 [rootmaster01 ~]# cd ingress/3 [rootmaster01 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml4 [rootmaster01 ingress]# vi deploy.yaml1 ……2 apiVersion: apps/v13 kind: Deployment4 ……5 spec:6 replicas: 37 ……8 - --default-backend-service$(POD_NAMESPACE)/default-http-backend9 ……10 apiVersion: v111 kind: Service12 ……13 name: ingress-nginx-controller14 ……15 spec:16 type: NodePort17 externalTrafficPolicy: Local18 ports:19 - name: http20 port: 8021 protocol: TCP22 targetPort: http23 nodePort: 8024 - name: https25 port: 44326 protocol: TCP27 targetPort: https28 nodePort: 44329 ……[rootmaster01 ingress]# kubectl create -f deploy.yaml
提示添加默认backend需要等待default-backend创建完成controllers才能成功部署。 2.2 创建default backend
[rootmaster01 ingress]# vi default-backend.yaml 1 ---2 apiVersion: apps/v13 kind: Deployment4 metadata:5 name: default-http-backend6 labels:7 app.kubernetes.io/name: default-http-backend8 app.kubernetes.io/part-of: ingress-nginx9 namespace: ingress-nginx10 spec:11 replicas: 112 selector:13 matchLabels:14 app.kubernetes.io/name: default-http-backend15 app.kubernetes.io/part-of: ingress-nginx16 template:17 metadata:18 labels:19 app.kubernetes.io/name: default-http-backend20 app.kubernetes.io/part-of: ingress-nginx21 spec:22 terminationGracePeriodSeconds: 6023 containers:24 - name: default-http-backend25 # Any image is permissible as long as:26 # 1. It serves a 404 page at /27 # 2. It serves 200 on a /healthz endpoint28 image: k8s.gcr.io/defaultbackend-amd64:1.529 livenessProbe:30 httpGet:31 path: /healthz32 port: 808033 scheme: HTTP34 initialDelaySeconds: 3035 timeoutSeconds: 536 ports:37 - containerPort: 808038 resources:39 limits:40 cpu: 10m41 memory: 20Mi42 requests:43 cpu: 10m44 memory: 20Mi45 46 ---47 apiVersion: v148 kind: Service49 metadata:50 name: default-http-backend51 namespace: ingress-nginx52 labels:53 app.kubernetes.io/name: default-http-backend54 app.kubernetes.io/part-of: ingress-nginx55 spec:56 ports:57 - port: 8058 targetPort: 808059 selector:60 app.kubernetes.io/name: default-http-backend61 app.kubernetes.io/part-of: ingress-nginx62 ---1 [rootmaster01 ingress]# kubectl create -f default-backend.yaml
2.3 确认验证 1 [rootmaster01 ingress]# kubectl get pods -n ingress-nginx2 [rootmaster01 ingress]# kubectl get svc -n ingress-nginx参考文档https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md
三 ingress使用 3.1 创建demo环境 1 [rootmaster01 ingress]# vi deploy-demo01.yaml #创建第一个用于测试的svc和pod1 apiVersion: v12 kind: Service3 metadata:4 name: mydemo01svc5 namespace: default6 spec:7 selector:8 app: mydemo019 ports:10 - name: http11 port: 8012 targetPort: 8013 ---14 apiVersion: apps/v115 kind: Deployment16 metadata:17 name: mydemo01pod18 spec:19 replicas: 320 selector:21 matchLabels:22 app: mydemo0123 template:24 metadata:25 labels:26 app: mydemo0127 spec:28 containers:29 - name: myapp30 image: ikubernetes/myapp:v231 ports:32 - name: httpd33 containerPort: 801 [rootmaster01 ingress]# echo h1Hello world!/h1 index.html #创建Tomcat测试页面2 [rootmaster01 ingress]# scp index.html rootworker01:/etc/kubernetes/3 [rootmaster01 ingress]# scp index.html rootworker02:/etc/kubernetes/4 [rootmaster01 ingress]# scp index.html rootworker02:/etc/kubernetes/5 [rootmaster01 ingress]# vi deploy-demo02.yaml #创建第二个用于测试的svc和pod1 apiVersion: v12 kind: Service3 metadata:4 name: mydemo02svc5 namespace: default6 spec:7 selector:8 app: mydemo029 ports:10 - name: httpd11 port: 808012 targetPort: 808013 14 ---15 apiVersion: apps/v116 kind: Deployment17 metadata:18 name: mydemo02pod19 spec:20 replicas: 321 selector:22 matchLabels:23 app: mydemo0224 template:25 metadata:26 labels:27 app: mydemo0228 spec:29 containers:30 - name: mytomcat31 image: tomcat:932 ports:33 - name: httpd34 containerPort: 808035 volumeMounts:36 - mountPath: /usr/local/tomcat/webapps/ROOT/index.html37 name: sample-volume38 readOnly: true39 volumes:40 - name: sample-volume41 hostPath:42 type: File43 path: /etc/kubernetes/index.html1 [rootmaster01 ingress]# kubectl apply -f deploy-demo01.yaml2 [rootmaster01 ingress]# kubectl apply -f deploy-demo02.yaml3 [rootmaster01 ingress]# kubectl get pods -o wide4 [rootmaster01 ingress]# kubectl get svc -o wide3.2 创建ingress策略 1 [rootmaster01 ingress]# vi deploy-demo-ingress-http.yaml1 apiVersion: networking.k8s.io/v1beta12 kind: Ingress3 metadata:4 name: ingress-mydemo5 namespace: default6 annotations:7 kubernetes.io/ingress.class: nginx8 spec:9 rules:10 - host: demo01.odocker.com11 http:12 paths:13 - path:14 backend:15 serviceName: mydemo01svc16 servicePort: 8017 - host: demo02.linuxsb.com18 http:19 paths:20 - path:21 backend:22 serviceName: mydemo02svc23 servicePort: 80801 [rootmaster01 ingress]# kubectl apply -f deploy-demo-ingress-http.yaml2 [rootmaster01 ingress]# kubectl get pods -o wide3 [rootmaster01 ingress]# kubectl get svc -o wide4 [rootmaster01 ingress]# kubectl get ingress -o wide3.3 确认验证
添加demo01.odocker.com和demo02.odocker.com的解析。分别访问两个地址 参考https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
四 ingress https使用
4.1 创建证书
使用自签名证书证书创建参考《附008.Kubernetes TLS证书介绍及创建》。 4.2 创建secret 1 [rootmaster01 ingress]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo02.key -out demo02.crt -subj /CNdemo02.odocker.com2 [rootmaster01 ingress]# kubectl create secret generic demo02-tls --from-filedemo02.crt --from-filedemo02.key -n default3 [rootmaster01 ingress]# kubectl get secret demo02-tls 4 NAME TYPE DATA AGE5 6 demo02-tls Opaque 2 27s4.3 创建TLS ingress策略
[rootmaster01 ingress]# vi deploy-demo-ingress-https.yaml 1 apiVersion: networking.k8s.io/v1beta12 kind: Ingress3 metadata:4 name: ingress-mydemo02-https5 namespace: default6 annotations:7 kubernets.io/ingress.class: nginx8 spec:9 tls:10 - hosts:11 - demo02.odocker.com12 secretName: demo02-tls13 rules:14 - host: demo02.odocker.com15 http:16 paths:17 - path:18 backend:19 serviceName: mydemo02svc20 servicePort: 8080[rootmaster01 ingress]# kubectl apply -f deploy-demo-ingress-https.yaml 4.4 确认验证
浏览器访问https://demo02.odocker.com/。
