hugo-teek is loading...

2025-03-09 k8s +2 k8s网络 ingress-nginx 4470 字 22 分钟 -- 次

实战-yaml方式安装ingress-nginx(测试成功)(Deployment方式)【荐】v2-20230302

最后更新于: 2025-12-06 17:39:04

v2-2023.3.2-实战-yaml方式安装ingress-nginx(测试成功)(Deployment方式)【荐】

实验环境

1实验环境：
21、win10,vmwrokstation虚机；
32、k8s集群：3台centos7.6 1810虚机，1个master节点,2个node节点
4   k8s version：v1.22.2
5   containerd: v1.5.5
6   
7 #同样在k8s version: v1.25.4，containerd: v1.6.10下也使用次环境；

实验软件

2023.3.2-实战：yaml方式安装ingress-nginx-2023.3.2(测试成功)

链接：https://pan.baidu.com/s/1MJ3Iid8lTfgQmE4i8T5kHA?pwd=2ql4 提取码：2ql4

1、安装过程

安装 ingress-nginx 有多种方式，我们这里直接使用下面的命令进行一键安装：

 1（1）下载部署文件
 2wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml
 3#我软件包里已提供，是已经修改好了的；
 4
 5（2）替换镜像 #如果使用我提供的yaml文件，这里的配置就不要做了；
 6# 可以替换对应的两个镜像
 7# cnych/ingress-nginx:v1.5.1
 8# cnych/ingress-nginx-kube-webhook-certgen:v20220916-gd32f8c343
 9将
10image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629
11替换为：
12image: cnych/ingress-nginx:v1.5.1
13
14将 #这个需要替换2处
15image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
16替换为：
17image: cnych/ingress-nginx-kube-webhook-certgen:v20220916-gd32f8c343
18
19（3）部署
20[root@master1 ~]#kubectl apply -f deploy.yaml
21namespace/ingress-nginx created
22serviceaccount/ingress-nginx created
23serviceaccount/ingress-nginx-admission created
24role.rbac.authorization.k8s.io/ingress-nginx created
25role.rbac.authorization.k8s.io/ingress-nginx-admission created
26clusterrole.rbac.authorization.k8s.io/ingress-nginx created
27clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
28rolebinding.rbac.authorization.k8s.io/ingress-nginx created
29rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
30clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
31clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
32configmap/ingress-nginx-controller created
33service/ingress-nginx-controller created
34service/ingress-nginx-controller-admission created
35deployment.apps/ingress-nginx-controller created
36job.batch/ingress-nginx-admission-create created
37job.batch/ingress-nginx-admission-patch created
38ingressclass.networking.k8s.io/nginx created
39validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
40[root@master1 ~]#

上面的命令执行后会自动创建一个名为 ingress-nginx 的命名空间，会生成如下几个 Pod：

1[root@master1 ~]# kubectl get pods -n ingress-nginx
2NAME                                       READY   STATUS      RESTARTS   AGE
3ingress-nginx-admission-create--1-xh62p    0/1     Completed   0          28s
4ingress-nginx-admission-patch--1-dccjl     0/1     Completed   2          28s
5ingress-nginx-controller-c66bc7c5c-pj2h8   1/1     Running     0          29s

此外还会创建如下两个 Service 对象：

1[root@master1 ~]# kubectl get svc -n ingress-nginx
2NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
3ingress-nginx-controller             LoadBalancer   10.96.228.157   <pending>     80:30933/TCP,443:31697/TCP   95s
4ingress-nginx-controller-admission   ClusterIP      10.105.93.22    <none>        443/TCP                      95s

其中 ingress-nginx-controller-admission 是为准入控制器提供服务的，我们也是强烈推荐开启该准入控制器，这样当我们创建不合要求的 Ingress 对象后就会直接被拒绝了。另外一个 ingress-nginx-controller 就是ingress 控制器对外暴露的服务，我们可以看到默认是一个 LoadBalancer 类型的 Service，我们知道该类型是用于云服务商的，我们这里在本地环境，暂时不能使用，但是可以通过他的 NodePort 来对外暴露，后面我们会提供在本地测试环境提供 LoadBalancer 的方式。

到这里 ingress-nginx 就部署成功了，安装完成后还会创建一个名为 nginx 的 IngressClass 对象：

 1[root@master1 ~]# kubectl get ingressclass
 2NAME    CONTROLLER             PARAMETERS   AGE
 3nginx   k8s.io/ingress-nginx   <none>       3m43s
 4
 5[root@master1 ~]#kubectl get ingressclass nginx -o yaml
 6apiVersion: networking.k8s.io/v1
 7kind: IngressClass
 8metadata:
 9  annotations:
10    kubectl.kubernetes.io/last-applied-configuration: |
11      {"apiVersion":"networking.k8s.io/v1","kind":"IngressClass","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","app.kubernetes.io/part-of":"ingress-nginx","app.kubernetes.io/version":"1.5.1"},"name":"nginx"},"spec":{"controller":"k8s.io/ingress-nginx"}}
12  creationTimestamp: "2023-03-01T14:49:35Z"
13  generation: 1
14  labels:
15    app.kubernetes.io/component: controller
16    app.kubernetes.io/instance: ingress-nginx
17    app.kubernetes.io/name: ingress-nginx
18    app.kubernetes.io/part-of: ingress-nginx
19    app.kubernetes.io/version: 1.5.1
20  name: nginx
21  resourceVersion: "20342"
22  uid: 7b4ad44f-1eff-405b-9da4-821808529177
23spec:
24  controller: k8s.io/ingress-nginx
25[root@master1 ~]#

这里我们只提供了一个 controller 属性，对应的值和 ingress-nginx 的启动参数中的 controller-class 一致的。

 1[root@master1 ~]#cat deploy.yaml
 2431     spec:
 3432       containers:
 4433       - args:
 5434         - /nginx-ingress-controller
 6435         - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
 7436         - --election-id=ingress-nginx-leader
 8437         - --controller-class=k8s.io/ingress-nginx
 9438         - --ingress-class=nginx
10439         - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
11440         - --validating-webhook=:8443
12441         - --validating-webhook-certificate=/usr/local/certificates/cert
13442         - --validating-webhook-key=/usr/local/certificates/key

2、第一个示例

我们先看下ingress-controllerpod所在的节点

 1[root@master1 ~]#vim deploy.yaml
 2406 apiVersion: apps/v1
 3407 kind: Deployment
 4……
 5509       nodeSelector:
 6510         kubernetes.io/os: linux
 7
 8[root@master1 ~]#kubectl get po -ningress-nginx -owide
 9NAME                                       READY   STATUS      RESTARTS   AGE     IP           NODE    NOMINATED NODE   READINESS GATES
10ingress-nginx-admission-create--1-xh62p    0/1     Completed   0          7h50m   10.244.2.6   node2   <none>           <none>
11ingress-nginx-admission-patch--1-dccjl     0/1     Completed   2          7h50m   10.244.1.8   node1   <none>           <none>
12ingress-nginx-controller-c66bc7c5c-pj2h8   1/1     Running     0          7h50m   10.244.1.9   node1   <none>           <none> #可以看到时ingress-controller被调度在了node1上

安装成功后，现在我们来为一个 nginx 应用创建一个 Ingress 资源，如下所示：

 1# my-nginx.yaml 
 2apiVersion: apps/v1
 3kind: Deployment
 4metadata:
 5  name: my-nginx
 6spec:
 7  selector:
 8    matchLabels:
 9      app: my-nginx
10  template:
11    metadata:
12      labels:
13        app: my-nginx
14    spec:
15      containers:
16      - name: my-nginx
17        image: nginx
18        ports:
19        - containerPort: 80
20---
21apiVersion: v1
22kind: Service
23metadata:
24  name: my-nginx
25  labels:
26    app: my-nginx
27spec:
28  ports:
29  - port: 80
30    protocol: TCP
31    name: http
32  selector:
33    app: my-nginx
34---
35apiVersion: networking.k8s.io/v1
36kind: Ingress
37metadata:
38  name: my-nginx
39  namespace: default
40spec:
41  ingressClassName: nginx  # 使用 nginx 的 IngressClass（关联的 ingress-nginx 控制器）
42  rules:
43  - host: first-ingress.172.29.9.52.nip.io  # 将域名映射到 my-nginx 服务
44    http:
45      paths:
46      - path: /
47        pathType: Prefix
48        backend:
49          service:  # 将所有请求发送到 my-nginx 服务的 80 端口
50            name: my-nginx
51            port:
52              number: 80
53# 不过需要注意大部分Ingress控制器都不是直接转发到Service,而是只是通过Service来获取后端的Endpoints列表(因此这里的svc只起到了一个服务发现的作用)，直接转发到Pod，这样可以减少网络跳转，提高性能!!!

⚠️ 注意：

注意我们这里配置的域名是 first-ingress.172.18.0.2.nip.io，该地址其实会直接映射到 172.18.0.2 上面，该 IP 地址就是我的 Node 节点地址，因为我们这里 ingress 控制器是通过 NodePort 对外进行暴露的，所以可以通过 域名:nodePort 来访问服务。nip.io 是由 PowerDNS 提供支持的开源服务，允许我们可以直接通过使用以下格式将任何 IP 地址映射到主机名，这样我们就不需要在 etc/hosts 文件中配置映射了，对于 Ingress 测试非常方便。

注意：nip.io不需要另外安装服务，我们只要安装如下命令配置就好。

这里直接创建上面的资源对象即可：

 1[root@master1 ~]#kubectl apply -f my-nginx.yaml
 2deployment.apps/my-nginx created
 3service/my-nginx created
 4ingress.networking.k8s.io/my-nginx created
 5[root@master1 ~]#kubectl get ingress
 6NAME       CLASS   HOSTS                              ADDRESS   PORTS   AGE
 7my-nginx   nginx   first-ingress.172.29.9.52.nip.io             80      27m
 8
 9root@master1 ~]#kubectl get svc -ningress-nginx
10NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
11ingress-nginx-controller             LoadBalancer   10.96.228.157   <pending>     80:30933/TCP,443:31697/TCP   7h51m
12ingress-nginx-controller-admission   ClusterIP      10.105.93.22    <none>        443/TCP                      7h51m

在上面的 Ingress 资源对象中我们使用配置 ingressClassName: nginx 指定让我们安装的 ingress-nginx 这个控制器来处理我们的 Ingress 资源，配置的匹配路径类型为前缀的方式去匹配 / ，将来自域名 firstingress.172.29.9.52.nip.io 的所有请求转发到 my-nginx 服务的后端 Endpoints 中去，注意访问的时候需要带上 NodePort 端口。

测试

 1[root@master1 ~]#curl first-ingress.172.29.9.52.nip.io
 2curl: (7) Failed connect to first-ingress.172.29.9.52.nip.io:80; Connection refused
 3
 4[root@master1 ~]#curl first-ingress.172.29.9.52.nip.io:30933 #注意：这里的ingrexx-nginx默认是一个 LoadBalancer 类型的 Service，我们知道该类型是用于云服务商的，我们这里在本地环境，暂时不能使用，但是可以通过他的 NodePort 来对外暴露。
 5<!DOCTYPE html>
 6<html>
 7<head>
 8<title>Welcome to nginx!</title>
 9<style>
10html { color-scheme: light dark; }
11body { width: 35em; margin: 0 auto;
12font-family: Tahoma, Verdana, Arial, sans-serif; }
13</style>
14</head>
15<body>
16<h1>Welcome to nginx!</h1>
17<p>If you see this page, the nginx web server is successfully installed and
18working. Further configuration is required.</p>
19
20<p>For online documentation and support please refer to
21<a href="http://nginx.org/">nginx.org</a>.<br/>
22Commercial support is available at
23<a href="http://nginx.com/">nginx.com</a>.</p>
24
25<p><em>Thank you for using nginx.</em></p>
26</body>
27</html>
28[root@master1 ~]#

前面我们也提到了 ingress-nginx 控制器的核心原理就是将我们的 Ingress 这些资源对象映射翻译成 Nginx 配置文件 nginx.conf ，我们可以通过查看控制器中的配置文件来验证这点：

  1[root@master1 ~]#kubectl exec -it ingress-nginx-controller-c66bc7c5c-pj2h8 -n ingress-nginx -- cat /etc/nginx/nginx.conf
  2……
  3
  4        upstream upstream_balancer {
  5                ### Attention!!!
  6                #
  7                # We no longer create "upstream" section for every backend.
  8                # Backends are handled dynamically using Lua. If you would like to debug
  9                # and see what backends ingress-nginx has in its memory you can
 10                # install our kubectl plugin https://kubernetes.github.io/ingress-nginx/kubectl-plugin.
 11                # Once you have the plugin you can use "kubectl ingress-nginx backends" command to
 12                # inspect current backends.
 13                #
 14                ###
 15
 16                server 0.0.0.1; # placeholder
 17
 18                balancer_by_lua_block {
 19                        balancer.balance()
 20                }
 21
 22                keepalive 320;
 23                keepalive_time 1h;
 24                keepalive_timeout  60s;
 25                keepalive_requests 10000;
 26
 27        }
 28……
 29        ## start server first-ingress.172.29.9.52.nip.io
 30        server {
 31                server_name first-ingress.172.29.9.52.nip.io ;
 32
 33                listen 80  ;
 34                listen [::]:80  ;
 35                listen 443  ssl http2 ;
 36                listen [::]:443  ssl http2 ;
 37
 38                set $proxy_upstream_name "-";
 39
 40                ssl_certificate_by_lua_block {
 41                        certificate.call()
 42                }
 43
 44                location / {
 45
 46                        set $namespace      "default";
 47                        set $ingress_name   "my-nginx";
 48                        set $service_name   "my-nginx";
 49                        set $service_port   "80";
 50                        set $location_path  "/";
 51                        set $global_rate_limit_exceeding n;
 52
 53                        rewrite_by_lua_block {
 54                                lua_ingress.rewrite({
 55                                        force_ssl_redirect = false,
 56                                        ssl_redirect = true,
 57                                        force_no_ssl_redirect = false,
 58                                        preserve_trailing_slash = false,
 59                                        use_port_in_redirects = false,
 60                                        global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } },
 61                                })
 62                                balancer.rewrite()
 63                                plugins.run()
 64                        }
 65
 66                        # be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
 67                        # will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
 68                        # other authentication method such as basic auth or external auth useless - all requests will be allowed.
 69                        #access_by_lua_block {
 70                        #}
 71
 72                        header_filter_by_lua_block {
 73                                lua_ingress.header()
 74                                plugins.run()
 75                        }
 76
 77                        body_filter_by_lua_block {
 78                                plugins.run()
 79                        }
 80
 81                        log_by_lua_block {
 82                                balancer.log()
 83
 84                                monitor.call()
 85
 86                                plugins.run()
 87                        }
 88
 89                        port_in_redirect off;
 90
 91                        set $balancer_ewma_score -1;
 92                        set $proxy_upstream_name "default-my-nginx-80";
 93                        set $proxy_host          $proxy_upstream_name;
 94                        set $pass_access_scheme  $scheme;
 95
 96                        set $pass_server_port    $server_port;
 97
 98                        set $best_http_host      $http_host;
 99                        set $pass_port           $pass_server_port;
100
101                        set $proxy_alternative_upstream_name "";
102
103                        client_max_body_size                    1m;
104
105                        proxy_set_header Host                   $best_http_host;
106
107                        # Pass the extracted client certificate to the backend
108
109                        # Allow websocket connections
110                        proxy_set_header                        Upgrade           $http_upgrade;
111
112                        proxy_set_header                        Connection        $connection_upgrade;
113
114                        proxy_set_header X-Request-ID           $req_id;
115                        proxy_set_header X-Real-IP              $remote_addr;
116
117                        proxy_set_header X-Forwarded-For        $remote_addr;
118
119                        proxy_set_header X-Forwarded-Host       $best_http_host;
120                        proxy_set_header X-Forwarded-Port       $pass_port;
121                        proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
122                        proxy_set_header X-Forwarded-Scheme     $pass_access_scheme;
123
124                        proxy_set_header X-Scheme               $pass_access_scheme;
125
126                        # Pass the original X-Forwarded-For
127                        proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
128
129                        # mitigate HTTPoxy Vulnerability
130                        # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
131                        proxy_set_header Proxy                  "";
132
133                        # Custom headers to proxied server
134
135                        proxy_connect_timeout                   5s;
136                        proxy_send_timeout                      60s;
137                        proxy_read_timeout                      60s;
138
139                        proxy_buffering                         off;
140                        proxy_buffer_size                       4k;
141                        proxy_buffers                           4 4k;
142
143                        proxy_max_temp_file_size                1024m;
144
145                        proxy_request_buffering                 on;
146                        proxy_http_version                      1.1;
147
148                        proxy_cookie_domain                     off;
149                        proxy_cookie_path                       off;
150
151                        # In case of errors try the next upstream server before returning an error
152                        proxy_next_upstream                     error timeout;
153                        proxy_next_upstream_timeout             0;
154                        proxy_next_upstream_tries               3;
155
156                        proxy_pass http://upstream_balancer;
157
158                        proxy_redirect                          off;
159
160                }
161
162        }
163        ## end server first-ingress.172.29.9.52.nip.io
164……

我们可以在 nginx.conf 配置文件中看到上面我们新增的 Ingress 资源对象的相关配置信息，不过需要注意的是现在并不会为每个 backend 后端都创建一个 upstream 配置块，现在是使用 Lua 程序进行动态处理的，所以我们没有直接看到后端的 Endpoints 相关配置数据。

FAQ

详解流程

下图显示了客户端是如何通过 Ingress 控制器连接到其中一个 Pod 的流程，客户端首先对 ngdemo.qikqiak.com 执行 DNS 解析，得到 Ingress 控制器所在节点的 IP，然后客户端向 Ingress 控制器发送 HTTP 请求，然后根据 Ingress 对象里面的描述匹配域名，找到对应的 Service 对象，并获取关联的 Endpoints 列表，将客户端的请求转发给其中一个 Pod。

前面我们也提到了 ingress-nginx 控制器的核心原理就是将我们的 Ingress 这些资源对象映射翻译成 Nginx 配置文件 nginx.conf，我们可以通过查看控制器中的配置文件来验证这点：

 1[root@master1 ingress]#kubectl exec  ingress-nginx-controller-r5964 -ningress-nginx -- cat /etc/nginx/nginx.conf
 2
 3......
 4upstream upstream_balancer {
 5        server 0.0.0.1; # placeholder
 6        balancer_by_lua_block {
 7                balancer.balance()
 8        }
 9        keepalive 320;
10        keepalive_timeout  60s;
11        keepalive_requests 10000;
12}
13
14......
15### start server ngdemo.qikqiak.com
16server {
17        server_name ngdemo.qikqiak.com ;
18
19        listen 80  ;
20        listen [::]:80  ;
21        listen 443  ssl http2 ;
22        listen [::]:443  ssl http2 ;
23
24        set $proxy_upstream_name "-";
25
26        ssl_certificate_by_lua_block {
27                certificate.call()
28        }
29
30        location / {
31
32                set $namespace      "default";
33                set $ingress_name   "my-nginx";
34                set $service_name   "my-nginx";
35                set $service_port   "80";
36                set $location_path  "/";
37                set $global_rate_limit_exceeding n;
38                ......
39                proxy_next_upstream_timeout             0;
40                proxy_next_upstream_tries               3;
41
42                proxy_pass http://upstream_balancer #这里
43
44                proxy_redirect                          off;
45
46        }
47
48}
49### end server ngdemo.qikqiak.com
50......

我们可以在 nginx.conf 配置文件中看到上面我们新增的 Ingress 资源对象的相关配置信息。不过需要注意的是：现在并不会为每个 backend 后端都创建一个 upstream 配置块，现在是使用 Lua 程序进行动态处理的，所以我们没有直接看到后端的 Endpoints 相关配置数据(以前的版本是可以看到的)。

⚠️ 注意

upstream里面可以配置很多的负载策略，并且可以让nginx去帮我们做一个可定制的负载(如果是走service的话，那负载策略就是service说了算的了)。

ingress-controller如何部署高可用

由于 ingress-nginx 所在的节点需要能够访问外网，这样域名可以解析到这些节点上直接使用。**所以需要让 ingress-nginx绑定节点的 80 和 443 端口，所以可以使用 hostPort 或者 hostNetwork 模式来进行访问。当然对于线上环境来说为了保证高可用，**一般是需要运行多个ingress-nginx 实例的，然后可以用一个 nginx/haproxy 作为入口，通过 keepalived 来访问边缘节点的 vip 地址。

边缘节点：所谓的边缘节点即集群内部用来向集群外暴露服务能力的节点，集群外部的服务通过该节点来调用集群内部的服务，边缘节点是集群内外交流的一个 Endpoint。

自建LB：

MetaLB，OpenELB

⚠️ 注意：

我这里是打算只在master1节点上部署ingress-nginx。如果我想在node1和node2个节点行部署ingress-nginx的话，可以给这2个节点打上个label，例如 role=lb，然后只需要把这个label写到 nodeSelector下面就好。

我们这里测试环境就将 master1 节点看成边缘节点，所以我们就直接将 ingress-nginx 固定到 master1 节点上，采用 hostNetwork 模式(生产环境可以使用 LB + DaemonSet hostNetwork 模式)。

注意：当然你有多个边缘节点的话，可以对这些边缘节点打上一个label，然后把ingress-nginx给固定到上面去，然后采用hostNetwork模式。

访问ingress

对于ingress-nginx：如果ingress-nginx-controller svc是clusterIP类型的话，做好/etc/hosts映射后，就直接可以通过域名形式来访问应用了。如果ingress-nginx-controller svc是LoadBalancer类型的话，做好/etc/hosts映射后，需要通过域名:ingress-nginx-controller svc的nodePort端口形式来访问应用才行。

demo1：

 1[root@master1 ingress-nginx]#kubectl get pod -n ingress-nginx -owide
 2NAME                                            READY   STATUS    RESTARTS   AGE    IP             NODE      NOMINATED NODE   READINESS GATES
 3ingress-nginx-controller-r5964                  1/1     Running   0          8m2s   172.29.9.51    master1   <none>           <none>
 4ingress-nginx-defaultbackend-84854cd6cb-8gzcm   1/1     Running   0          8m2s   10.244.1.197   node1     <none>           <none>
 5
 6[root@master1 ingress-nginx]#kubectl get svc -n ingress-nginx
 7NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
 8ingress-nginx-controller-admission   ClusterIP   10.106.208.0   <none>        443/TCP   8m8s
 9ingress-nginx-defaultbackend         ClusterIP   10.106.66.15   <none>        80/TCP    8m8s
10
11
12[root@master1 ingress-nginx]#kubectl get ingress
13NAME       CLASS   HOSTS                ADDRESS       PORTS   AGE
14my-nginx   nginx   ngdemo.qikqiak.com   172.29.9.51   80      2m19s

demo2：

 1[root@master1 ~]# kubectl get svc -n ingress-nginx
 2NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
 3ingress-nginx-controller             LoadBalancer   10.96.228.157   <pending>     80:30933/TCP,443:31697/TCP   95s
 4ingress-nginx-controller-admission   ClusterIP      10.105.93.22    <none>        443/TCP                      95s
 5
 6[root@master1 ~]# kubectl get pods -n ingress-nginx
 7NAME                                       READY   STATUS      RESTARTS   AGE
 8ingress-nginx-admission-create--1-xh62p    0/1     Completed   0          28s
 9ingress-nginx-admission-patch--1-dccjl     0/1     Completed   2          28s
10ingress-nginx-controller-c66bc7c5c-pj2h8   1/1     Running     0          29s
11
12
13[root@master1 ~]#kubectl get ingress
14NAME       CLASS   HOSTS                              ADDRESS   PORTS   AGE
15my-nginx   nginx   first-ingress.172.29.9.52.nip.io             80      27m
16
17[root@master1 ~]#curl first-ingress.172.29.9.52.nip.io
18curl: (7) Failed connect to first-ingress.172.29.9.52.nip.io:80; Connection refused
19
20[root@master1 ~]#curl first-ingress.172.29.9.52.nip.io:30933 #注意：这里的ingrexx-nginx默认是一个 LoadBalancer 类型的 Service，我们知道该类型是用于云服务商的，我们这里在本地环境，暂时不能使用，但是可以通过他的 NodePort 来对外暴露。
21<!DOCTYPE html>
22<html>
23<head>
24<title>Welcome to nginx!</title>
25<style>
26html { color-scheme: light dark; }
27body { width: 35em; margin: 0 auto;
28font-family: Tahoma, Verdana, Arial, sans-serif; }
29</style>
30</head>
31<body>
32<h1>Welcome to nginx!</h1>
33<p>If you see this page, the nginx web server is successfully installed and
34working. Further configuration is required.</p>
35
36<p>For online documentation and support please refer to
37<a href="http://nginx.org/">nginx.org</a>.<br/>
38Commercial support is available at
39<a href="http://nginx.com/">nginx.com</a>.</p>
40
41<p><em>Thank you for using nginx.</em></p>
42</body>
43</html>
44[root@master1 ~]#