Ingress-Nginx使用指南上篇

本文涉及的产品
.cn 域名,1个 12个月
容器服务 Serverless 版 ACK Serverless,952元额度 多规格
容器服务 Serverless 版 ACK Serverless,317元额度 多规格
简介: 关于Ingress-Nginx在Kubernetes中的使用指南,涵盖了从基础安装到高级特性配置的详细步骤和实战案例。

一.部署Ingress-Nginx

1.Ingress-Nginx和nginx-Ingress的区别对比

Ingress-Nginx是K8S官方写的一个Ingress Controller,而"nginx-Ingress"是Nginx官方写的资源清单。

注意,部署时要观察对比一下K8S和Ingress-Nginx对应的版本以来关系哟。

github地址:
    https://github.com/kubernetes/ingress-nginx

2.Ingress-Nginx的安装方式

安装文档:
    https://kubernetes.github.io/ingress-nginx/deploy/#installation-guide


如上图所示,官方推荐了三种安装方式:
    - 使用"helm"安装;
    - 使用"kubectl apply"创建yaml资源清单的方式进行安装;
    - 使用第三方插件的方式进行安装;

3.基于helm安装Ingress-nginx

    1.添加Ingress-nginx的官方仓库
[root@master231 ~]# helm repo add yinzhengjie-ingress-nginx  https://kubernetes.github.io/ingress-nginx
"yinzhengjie-ingress-nginx" has been added to your repositories
[root@master231 ~]# 
[root@master231 ~]# helm repo list
NAME                         URL                                       
yinzhengjie-ingress-nginx    https://kubernetes.github.io/ingress-nginx
[root@master231 ~]# 

·
    2.更新软件源
[root@master231 ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "yinzhengjie-ingress-nginx" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@master231 ~]# 


    3.下载指定版本的ingres-nginx软件包
[root@master231 ~]# helm search repo ingress-nginx
NAME                                       CHART VERSION    APP VERSION    DESCRIPTION                                       
yinzhengjie-ingress-nginx/ingress-nginx    4.9.0            1.9.5          Ingress controller for Kubernetes using NGINX a...
[root@master231 ~]# 
[root@master231 ~]# helm pull yinzhengjie-ingress-nginx/ingress-nginx --version 4.2.5


    4.解压软件包
[root@master231 ~]# tar xf ingress-nginx-4.2.5.tgz 


    5.修改配置文件
[root@master231 ~]# sed -i '/registry:/s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com#g' ingress-nginx/values.yaml
[root@master231 ~]# sed -i 's#ingress-nginx/controller#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml 
[root@master231 ~]# sed -i 's#ingress-nginx/kube-webhook-certgen#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i 's#v1.3.0#kube-webhook-certgen-v1.3.0#' ingress-nginx/values.yaml
[root@master231 ~]# sed -ri '/digest:/s@^@#@' ingress-nginx/values.yaml
[root@master231 ~]# sed -i '/hostNetwork:/s#false#true#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i  '/dnsPolicy/s#ClusterFirst#ClusterFirstWithHostNet#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i '/kind/s#Deployment#DaemonSet#' ingress-nginx/values.yaml 
[root@master231 ~]# sed -i '/default:/s#false#true#'  ingress-nginx/values.yaml

温馨提示:
    - 修改镜像为国内的镜像,否则无法下载海外镜像,除非你会FQ;
    - 如果使用我提供的镜像需要将digest注释掉,因为我的镜像是从海外同步过来的,被重新构建过,其digest不一致;
    - 建议大家使用宿主机网络效率最高,但是使用宿主机网络将来DNS解析策略会直接使用宿主机的解析;
    - 如果还想要继续使用K8S内部的svc名称解析,则需要将默认的"ClusterFirst"的DNS解析策略修改为"ClusterFirstWithHostNet";
    - 建议将Deployment类型改为DaemonSet类型,可以确保在各个节点部署一个Pod,也可以修改"nodeSelector"字段让其调度到指定节点;
    - 如果仅有一个ingress controller,可以考虑将"ingressClassResource.default"设置为true,表示让其成为默认的ingress controller;


    6.创建Ingress专用的名称空间
[root@master231 ~]# kubectl create ns yinzhengjie-ingress
namespace/yinzhengjie-ingress created
[root@master231 ~]# 


    7.使用helm一键安装Ingress
[root@master231 ~]# helm install myingress ingress-nginx -n yinzhengjie-ingress 
NAME: myingress
LAST DEPLOYED: Fri Jan 19 20:43:01 2024
NAMESPACE: yinzhengjie-ingress
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace yinzhengjie-ingress get services -o wide -w myingress-ingress-nginx-controller'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
[root@master231 ~]# 

    7.查看创建的创建的资源
[root@master231 manifests]# kubectl get all -n yinzhengjie-ingress  -o wide
NAME                                           READY   STATUS    RESTARTS   AGE   IP           NODE        NOMINATED NODE   READINESS GATES
pod/myingress-ingress-nginx-controller-2skwt   1/1     Running   0          41s   10.0.0.233   worker233   <none>           <none>
pod/myingress-ingress-nginx-controller-z6slc   1/1     Running   0          41s   10.0.0.232   worker232   <none>           <none>

NAME                                                   TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE   SELECTOR
service/myingress-ingress-nginx-controller             LoadBalancer   10.200.239.174   <pending>     80:31882/TCP,443:31490/TCP   41s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=myingress,app.kubernetes.io/name=ingress-nginx
service/myingress-ingress-nginx-controller-admission   ClusterIP      10.200.191.152   <none>        443/TCP                      41s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=myingress,app.kubernetes.io/name=ingress-nginx

NAME                                                DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE   CONTAINERS   IMAGES                                                                   SELECTOR
daemonset.apps/myingress-ingress-nginx-controller   2         2         2       2            2           kubernetes.io/os=linux   41s   controller   registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/ingress-nginx:v1.3.1   app.kubernetes.io/component=controller,app.kubernetes.io/instance=myingress,app.kubernetes.io/name=ingress-nginx
[root@master231 manifests]#

二.Ingress Nginx初体验实战案例

1.创建测试环境

[root@master231 yinzhengjie]# cat deploy-apps.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-apps-v1
spec:
  replicas: 3
  selector:
    matchLabels:
      apps: v1
  template:
    metadata:
      labels:
        apps: v1
    spec:
      containers:
      - name: c1
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: svc-apps
spec:
  selector:
    apps: v1
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl apply -f deploy-apps.yaml 
deployment.apps/deployment-apps-v1 created
service/svc-apps created
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl get svc,deploy,po
NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.200.0.1       <none>        443/TCP   14d
service/svc-apps     ClusterIP   10.200.134.229   <none>        80/TCP    47s

NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/deployment-apps-v1   3/3     3            3           47s

NAME                                      READY   STATUS    RESTARTS   AGE
pod/deployment-apps-v1-5f6bb6f75b-g8vst   1/1     Running   0          47s
pod/deployment-apps-v1-5f6bb6f75b-tlm26   1/1     Running   0          47s
pod/deployment-apps-v1-5f6bb6f75b-vrhbs   1/1     Running   0          47s
[root@master231 yinzhengjie]#

2.创建Ingress资源

[root@master231 yinzhengjie]# cat 01-apps-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apps-ingress
spec:
  rules:
  - host: apps.yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apps
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl  apply -f 01-apps-ingress.yaml 
ingress.networking.k8s.io/apps-ingress created
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl get ing
NAME           CLASS   HOSTS                  ADDRESS   PORTS   AGE
apps-ingress   nginx   apps.yinzhengjie.com             80      71s
[root@master231 yinzhengjie]#

3.验证Ingress-nginx的controller配置

[root@master231 ~]# kubectl get pod -n yinzhengjie-ingress -o wide
NAME                                       READY   STATUS    RESTARTS   AGE   IP           NODE        NOMINATED NODE   READINESS GATES
myingress-ingress-nginx-controller-2skwt   1/1     Running   0          82m   10.0.0.233   worker233   <none>           <none>
myingress-ingress-nginx-controller-z6slc   1/1     Running   0          82m   10.0.0.232   worker232   <none>           <none>
[root@master231 ~]# 
[root@master231 ~]# 
[root@master231 ~]# kubectl -n yinzhengjie-ingress exec -it myingress-ingress-nginx-controller-2skwt -- bash
bash-5.1$ 
bash-5.1$ grep yinzhengjie.com nginx.conf -n
441:    ## start server apps.yinzhengjie.com
443:        server_name apps.yinzhengjie.com ;
575:    ## end server apps.yinzhengjie.com
bash-5.1$ 


温馨提示:
    不难发现,当我们创建Ingress规则时,其回自动将这个规则同步到ingress-nginx-controller的nginx.conf配置文件中哟~

4.查看po,svc,ing的详细信息

[root@master231 yinzhengjie]# kubectl get po,svc,ing
NAME                                      READY   STATUS    RESTARTS   AGE
pod/deployment-apps-v1-6bc556784f-57z4l   1/1     Running   0          116s
pod/deployment-apps-v1-6bc556784f-68tq7   1/1     Running   0          116s
pod/deployment-apps-v1-6bc556784f-s7jw5   1/1     Running   0          116s

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.200.0.1      <none>        443/TCP   14d
service/svc-apps     ClusterIP   10.200.88.156   <none>        80/TCP    116s

NAME                                     CLASS   HOSTS                  ADDRESS   PORTS   AGE
ingress.networking.k8s.io/apps-ingress   nginx   apps.yinzhengjie.com             80      10m
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl describe ing
Name:             apps-ingress
Labels:           <none>
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                  Path  Backends
  ----                  ----  --------
  apps.yinzhengjie.com  
                        /   svc-apps:80 (10.100.1.27:80,10.100.1.28:80,10.100.2.15:80)
Annotations:            <none>
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  Sync    10m   nginx-ingress-controller  Scheduled for sync
  Normal  Sync    10m   nginx-ingress-controller  Scheduled for sync
[root@master231 yinzhengjie]#

5.访问测试

如上图所示。windows我们可以直接访问Ingress-nginx的主机就可以查看到相应的服务啦,只不过别忘记做hosts解析即可。

温馨提示:
    也可以使用Linux命令行工具curl进行测试。
[root@master231 yinzhengjie]# curl -H 'host: apps.yinzhengjie.com' 10.0.0.232
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <title>yinzhengjie apps v1</title>
    <style>
       div img {
          width: 900px;
          height: 600px;
          margin: 0;
       }
    </style>
  </head>

  <body>
    <h1 style="color: green">凡人修仙传 v1 </h1>
    <div>
      <img src="1.jpg">
    <div>
  </body>

</html>
[root@master231 yinzhengjie]#

三.Ingress Nginx实现域名重定向

1.背景说明

假如你们公司有域名变更的需求,但是之前的网站依旧是有部分流量的,想要将其流量迁移到新的域名中就可以考虑使用重定向功能。


如上图所示,修改nginx的配置文件有三种方式:
    - configMap:
        使用ConfigMap在NGINX中设置全局配置。
    - annotations:
        如果您想要特定Ingress规则的特定配置,请使用此注释。
    - Custom template:
        当需要更具体的设置时,如"open_file_cache",将侦听选项调整为rcvbuf,或者当无法通过ConfigMap更改配置时。

参考链接:
    https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/

2.基于注解实现域名跳转

[root@master231 yinzhengjie]# cat 02-redirect.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apps-redirect
  annotations:
    nginx.ingress.kubernetes.io/permanent-redirect: https://www.cnblogs.com/yinzhengjie
spec:
  rules:
  - host: blog.yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apps
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl apply -f 02-redirect.yaml
ingress.networking.k8s.io/apps-redirect created
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl describe ing apps-redirect 
Name:             apps-redirect
Labels:           <none>
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                  Path  Backends
  ----                  ----  --------
  blog.yinzhengjie.com  
                        /   svc-apps:80 (10.100.1.27:80,10.100.1.28:80,10.100.2.15:80)
Annotations:            nginx.ingress.kubernetes.io/permanent-redirect: https://www.cnblogs.com/yi
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  Sync    12s   nginx-ingress-controller  Scheduled for sync
  Normal  Sync    12s   nginx-ingress-controller  Scheduled for sync
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]#

3.访问测试

如上图所示,我们可以使用windows测试访问也可以使用Linux来直接基于命令行的方式访问。

除了跳转网站外,我们还可以设置返回的状态码,若不设置默认返回301的状态码。如果需要修改状态码添加相应注解信息即可。

只不过修改资源后,一定要删除Ingress规则后重新创建才能生效哟。

参考案例:
[root@master231 yinzhengjie]# cat 02-redirect.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apps-redirect
  annotations:
    nginx.ingress.kubernetes.io/permanent-redirect: https://www.cnblogs.com/yinzhengjie
    # 注意,这个状态码不能胡写哈,否则不识别,默认依旧返回301哟~
    nginx.ingress.kubernetes.io/permanent-redirect-code: '308'
spec:
  rules:
  - host: blog.yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apps
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl create -f 02-redirect.yaml 
ingress.networking.k8s.io/apps-redirect created
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# curl -H 'host: blog.yinzhengjie.com' 10.0.0.232 -I
HTTP/1.1 308 Permanent Redirect
Date: Sat, 20 Jan 2024 10:15:41 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://www.cnblogs.com/yinzhengjie

[root@master231 yinzhengjie]#

四.Ingress Nginx区分移动端和pc端

1.部署移动端测试环境

    1.创建deploy,svc资源
[root@master231 yinzhengjie]# cat 01-deploy-svc-apps.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-apps-v1
spec:
  replicas: 3
  selector:
    matchLabels:
      apps: v1
  template:
    metadata:
      labels:
        apps: v1
    spec:
      containers:
      - name: c1
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: svc-apps
spec:
  selector:
    apps: v1
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
[root@master231 yinzhengjie]# 



    2.创建Ingress资源
[root@master231 yinzhengjie]# cat 02-ingress-iphone.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apps-iphone
spec:
  rules:
  - host: m.yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apps
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
[root@master231 yinzhengjie]#

2.部署pc端测试

    1.创建deploy,svc资源
[root@master231 yinzhengjie]# cat 03-deploy-apple.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-apple
spec:
  replicas: 3
  selector:
    matchLabels:
      apps: apple
  template:
    metadata:
      labels:
        apps: apple
    spec:
      containers:
      - name: apple
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: svc-apple
spec:
  selector:
    apps: apple
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
[root@master231 yinzhengjie]# 


    2.创建Ingress资源
[root@master231 yinzhengjie]# cat 04-apple-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apple
  annotations:
    nginx.ingress.kubernetes.io/server-snippet: |
        set $agentflag 0;

        if ($http_user_agent ~* "(Mobile)" ){
          set $agentflag 1;
        }

        if ( $agentflag = 1 ) {
          return 301 http://m.yinzhengjie.com;
        }

spec:
  rules:
  - host: yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apple
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
[root@master231 yinzhengjie]# 


参考连接:
    https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#server-snippet

3.测试验证

如上图所示,我们测试成功啦~

五.Ingress Nginx基本认证

1.使用htpasswd工具创建生成nginx认证用户

    1.安装htpasswd工具
[root@master231 yinzhengjie]# yum -y install httpd


    2.使用htpasswd工具生成测试用户名和密码
[root@master231 yinzhengjie]# htpasswd -c auth jasonyin
New password: 
Re-type new password: 
Adding password for user jasonyin
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# cat auth 
jasonyin:$apr1$v.iw5HUE$n7xcqnT3Aj23qIK0vurGU1
[root@master231 yinzhengjie]#

2.将创建的密码文件用secrets资源存储

[root@master231 yinzhengjie]# kubectl create secret generic nginx-basic-auth --from-file=auth 
secret/nginx-basic-auth created
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl get secrets nginx-basic-auth 
NAME               TYPE     DATA   AGE
nginx-basic-auth   Opaque   1      12s
[root@master231 yinzhengjie]#

3.部署测试应用

[root@master231 yinzhengjie]# cat deploy-apple.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-apple
spec:
  replicas: 3
  selector:
    matchLabels:
      apps: apple
  template:
    metadata:
      labels:
        apps: apple
    spec:
      containers:
      - name: apple
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: svc-apple
spec:
  selector:
    apps: apple
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl apply -f deploy-apple.yaml 
deployment.apps/deployment-apple created
service/svc-apple created
[root@master231 yinzhengjie]#

4.创建Ingress用于认证信息

[root@master231 yinzhengjie]# cat ingress-basic-auth.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-basic-auth
  annotations:
    # 登录的提示信息
    nginx.ingress.kubernetes.io/auth-realm: Please Input Your Username and Passowrd
    # 对应认证信息,也就是我们创建的secrets资源名称,里面保存了我们创建的有效用户
    nginx.ingress.kubernetes.io/auth-secret: nginx-basic-auth
    # 指定认证类型
    nginx.ingress.kubernetes.io/auth-type: basic
spec:
  rules:
  - host: auth.yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apple
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl apply -f ingress-basic-auth.yaml 
ingress.networking.k8s.io/ingress-basic-auth created
[root@master231 yinzhengjie]#

5.访问测试

如上图所示,直接进行访问测试即可。

六.Ingress Nginx实现前后端分离

1.创建测试服务

[root@master231 yinzhengjie]# cat deploy-apple.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-apple
spec:
  replicas: 3
  selector:
    matchLabels:
      apps: apple
  template:
    metadata:
      labels:
        apps: apple
    spec:
      containers:
      - name: apple
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: svc-apple
spec:
  selector:
    apps: apple
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
[root@master231 yinzhengjie]#

2.编写Ingress规则实现rewrite

[root@master231 yinzhengjie]# cat ingress-rewrite.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-rewrite
  annotations:
    # 这句话的是意思是将"/api(/|$)(.*)"改写为"/.*",
    # 后端在调用时会直接将"/api(/|$)"的内容取消掉.
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  rules:
  - host: www.yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apple
            port:
              number: 80
        # 注意,这里用到了2个分组,小括号代表分组,共计2个小括号,
        # 上面的注解中"rewrite-target"使用到第二个小括号的参数。
        path: /api(/|$)(.*)
        pathType: ImplementationSpecific
[root@master231 yinzhengjie]#

3.测试访问

七.Ingress Nginx https

1.生成自建证书

    1.生成证书文件
[root@master231 yinzhengjie]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=www.yinzhengjie.com"


    2.将证书文件以secrets形式存储
[root@master231 yinzhengjie]# kubectl create secret tls ca-secret --cert=tls.crt --key=tls.key 
secret/ca-secret created
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl get secrets ca-secret 
NAME        TYPE                DATA   AGE
ca-secret   kubernetes.io/tls   2      84s
[root@master231 yinzhengjie]#

2.部署测试服务

[root@master231 yinzhengjie]# cat deploy-apple.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-apple
spec:
  replicas: 3
  selector:
    matchLabels:
      apps: apple
  template:
    metadata:
      labels:
        apps: apple
    spec:
      containers:
      - name: apple
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: svc-apple
spec:
  selector:
    apps: apple
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
[root@master231 yinzhengjie]#

3.配置Ingress添加TLS证书

[root@master231 yinzhengjie]# cat ingress-https.html 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-rewrite
  # 如果指定了"ingressClassName"参数,就不需要在这里重复声明啦。
  # 如果你的K8S 1.22- 版本,则使用注解的方式进行传参即可。
  #annotations:
  #  kubernetes.io/ingress.class: "nginx"
spec:
  # 指定Ingress controller,要求你的K8S 1.22+
  ingressClassName: nginx
  rules:
  - host: www.yinzhengjie.com
    http:
      paths:
      - backend:
          service:
            name: svc-apple
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
  # 配置https证书
  tls:
  - hosts:
    - www.yinzhengjie.com
    secretName: ca-secret
[root@master231 yinzhengjie]# 
[root@master231 yinzhengjie]# kubectl apply -f ingress-https.html 
ingress.networking.k8s.io/ingress-rewrite created
[root@master231 yinzhengjie]#

4.测试访问

相关实践学习
通过Ingress进行灰度发布
本场景您将运行一个简单的应用,部署一个新的应用用于新的发布,并通过Ingress能力实现灰度发布。
容器应用与集群管理
欢迎来到《容器应用与集群管理》课程,本课程是“云原生容器Clouder认证“系列中的第二阶段。课程将向您介绍与容器集群相关的概念和技术,这些概念和技术可以帮助您了解阿里云容器服务ACK/ACK Serverless的使用。同时,本课程也会向您介绍可以采取的工具、方法和可操作步骤,以帮助您了解如何基于容器服务ACK Serverless构建和管理企业级应用。 学习完本课程后,您将能够: 掌握容器集群、容器编排的基本概念 掌握Kubernetes的基础概念及核心思想 掌握阿里云容器服务ACK/ACK Serverless概念及使用方法 基于容器服务ACK Serverless搭建和管理企业级网站应用
目录
相关文章
|
3月前
|
缓存 负载均衡 应用服务中间件
Nginx概述
【8月更文挑战第15天】Nginx是一款高性能的HTTP与反向代理服务器,轻量级且高效,首个公开版本发布于2004年,采用C语言编写,跨平台运行。它以内存占用低、支持高并发连接(可达5万)、配置简单及免费开源著称。Nginx内置健康检查机制、支持重写规则与缓存,广泛应用于中国大型网站如百度、京东等。其配置文件结构清晰,包括全局、events、http等区块,并可通过多种模块扩展功能。
45 0
|
5月前
|
缓存 负载均衡 应用服务中间件
nginx快速入门
nginx快速入门
30 1
|
Kubernetes 应用服务中间件 nginx
编排系统K8S Ingress-nginx源码解析
上篇文章介绍了Ingress-nginx的基本架构原理,具体可参考: 编排系统K8S Ingress-nginx介绍 本篇重点以源码为基础,深入讲解 Ingress-nginx的内部工作流以及整体工作模式。
267 0
|
负载均衡 安全 Java
Nginx快速入门(一)
Nginx快速入门(一)
93 0
|
负载均衡 应用服务中间件 nginx
Nginx快速入门(二)
Nginx快速入门(二)
95 0
|
负载均衡 应用服务中间件 nginx
超实用 nginx 中常见的配置合集
掌握 nginx 中的常见配置,让你更快的熟练应用
153 3
超实用 nginx 中常见的配置合集
|
应用服务中间件 nginx
Nginx快速入门(三)
Nginx快速入门(三)
141 0
Nginx快速入门(三)
|
开发框架 运维 Kubernetes
Ingress-nginx工作原理和实践
本文记录/分享 目前项目的 K8s 部署结构和请求追踪改造方案
Ingress-nginx工作原理和实践
|
缓存 负载均衡 网络协议
Nginx基本概述
DNS解析过程、HTTP工作原理 1.用户打开浏览器输入URL地址 2.通过DNS解析url地址找到对应的ip地址 3.通过ip地址向对应的web服务器发送tcp连接请求 1.首先是网络设备去转发数据 2.网站所在平台的私网防火墙(也就是哪个公司写的程序,就会转交给对应公司的防火墙),进行访问控制 3.dns解析的ip地址就是负载均衡调度器的地址,实际上是由网络设备与负载调度器建立tcp三次握手,然后将http请求发给调度器 4.调度器再通过tcp三次握手将http请求发送给web服务器
232 0
Nginx基本概述
|
应用服务中间件 nginx