本篇主要记录一下 k8s 新版本 1.23.5 中如何搭建 ingress controller 以及里面的注意项
新版本和老版本 区别有不少 ,坑很多,只能从官网一点点撸
目录
1.环境准备
操作系统:Centos7 (CentOS Linux release 7.9.2009)
Master 主节点:1台 虚拟机
Node 计算节点:2台 虚拟机
K8s version:v1.23.5 (选的较新的版本)
Docker version:20.10.14
环境和上一篇中 kubeadm 搭建 k8s 的一致
2.概述
下面从 官网摘取的对于 Ingress 的介绍
2.1 什么是 IngressIngress 是对集群中服务的外部访问进行管理的 API 对象,典型的访问方式是 HTTP。Ingress 可以提供负载均衡
Ingress 公开了从集群外部到集群内服务的 HTTP 和 HTTPS 路由。流量路由由 Ingress 资源上定义的规则控制。
下面是一个将所有流量都发送到同一 Service 的简单 Ingress 示例:
但是 仅创建 Ingress 资源本身没有任何效果,需要有对应的 Ingress 控制器 ,你可能需要部署 Ingress 控制器,例如 ingress-nginx。你可以从许多 Ingress 控制器 中进行选择。
2.2 什么是 Ingress controller为了让 Ingress 资源工作,集群必须有一个正在运行的 Ingress 控制器。k8s官网维护了 3 个Ingress控制器
目前支持和维护 AWS、 GCE 和 Nginx Ingress 控制器 ,本篇就拿 Ingress-nginx 作为控制器为例 讲解一下如何部署
还有一些 社区等提供的 控制器
3.部署 Ingress-nginx controller
本篇就拿 最常用的 Ingress-nginx 作为 Ingress的控制器,实现k8s 把请求重定向到集群内部(Cluster Ip)服务去
3.1 deploy.yaml 坑点Ingress-nginx 官网 提到了 deploy.yaml 文件
Ingress-nginx 新版本的 depoly.yaml 有些不同,需要拉取下面2个镜像
k8s.gcr.io/ingress-nginx/controller:v1.1.2
k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
多半是下载不到的,所以需要 自己替换一下 ,可以去docker hub 上找到对应的 镜像文件
总结 坑点:
新版本中 提供了 IngressClass ,需要在编写 Ingress 的时候指定
Image 加载不到,需要手动去 docker hub 上找其他的 并且修改 deploy.yaml文件
把 ingress-nginx-controller 使用 hostNetwork: true 进行部署 比 NodePort 减少一层转发,但是需要指定 选择打了标签的 node nodeSelector: app: ingress
3.2 deploy.yaml 样例(我自己修改后的 可以参考)#GENERATED FOR K8S 1.20apiVersion: v1kind: Namespacemetadata:labels: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginxname: ingress-nginx---apiVersion: v1automountServiceAccountToken: truekind: ServiceAccountmetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginxnamespace: ingress-nginx---apiVersion: v1kind: ServiceAccountmetadata:annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admissionnamespace: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginxnamespace: ingress-nginxrules:- apiGroups: - "" resources: - namespaces verbs: - get- apiGroups: - "" resources: - configmaps - pods - secrets - endpoints verbs: - get - list - watch- apiGroups: - "" resources: - services verbs: - get - list - watch- apiGroups: - networking.k8s.io resources: - ingresses verbs: - get - list - watch- apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - update- apiGroups: - networking.k8s.io resources: - ingressclasses verbs: - get - list - watch- apiGroups: - "" resourceNames: - ingress-controller-leader resources: - configmaps verbs: - get - update- apiGroups: - "" resources: - configmaps verbs: - create- apiGroups: - "" resources: - events verbs: - create - patch---apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admissionnamespace: ingress-nginxrules:- apiGroups: - "" resources: - secrets verbs: - get - create---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:labels: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginxrules:- apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets - namespaces verbs: - list - watch- apiGroups: - "" resources: - nodes verbs: - get- apiGroups: - "" resources: - services verbs: - get - list - watch- apiGroups: - networking.k8s.io resources: - ingresses verbs: - get - list - watch- apiGroups: - "" resources: - events verbs: - create - patch- apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - update- apiGroups: - networking.k8s.io resources: - ingressclasses verbs: - get - list - watch---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admissionrules:- apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - get - update---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginxnamespace: ingress-nginxroleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: ingress-nginxsubjects:- kind: ServiceAccount name: ingress-nginx namespace: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admissionnamespace: ingress-nginxroleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: ingress-nginx-admissionsubjects:- kind: ServiceAccount name: ingress-nginx-admission namespace: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:labels: app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginxroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ingress-nginxsubjects:- kind: ServiceAccount name: ingress-nginx namespace: ingress-nginx---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admissionroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ingress-nginx-admissionsubjects:- kind: ServiceAccount name: ingress-nginx-admission namespace: ingress-nginx---apiVersion: v1data:allow-snippet-annotations: "true"kind: ConfigMapmetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-controllernamespace: ingress-nginx---apiVersion: v1kind: Servicemetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-controllernamespace: ingress-nginxspec:externalTrafficPolicy: LocalipFamilies: - IPv4ipFamilyPolicy: SingleStackports: - appProtocol: http name: http port: 80 protocol: TCP targetPort: http - appProtocol: https name: https port: 443 protocol: TCP targetPort: httpsselector: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginxtype: LoadBalancer---apiVersion: v1kind: Servicemetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-controller-admissionnamespace: ingress-nginxspec:ports: - appProtocol: https name: https-webhook port: 443 targetPort: webhookselector: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginxtype: ClusterIP---apiVersion: apps/v1kind: Deploymentmetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-controllernamespace: ingress-nginxspec:minReadySeconds: 0revisionHistoryLimit: 10selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginxtemplate: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx spec: hostNetwork: true #修改ingress-nginx-controller 为 hostNetwork模式 nodeSelector: #选择 node label 中有 app=ingress的节点进行部署 app: ingress containers: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - --election-id=ingress-controller-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so image: k8s.gcr.io/ingress-nginx/controller:v1.1.2 #修改镜像地址 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - /wait-shutdown livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: controller ports: - containerPort: 80 name: http protocol: TCP - containerPort: 443 name: https protocol: TCP - containerPort: 8443 name: webhook protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 100m memory: 90Mi securityContext: allowPrivilegeEscalation: true capabilities: add: - NET_BIND_SERVICE drop: - ALL runAsUser: 101 volumeMounts: - mountPath: /usr/local/certificates/ name: webhook-cert readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: ingress-nginx terminationGracePeriodSeconds: 300 volumes: - name: webhook-cert secret: secretName: ingress-nginx-admission---apiVersion: batch/v1kind: Jobmetadata:annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admission-createnamespace: ingress-nginxspec:template: metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18 name: ingress-nginx-admission-create spec: containers: - args: - create - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - --secret-name=ingress-nginx-admission env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 #修改镜像地址 imagePullPolicy: IfNotPresent name: create securityContext: allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure securityContext: fsGroup: 2000 runAsNonRoot: true runAsUser: 2000 serviceAccountName: ingress-nginx-admission---apiVersion: batch/v1kind: Jobmetadata:annotations: helm.sh/hook: post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admission-patchnamespace: ingress-nginxspec:template: metadata: labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18 name: ingress-nginx-admission-patch spec: containers: - args: - patch - --webhook-name=ingress-nginx-admission - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - --secret-name=ingress-nginx-admission - --patch-failure-policy=Fail env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 #修改镜像地址 imagePullPolicy: IfNotPresent name: patch securityContext: allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure securityContext: fsGroup: 2000 runAsNonRoot: true runAsUser: 2000 serviceAccountName: ingress-nginx-admission---apiVersion: networking.k8s.io/v1kind: IngressClassmetadata:labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: nginxspec:controller: k8s.io/ingress-nginx---apiVersion: admissionregistration.k8s.io/v1kind: ValidatingWebhookConfigurationmetadata:labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.1.2 helm.sh/chart: ingress-nginx-4.0.18name: ingress-nginx-admissionwebhooks:- admissionReviewVersions: - v1 clientConfig: service: name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses failurePolicy: Fail matchPolicy: Equivalent name: validate.nginx.ingress.kubernetes.io rules: - apiGroups: - networking.k8s.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - ingresses sideEffects: None4.部署 Ingress-nginx
4.1 准备工作给 node2 节点打了app=ingress标签,因为上面的ingress-nginx-controller 使用的是 hostNetwork 模式(只会放pod真实pod 的 端口) + nodeSelector
kubectl label node kubec-node-2 app=ingress4.2 部署 kubect apply -fkubectl apply -f deploy.yaml #通过 kubectl apply 命令进行部署 ,前提是镜像准备好,否则GG4.3 查看状态kubectl get all -n ingress-nginx #查看 ingress-nginx namespace的 部署情况kubectl logs -f ingress-nginx-controller-744f6d5bdf-tl6g4 -n ingress-nginx # 查看 ingress-nginx-controller 的 日志情况4.4 测试访问直接访问 kube-node-2的 ip 即可,因为 ingress-nginx-controller 默认是 监听 80端口,由于上面的 nodeSelector: #选择 node label 中有 app=ingress的节点进行部署 ,而 kube-node-2 是被打了标签的节点node
可以看到 其实就是一个 nginx
5.部署一个 tomcat 测试 Ingress-nginx
通过部署一个tomcat ,测试Ingress-nginx的代理 是否生效
5.1 编写 deploy-tomcat.yaml主要编写
Deployment 部署tomcat:8.0-alpine,
Service 暴露 tomcat pod
一个 Ingress 资源它规定 访问 tomcat.demo.com 这个域名的 所有请求 / 都转发到 tomcat-demo Service 上
IngressClass 新版本提供的资源 ,用于在定义 Ingress资源的时候 指定,在集群中有多个 Ingress controller 的时候很有用处
apiVersion: apps/v1kind: Deploymentmetadata:name: tomcat-demospec:selector: matchLabels: app: tomcat-demoreplicas: 1template: metadata: labels: app: tomcat-demo spec: containers: - name: tomcat-demo image: tomcat:8.0-alpine ports: - containerPort: 8080---apiVersion: v1kind: Servicemetadata:name: tomcat-demospec:selector: app: tomcat-demo #选择 tomcat-demo pod ports:- port: 80 #对外暴露 80 端口 protocol: TCP targetPort: 8080 # tomcat 端口---apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: tomcat-demospec:defaultBackend: service: name: default-http-backend #!!!指定 默认的backend服务 port: number: 80 ingressClassName: nginx #!!!重点 需要指定 哪个 IngressClass 可以看上面的 deploy.yaml 最后定义的rules:- host: tomcat.demo.com #所有的tomcat.demo.com请求都转发到Service tomcat-demo http: paths: - pathType: Prefix path: "/" backend: service: name: tomcat-demo port: number: 80 ---#定义一个 default-http-backend 当没有被Ingress规定的请求 负载给 它apiVersion: apps/v1kind: Deploymentmetadata:name: default-http-backendlabels: app: default-http-backendspec:replicas: 1selector: matchLabels: app: default-http-backendtemplate: metadata: labels: app: default-http-backend spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend # Any image is permissible as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint image: registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend:1.4 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 8080 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi--- apiVersion: v1kind: Servicemetadata:name: default-http-backendlabels: app: default-http-backendspec:ports:- port: 80 targetPort: 8080selector: app: default-http-backend5.2 部署 tomcat + ingress + default-http-backend部署上面的文件 即可
查看 部署情况 可以看到都是Running 了
5.3 测试 通过Ingress-nginx 能否访问到tomcat由于我们 ingress 资源配置的 域名 是 tomcat.demo.com ,所以我需要把它添加到 宿主机的hosts 文件中,如下
那么按照预期,当我访问 tomcat.demo.com 的时候其实就是访问 192.168.56.22 上的 ingress-nginx-controller 这个nginx,那么根据 ingress 的 资源的设定 它会把请求 转发到 Service tomcat-demo 上,从而访问到 tomcat 界面
当我访问 api.demo.com 的时候 由于没有对这个域名进行处理 那么会默认把请求转发到 default-http-backend 上
访问 tomcat.demo.com
访问 api.demo.com
总结
至此在k8s 1.23.5上 已经成功部署了 Ingress-nginx ,并且通过部署一个tomcat服务测试了 Ingress-nginx 已经代理成功了,由于不管是 k8s 新版本和 Ingress-nginx 新版本都有些变化 所有很些坑,是我从官网不断摸索的,下面总结一下坑点
image 镜像需要自己从docker hub 上准备好 ,或者直接修改Ingress-nginx 的 deploy.yaml
k8s.gcr.io/ingress-nginx/controller:v1.1.2
k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
重要!新版本中 提供了 IngressClass ,需要在编写 Ingress 的时候指定
把 ingress-nginx-controller 使用 hostNetwork: true 进行部署 比 NodePort 减少一层转发,但是需要指定 选择打了标签的 node nodeSelector: app: ingress
通过 Ingress spec.defaultBackend 指定 默认服务,并且需要保持在同一个 namespace
spec:defaultBackend: service: name: default-http-backend #!!!指定 默认的backend服务 port: number: 80vscode k8s 插件 快捷生成Depoyment 的时候 自定添加了资源限制,导致部署tomcat的时候 总是启动不起来..
导致tomcat pod 状态 CrashLoopBackOff,从而导致 通过 Ingress-nginx 无法访问到tomcat
resources:limits: memory: "128Mi" #内存不够 部署tomcat 内存 cpu: "500m"欢迎大家访问个人博客 #/