526互联

k8s安装Ingress-Nginx

发布时间 2023-12-13 15:42:14作者: tiandizhiguai

目前,DHorse(https://gitee.com/i512team/dhorse)只支持Ingress-nginx的Ingress实现,下面介绍Ingress-nginx的安装过程。

下载安装文件

首先,需要匹配Ingress-nginx版本和kubernetes版本。
https://github.com/kubernetes/ingress-nginx可以找到,如下图所示:

笔者用的k8s版本是v1.21.2,需要安装Ingress-nginx的v1.3.1版本,下载如下文件:

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml

替换镜像地址

查看该文件用到了哪些镜像:

[root@centos05 deployment]# cat deploy.yaml | grep image
        image: registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974
        imagePullPolicy: IfNotPresent
        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47
        imagePullPolicy: IfNotPresent
        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47
        imagePullPolicy: IfNotPresent

可以看出,所用到的镜像不在docker hub中,在registry.k8s.io中,由于国内的网络问题,拉取不到该仓库的镜像。
幸好https://dockerproxy.com/docs提供了镜像代理,按照文档的说明,我们需要把registry.k8s.io地址改为k8s.dockerproxy.com即可,替换以后的内容为:

registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 ->
k8s.dockerproxy.com/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974

registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 ->
k8s.dockerproxy.com/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47

安装

保存以后,部署ingress-nginx:

[root@centos05 deployment]# kubectl apply -f deploy.yaml 
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created

查看结果:

[root@centos05 deployment]# kubectl get pods -n ingress-nginx -o wide
NAME                                        READY   STATUS      RESTARTS   AGE   IP           NODE       NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-fq2kq        0/1     Completed   0          11s   10.32.1.89   centos06   <none>           <none>
ingress-nginx-admission-patch-fkphb         0/1     Completed   1          11s   10.32.1.90   centos06   <none>           <none>
ingress-nginx-controller-5c79d9494c-rh5rn   0/1     Running     0          11s   10.32.1.91   centos06   <none>           <none>

访问ingress-nginx-controller的ip,如下:

[root@centos05 deployment]# curl http://10.32.1.91
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

验证Ingress

假如,我们有一个名为hello-gradle的应用,并且有一个/hello的服务接口,并且绑定了名为www.hello-gradle.com的域名,如下图所示:

部署完该应用以后,在集群的任意节点配置host如下:

[root@centos06 deployment]# vim /etc/hosts
10.244.0.13 www.hello-gradle.com

然后通过域名访问/hello服务,如下:

[root@centos05 deployment]# curl http://www.hello-gradle.com/hello
Hello!