实战-Helm方式安装ingress-nginx(测试成功)v1-20220424

v1-2022.4.24-实战-Helm方式安装ingress-nginx(测试成功)

目录

[toc]

环境

• 实验环境

实验环境：1、win10,vmwrokstation虚机；2、k8s集群：3台centos7.61810虚机，1个master节点,2个node节点k8sversion：v1.22.2containerd:3、helm：v3.7.24、ingress-nginx：v4.1.0

• 实验软件

链接：https:➜helmrepoupdate➜helmfetchingress-nginx/ingress-nginx➜tar-xvfingress-nginx-4.1.0.tgz&&cdingress-nginx➜tree..├──CHANGELOG.md├──Chart.yaml├──OWNERS├──README.md├──ci│├──controller-custom-ingressclass-flags.yaml│├──daemonset-customconfig-values.yaml│├──daemonset-customnodeport-values.yaml│├──daemonset-headers-values.yaml│├──daemonset-internal-lb-values.yaml│├──daemonset-nodeport-values.yaml│├──daemonset-podannotations-values.yaml│├──daemonset-tcp-udp-configMapNamespace-values.yaml│├──daemonset-tcp-udp-values.yaml│├──daemonset-tcp-values.yaml│├──deamonset-default-values.yaml│├──deamonset-metrics-values.yaml│├──deamonset-psp-values.yaml│├──deamonset-webhook-and-psp-values.yaml│├──deamonset-webhook-values.yaml│├──deployment-autoscaling-behavior-values.yaml│├──deployment-autoscaling-values.yaml│├──deployment-customconfig-values.yaml│├──deployment-customnodeport-values.yaml│├──deployment-default-values.yaml│├──deployment-headers-values.yaml│├──deployment-internal-lb-values.yaml│├──deployment-metrics-values.yaml│├──deployment-nodeport-values.yaml│├──deployment-podannotations-values.yaml│├──deployment-psp-values.yaml│├──deployment-tcp-udp-configMapNamespace-values.yaml│├──deployment-tcp-udp-values.yaml│├──deployment-tcp-values.yaml│├──deployment-webhook-and-psp-values.yaml│├──deployment-webhook-resources-values.yaml│└──deployment-webhook-values.yaml├──templates│├──NOTES.txt│├──_helpers.tpl│├──_params.tpl│├──admission-webhooks││├──job-patch│││├──clusterrole.yaml│││├──clusterrolebinding.yaml│││├──job-createSecret.yaml│││├──job-patchWebhook.yaml│││├──psp.yaml│││├──role.yaml│││├──rolebinding.yaml│││└──serviceaccount.yaml││└──validating-webhook.yaml│├──clusterrole.yaml│├──clusterrolebinding.yaml│├──controller-configmap-addheaders.yaml│├──controller-configmap-proxyheaders.yaml│├──controller-configmap-tcp.yaml│├──controller-configmap-udp.yaml│├──controller-configmap.yaml│├──controller-daemonset.yaml│├──controller-deployment.yaml│├──controller-hpa.yaml│├──controller-ingressclass.yaml│├──controller-keda.yaml│├──controller-poddisruptionbudget.yaml│├──controller-prometheusrules.yaml│├──controller-psp.yaml│├──controller-role.yaml│├──controller-rolebinding.yaml│├──controller-service-internal.yaml│├──controller-service-metrics.yaml│├──controller-service-webhook.yaml│├──controller-service.yaml│├──controller-serviceaccount.yaml│├──controller-servicemonitor.yaml│├──default-backend-deployment.yaml│├──default-backend-hpa.yaml│├──default-backend-poddisruptionbudget.yaml│├──default-backend-psp.yaml│├──default-backend-role.yaml│├──default-backend-rolebinding.yaml│├──default-backend-service.yaml│├──default-backend-serviceaccount.yaml│└──dh-param-secret.yaml└──values.yaml4directories,81files

Helm Chart 包下载下来后解压就可以看到里面包含的模板文件，其中的 ci目录中就包含了各种场景下面安装的 Values 配置文件，values.yaml文件中包含的是所有可配置的默认值，我们可以对这些默认值进行覆盖。

⚠️ 注意：

如果你不喜欢使用 helm chart 进行安装也可以使用下面的命令一键安装

kubectlapply-fhttps:# ci/daemonset-prod.yamlcontroller:name:controllerimage:repository:cnych/ingress-nginx#老师这里是转存过的。tag:"v1.1.0"digest:dnsPolicy:ClusterFirstWithHostNethostNetwork:truepublishService:# hostNetwork 模式下设置为false，通过节点IP地址上报ingress status数据enabled:false# 是否需要处理不带 ingressClass 注解或者 ingressClassName 属性的 Ingress 对象# 设置为 true 会在控制器启动参数中新增一个 --watch-ingress-without-class 标注watchIngressWithoutClass:falsekind:Deploymenttolerations:# kubeadm 安装的集群默认情况下master是有污点，需要容忍这个污点才可以部署- key:"node-role.kubernetes.io/master"operator:"Equal"effect:"NoSchedule"nodeSelector:# 固定到master1节点kubernetes.io/hostname:master1service:# HostNetwork 模式不需要创建serviceenabled:falseadmissionWebhooks:# 强烈建议开启 admission webhookenabled:truecreateSecretJob:resources:limits:cpu:10mmemory:20Mirequests:cpu:10mmemory:20MipatchWebhookJob:resources:limits:cpu:10mmemory:20Mirequests:cpu:10mmemory:20Mipatch:enabled:trueimage:repository:cnych/ingress-nginx-webhook-certgen#老师做了镜像转存tag:v1.1.1digest:defaultBackend:# 配置默认后端enabled:truename:defaultbackendimage:repository:cnych/ingress-nginx-defaultbackend#老师做了镜像转存tag:"1.5"

3、部署

• 然后使用如下命令安装 ingress-nginx应用到 ingress-nginx的命名空间中：

[root@master1 ingress-nginx]#helm upgrade --install ingress-nginx .-f ./ci/daemonset-prod.yaml --create-namespace --namespace ingress-nginx #upgrade如果存在的话，我就迁移更新，不存在的话，我就去安装。#这里我们耐心等待一会儿Release"ingress-nginx"hasbeenupgraded.HappyHelming!NAME:ingress-nginxLASTDEPLOYED:TueApr2621:05:042022NAMESPACE:ingress-nginxSTATUS:deployedREVISION:2TESTSUITE:NoneNOTES:Theingress-nginxcontrollerhasbeeninstalled.ItmaytakeafewminutesfortheLoadBalancerIPtobeavailable.Youcanwatchthestatusbyrunning'kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller'AnexampleIngressthatmakesuseofthecontroller:apiVersion:networking.k8s.io/v1kind:Ingressmetadata:name:examplenamespace:foospec:ingressClassName:nginxrules:-host:www.example.comhttp:paths:-pathType:Prefixbackend:service:name:exampleServiceport:number:80path:/# This section is only required if TLS is to be enabled for the Ingresstls:-hosts:-www.example.comsecretName:example-tlsIfTLSisenabledfortheIngress,aSecretcontainingthecertificateandkeymustalsobeprovided:apiVersion:v1kind:Secretmetadata:name:example-tlsnamespace:foodata:tls.crt:<base64encodedcert>tls.key:<base64encodedkey>type:kubernetes.io/tls

4、验证

• 部署完成后查看 Pod 的运行状态：

[root@master1 ingress-nginx]#kubectl get pod -n ingress-nginx -owideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATEDNODEREADINESSGATESingress-nginx-controller-r59641/1Running08m2s172.29.9.51master1<none><none>ingress-nginx-defaultbackend-84854cd6cb-8gzcm1/1Running08m2s10.244.1.197node1<none><none>[root@master1 ingress-nginx]#kubectl get svc -n ingress-nginxNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S) AGEingress-nginx-controller-admissionClusterIP10.106.208.0<none>443/TCP8m8singress-nginx-defaultbackendClusterIP10.106.66.15<none>80/TCP8m8s

• 查看下ingress-nginx pod的日志：

[root@master1 ingress-nginx]# POD_NAME=$(kubectlgetpods-lapp.kubernetes.io/name=ingress-nginx-ningress-nginx-ojsonpath='{.items[0].metadata.name}')[root@master1 ingress-nginx]#echo $POD_NAMEingress-nginx-controller-r5964[root@master1 ingress-nginx]#kubectl logs $POD_NAME -n ingress-nginx-------------------------------------------------------------------------------NGINXIngresscontrollerRelease:v1.1.0Build:cacbee86b6ccc45bde8ffc184521bed3022e7deeRepository:https:nginxversion:nginx/1.19.9-------------------------------------------------------------------------------W042613:00:16.3591927client_config.go:615]Neither--kubeconfignor--masterwasspecified.UsingtheinClusterConfig.Thismightnotwork.I042613:00:16.3599817main.go:223]"Creating API client"host="https:I042613:00:16.3874427main.go:267]"Running in Kubernetes cluster"major="1"minor="22"git="v1.22.2"state="clean"commit="8b5a19147530eaac9476b0ab82980b4088bbc1b2"platform="linux/amd64"I042613:00:16.4001637main.go:86]"Valid default backend"service="ingress-nginx/ingress-nginx-defaultbackend"I042613:00:16.6152147main.go:104]"SSL fake certificate created"file="/etc/ingress-controller/ssl/default-fake-certificate.pem"I042613:00:16.7043007ssl.go:531]"loading tls certificate"path="/usr/local/certificates/cert"key="/usr/local/certificates/key"I042613:00:16.7522087nginx.go:255]"Starting NGINX Ingress controller"I042613:00:16.7854667event.go:282]Event(v1.ObjectReference{Kind:"ConfigMap",Namespace:"ingress-nginx",Name:"ingress-nginx-controller",UID:"8e41333d-a6e7-47d6-a8e8-b1d0dab0fda7",APIVersion:"v1",ResourceVersion:"2336338",FieldPath:""}):type:'Normal'reason:'CREATE'ConfigMapingress-nginx/ingress-nginx-controllerI042613:00:17.9637667store.go:424]"Found valid IngressClass"ingress="default/ghost"ingressclass="nginx"I042613:00:17.9654047event.go:282]Event(v1.ObjectReference{Kind:"Ingress",Namespace:"default",Name:"ghost",UID:"b421eee9-26f3-43a2-8d07-08df3c9fd814",APIVersion:"networking.k8s.io/v1",ResourceVersion:"2321677",FieldPath:""}):type:'Normal'reason:'Sync'ScheduledforsyncI042613:00:18.0550297nginx.go:297]"Starting NGINX process"I042613:00:18.0553807leaderelection.go:248]attemptingtoacquireleaderleaseingress-nginx/ingress-controller-leader...I042613:00:18.0610647status.go:84]"New leader elected"identity="ingress-nginx-controller-dm4bg"I042613:00:18.0612327nginx.go:317]"Starting validation webhook"address=":8443"certPath="/usr/local/certificates/cert"keyPath="/usr/local/certificates/key"I042613:00:18.0620977controller.go:155]"Configuration changes detected,backend reload required"I042613:00:18.1774547controller.go:172]"Backend successfully reloaded"I042613:00:18.1775657controller.go:183]"Initial sync,sleeping for 1 second"I042613:00:18.1779727event.go:282]Event(v1.ObjectReference{Kind:"Pod",Namespace:"ingress-nginx",Name:"ingress-nginx-controller-r5964",UID:"edd71a4c-5f9d-4b3c-aa8e-b45ef67472ef",APIVersion:"v1",ResourceVersion:"2336371",FieldPath:""}):type:'Normal'reason:'RELOAD'NGINXreloadtriggeredduetoachangeinconfigurationI042613:00:57.3560307leaderelection.go:258]successfullyacquiredleaseingress-nginx/ingress-controller-leaderI042613:00:57.3562517status.go:84]"New leader elected"identity="ingress-nginx-controller-r5964"

当看到上面的信息证明 ingress-nginx部署成功了，这里我们安装的是最新版本的控制器。

• 安装完成后会自动创建一个名为 nginx的 IngressClass对象：

[root@master1 ingress-nginx]#kubectl get ingressclassNAMECONTROLLERPARAMETERSAGEnginxk8s.io/ingress-nginx<none>12m[root@master1 ingress-nginx]#kubectl get ingressclass nginx -oyamlapiVersion:networking.k8s.io/v1kind:IngressClassmetadata:annotations:meta.helm.sh/release-name:ingress-nginxmeta.helm.sh/release-namespace:ingress-nginxcreationTimestamp:"2022-04-26T13:00:15Z"generation:1labels:app.kubernetes.io/component:controllerapp.kubernetes.io/instance:ingress-nginxapp.kubernetes.io/managed-by:Helmapp.kubernetes.io/name:ingress-nginxapp.kubernetes.io/part-of:ingress-nginxapp.kubernetes.io/version:1.2.0helm.sh/chart:ingress-nginx-4.1.0name:nginxresourceVersion:"2336359"uid:52bf2d88-a0d4-48e4-bb25-e07c7ae05375spec:controller:k8s.io/ingress-nginx

不过这里我们只提供了一个 controller属性，如果还需要配置一些额外的参数，则可以在安装的 values 文件中进行配置。

5、第一个示例

• 安装成功后，现在我们来为一个 nginx 应用创建一个 Ingress 资源，如下所示：

# first-ingress.yaml apiVersion:apps/v1kind:Deploymentmetadata:name:my-nginxspec:selector:matchLabels:app:my-nginxtemplate:metadata:labels:app:my-nginxspec:containers:- name:my-nginximage:nginxports:- containerPort:80---apiVersion:v1kind:Servicemetadata:name:my-nginxlabels:app:my-nginxspec:ports:- port:80protocol:TCPname:httpselector:app:my-nginx---apiVersion:networking.k8s.io/v1kind:Ingressmetadata:name:my-nginxnamespace:defaultspec:ingressClassName:nginx# 使用 nginx 的 IngressClass（关联的 ingress-nginx 控制器）rules:- host:ngdemo.qikqiak.com# 将域名映射到 my-nginx 服务http:paths:- path:/pathType:Prefixbackend:service:# 将所有请求发送到 my-nginx 服务的 80 端口name:my-nginxport:number:80# 不过需要注意大部分Ingress控制器都不是直接转发到Service,而是只是通过Service来获取后端的Endpoints列表(因此这里的svc只起到了一个服务发现的作用)，直接转发到Pod，这样可以减少网络跳转，提高性能!!!

• 直接创建上面的资源对象：

[root@master1 ingress-nginx]#kubectl apply -f first-ingress.yaml deployment.apps/my-nginxcreatedservice/my-nginxcreatedingress.networking.k8s.io/my-nginxcreated[root@master1 ingress-nginx]#kubectl get poNAMEREADYSTATUSRESTARTSAGEmy-nginx-7c4ff94949-hrxbh1/1Running070s[root@master1 ingress-nginx]#kubectl get svcNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S) AGEkubernetesClusterIP10.96.0.1<none>443/TCP177dmy-nginxClusterIP10.101.20.210<none>80/TCP72s记得在本地pc里配置下域名解析：C:\WINDOWS\System32\drivers\etc172.29.9.51ngdemo.qikqiak.com[root@master1 ingress-nginx]#kubectl get ingressNAMECLASSHOSTSADDRESSPORTSAGEmy-nginxnginxngdemo.qikqiak.com172.29.9.51802m19s

在上面的 Ingress 资源对象中我们使用配置 ingressClassName:nginx指定让我们安装的 ingress-nginx这个控制器来处理我们的 Ingress 资源，配置的匹配路径类型为前缀的方式去匹配 /，将来自域名 ngdemo.qikqiak.com的所有请求转发到 my-nginx服务的后端 Endpoints 中去。

上面资源创建成功后，然后我们可以将域名 ngdemo.qikqiak.com解析到 ingress-nginx所在的边缘节点中的任意一个，当然也可以在本地 /etc/hosts中添加对应的映射也可以，然后就可以通过域名进行访问了。

(本地测试这里直接配置了hosts，但线上的还一般就是用dns了)

• 验证

http:

版权：此文章版权归 One 所有，如有转载，请注明出处!

链接：可点击右上角分享此页面复制文章链接