Kubernetes負載均衡器-Nginx ingress安裝

安裝Nginx ingress

Nginx ingress 使用ConfigMap來管理Nginx配置，nginx是你們熟知的代理和負載均衡軟件，比起Traefik來講功能更增強大.

咱們使用helm來部署，chart保存在私有的倉庫中，請確保您已經安裝和配置好helm，helm安裝使用見使用Helm管理kubernetes應用。

鏡像準備

安裝時須要用到的鏡像有：

• sophos/nginx-vts-exporter:v0.6
• gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
• gcr.io/google_containers/defaultbackend:1.3

gcr.io中的那個兩個鏡像我複製了一份到時速雲，可供你們下載：

• index.tenxcloud.com/jimmy/defaultbackend:1.3
• index.tenxcloud.com/jimmy/nginx-ingress-controller:0.9.0-beta.15

Docker hub上的那個鏡像能夠直接下載，全部的安裝時須要的配置保存在../manifests/nginx-ingress目錄下。

步驟詳解

安裝nginx-ingress chart到本地repo中

修改values.yaml配置，啓用RBAC支持，相關配置見nginx-ingress chart。

• 注意：把values.yaml裏面的hostnetwork改成true，由於ingress要使用主機網絡。

helm package .

查看niginx-ingress

$ helm search nginx-ingress
NAME                    VERSION    DESCRIPTION
local/nginx-ingress     0.8.9      An nginx Ingress controller that uses ConfigMap...
stable/nginx-ingress    0.8.9      An nginx Ingress controller that uses ConfigMap...
stable/nginx-lego       0.3.0      Chart for nginx-ingress-controller and kube-lego

使用helm部署nginx-ingress

$ helm install --name nginx-ingress local/nginx-ingress
NAME:   nginx-ingress
LAST DEPLOYED: Fri Oct 27 18:26:58 2017
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> rbac.authorization.k8s.io/v1beta1/Role
NAME                         KIND
nginx-ingress-nginx-ingress  Role.v1beta1.rbac.authorization.k8s.io

==> rbac.authorization.k8s.io/v1beta1/RoleBinding
nginx-ingress-nginx-ingress  RoleBinding.v1beta1.rbac.authorization.k8s.io

==> v1/Service
NAME                                         CLUSTER-IP      EXTERNAL-IP  PORT(S)                     AGE
nginx-ingress-nginx-ingress-controller       10.254.100.108  <nodes>      80:30484/TCP,443:31053/TCP  1s
nginx-ingress-nginx-ingress-default-backend  10.254.58.156   <none>       80/TCP                      1s

==> extensions/v1beta1/Deployment
NAME                                         DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
nginx-ingress-nginx-ingress-default-backend  1        1        1           0          1s
nginx-ingress-nginx-ingress-controller       1        1        1           0          1s

==> v1/ConfigMap
NAME                                    DATA  AGE
nginx-ingress-nginx-ingress-controller  1     1s

==> v1/ServiceAccount
NAME                         SECRETS  AGE
nginx-ingress-nginx-ingress  1        1s

==> rbac.authorization.k8s.io/v1beta1/ClusterRole
NAME                         KIND
nginx-ingress-nginx-ingress  ClusterRole.v1beta1.rbac.authorization.k8s.io

==> rbac.authorization.k8s.io/v1beta1/ClusterRoleBinding
nginx-ingress-nginx-ingress  ClusterRoleBinding.v1beta1.rbac.authorization.k8s.io


NOTES:
The nginx-ingress controller has been installed.
Get the application URL by running these commands:
  export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller)
  export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller)
  export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}")

  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."

An example Ingress that makes use of the controller:

  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

訪問Nginx

首先獲取Nginx的地址，從咱們使用helm安裝nginx-ingress命令的輸出中那個能夠看到提示，根據提示執行能夠看到nginx的http和https地址：

export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller)
  export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller)
  export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}")

  echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
  echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
  Visit http://172.20.0.113:30484 to access your application via HTTP.
  Visit https://172.20.0.113:31053 to access your application via HTTPS.

• http地址：http://172.20.0.113:30484
• https地址：https://172.20.0.113:31053

咱們分別在http和https地址上測試一下：

• /healthz返回200
• /返回404錯誤

curl -v http://172.20.0.113:30484/healthz
# 返回200
curl -v http://172.20.0.113:30484/
# 返回404
curl -v --insecure http://172.20.0.113:30484/healthz
# 返回200
curl -v --insecure http://172.20.0.113:30484/
# 返回404

刪除nginx-ingress

helm delete --purge nginx-ingress

使用--purge參數能夠完全刪除release不留下記錄，不然下一次部署的時候不能使用重名的release。

參考

Ingress-nginx github

Nginx chart configuration

使用Helm管理kubernetes應用