ingress-nginx 的使用方法

ingress-nginx 是 NGINX Ingress Controller for Kubernetes,它能做的事情越来越多,NGINX Ingress Controller Examples 列出了 ingress-nginx 能做的事情。

获取后面要使用的 yaml 文件:

$ git clone https://github.com/introclass/kubernetes-yamls
$ cd kubernetes-yamls/ingress-nginx
$ ls
  01-tls                    05-1-external-svc         08-ratelimit
  02-auth-basic             05-2-auth-oauth-ext       ingress-nginx-0.25.1.yaml
  03-auth-cert              06-rewrite
  04-auth-basic-ext         07-mirror

试验环境

Kubernetes 是用 minikube 部署的单机版,见 Minikube 使用手册,版本如下:

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T12:36:28Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08-05T09:15:22Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

安装 ingress-nginx

创建 namespace、configmap,设置 role,部署 deployment(deployment 用到镜像要翻 Q 获取):

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.25.1/deploy/static/mandatory.yaml

如果不能翻Q,用下面的 yaml:

$ kubectl apply -f https://raw.githubusercontent.com/introclass/kubernetes-yamls/master/ingress-nginx/ingress-nginx-0.25.1.yaml

以 nodeport 的方式暴露 ingress-nginx:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.25.1/deploy/static/provider/baremetal/service-nodeport.yaml

30933 端口是 http 的映射端口,30358 是 https 协议的映射端口:

$ kubectl -n ingress-nginx get svc
NAME            TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx   NodePort   10.106.78.115   <none>        80:30933/TCP,443:30358/TCP   5d4h

部署目标服务

部署目标服务 echo,echo 服务的用途见 用 echoserver 观察代理/转发效果,通过 ingress-nginx 访问该目标服务:

$ kubectl apply -f https://raw.githubusercontent.com/introclass/kubernetes-yamls/master/all-in-one/echo-all-in-one.yaml

在名为 demo-echo 的 namespace 中创建了 echo 服务,以 nodeport 方式暴露 echo 服务:

$ kubectl -n demo-echo get svc -o wide
NAME   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                     AGE   SELECTOR
echo   NodePort   10.111.29.87   <none>        80:30411/TCP,22:31867/TCP   42d   app=echo

同时通过 ingress 暴露 echo 服务(用于和 ingress 代理返回的结果对比):

$ kubectl -n demo-echo get ingress
NAME                HOSTS                     ADDRESS   PORTS   AGE
ingress-echo        echo.example                        80      42d

验证环境

通过 nodeport 访问 echo 服务:

$ curl  http://192.168.99.100:30411

Hostname: echo-597d89dcd9-4dp6f

Pod Information:
	-no pod information available-

Server values:
	server_version=nginx: 1.13.3 - lua: 10008
...

通过 ingress-nginx 访问 echo 服务:

$ curl http://192.168.99.100:30933 -H "Host: echo.example"

Hostname: echo-597d89dcd9-4dp6f

Pod Information:
	-no pod information available-

Server values:
	server_version=nginx: 1.13.3 - lua: 10008

Request Information:
	client_address=172.17.0.18
	method=GET
	real path=/
	query=
	request_version=1.1
	request_uri=http://echo.example:8080/
...

参考

  1. 李佶澳的博客
  2. NGINX Ingress Controller Examples
  3. ingress-nginx