目录
[1 ingress-nginx 介绍](#1 ingress-nginx 介绍)
[2 Ingress-nginx 的工作原理](#2 Ingress-nginx 的工作原理)
[3 使用 Ingress-nginx 的步骤](#3 使用 Ingress-nginx 的步骤)
[4 部署 ingress :](#4 部署 ingress :)
[4.1 开启ipvs 模式](#4.1 开启ipvs 模式)
[4.2 下载部署文件](#4.2 下载部署文件)
[4.3 上传镜像到harbor](#4.3 上传镜像到harbor)
[4.4 修改文件中镜像地址,与harbor仓库路径保持一致](#4.4 修改文件中镜像地址,与harbor仓库路径保持一致)
[4.5 检查是否running](#4.5 检查是否running)
[4.6 将ingress的命名空间微服务类型改为LoadBalancer](#4.6 将ingress的命名空间微服务类型改为LoadBalancer)
[4.7 查询分配的IP](#4.7 查询分配的IP)
[5 ingress-nginx功能使用案例](#5 ingress-nginx功能使用案例)
[5.1 创建基础的ingress架构:基于路径访问](#5.1 创建基础的ingress架构:基于路径访问)
[5.1.1 创建deployment控制器验证MmetalLB是否可用](#5.1.1 创建deployment控制器验证MmetalLB是否可用)
[5.1.2 创建ingress资源类型和服务](#5.1.2 创建ingress资源类型和服务)
[5.1.3 创建 ingress 资源类型作为与内部service的一个链接](#5.1.3 创建 ingress 资源类型作为与内部service的一个链接)
[5.2 基于域名的访问](#5.2 基于域名的访问)
[5.3 建立tls加密](#5.3 建立tls加密)
[5.4 建立auth认证](#5.4 建立auth认证)
[5.5 rewrite重定向](#5.5 rewrite重定向)
1 ingress-nginx 介绍
Ingress-nginx 是一个广泛使用的 Kubernetes Ingress 控制器,它基于 Nginx 反向代理和负载均衡器来处理进入 Kubernetes 集群的 HTTP 和 HTTPS 流量。Ingress-nginx 提供了一个强大的工具来管理 Kubernetes 集群的入口流量,允许用户通过 Ingress 资源来定义如何将外部请求路由到集群内部的服务。
官网:
https://kubernetes.github.io/ingress-nginx/deploy/2 Ingress-nginx 的工作原理
Ingress 资源:
- 用户在 Kubernetes 集群中创建 Ingress 资源,定义了如何将外部流量路由到集群内的服务。
- Ingress 资源可以包含多个规则,每个规则可以指定一个或多个路径,以及这些路径应路由到的后端服务。
Ingress 控制器:
- Ingress-nginx 控制器是一个部署在 Kubernetes 集群中的 Pod,它监视 Ingress 资源的变化。
- 当 Ingress 资源发生变化时,Ingress-nginx 控制器会更新 Nginx 的配置文件,以反映新的路由规则。
Nginx 配置:
- Ingress-nginx 控制器使用 Nginx 的模板和配置文件来生成 Nginx 的配置。
- 这些配置文件定义了如何将外部请求路由到集群内的服务,包括负载均衡、SSL 终止、重写规则等。
Nginx 服务:
- Nginx 服务是一个运行在 Kubernetes 集群中的 Pod,它使用 Ingress-nginx 控制器生成的配置文件来处理外部流量。
- Nginx 服务通常使用 NodePort 或 LoadBalancer 类型的 Service 来暴露到外部网络。
3 使用 Ingress-nginx 的步骤
部署 Ingress-nginx 控制器:
- 使用 Helm Chart 或者 Kubernetes 部署文件在集群中部署 Ingress-nginx 控制器。
创建 Ingress 资源:
- 根据需要创建 Ingress 资源,定义如何将外部流量路由到集群内的服务。
配置 Nginx 服务:
- 配置 Nginx 服务的 Service,使其能够暴露到外部网络。
测试 Ingress:
- 使用外部工具(如
curl)测试 Ingress 资源,确保流量能够正确路由到集群内的服务。
搭建云平台功能metalLB:
- MetalLB 是一个专注于解决 Kubernetes 集群内部负载均衡问题的工具,特别是在没有云提供商负载均衡器支持的环境下。它提供了类似云提供商负载均衡器的功能。
4 部署 ingress :
ps :
由于是裸金属状态部署ingress,是需要云平台的,而在虚拟机上并没有提供与平台负载均衡器。
所以需要使用MetalLB 使得k8s集群支持云平台功能。本章就不做介绍了,需要搭建的可以去上一章节查看
4.1 开启ipvs 模式
bash
设置ipvs模式
[root@k8s-master yaml]# kubectl -n kube-system get configmaps
NAME DATA AGE
coredns 1 4d22h
extension-apiserver-authentication 6 4d22h
kube-apiserver-legacy-service-account-token-tracking 1 4d22h
kube-proxy 2 4d22h
kube-root-ca.crt 1 4d22h
kubeadm-config 1 4d22h
kubelet-config 1 4d22h
[root@k8s-master yaml]# kubectl -n kube-system edit configmaps kube-proxy
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
ipvs:
strictARP: true
[root@k8s-master ~]# kubectl -n kube-system get pods | awk '/kube-proxy/{system("kubectl -n kube-system delete pods "$1)}'4.2 下载部署文件
bash
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/baremetal/deploy.yaml4.3 上传镜像到harbor
bash
# 本地镜像导入 并打标签
[root@k8s-master ingress]# docker tag \
a80c8fd6e522 reg.shuyan.com/ingress-nginx/controller:v1.11.2
[root@k8s-master ingress]# docker tag \
ce263a8653f9 reg.shuyan.com/ingress-nginx/kube-webhook-certgen:v1.4.3
[root@k8s-master ingress]# docker push reg.shuyan.com/ingress-nginx/controller:v1.11.2
[root@k8s-master ingress]# docker push reg.shuyan.com/ingress-nginx/kube-webhook-certgen:v1.4.3
[root@k8s-master ingress]# docker rmi \
a80c8fd6e522 \
ce263a8653f9 \
reg.shuyan.com/ingress-nginx/controller:v1.11.2 \
reg.shuyan.com/ingress-nginx/kube-webhook-certgen:v1.4.34.4 修改文件中镜像地址,与harbor仓库路径保持一致
bash
[root@k8s-master ~]# vim deploy.yaml
445 image: ingress-nginx/controller:v1.11.2
546 image: ingress-nginx/kube-webhook-certgen:v1.4.3
599 image: ingress-nginx/kube-webhook-certgen:v1.4.3
bash
[root@k8s-master ingress]# kubectl apply -f deploy.yaml4.5 检查是否running
bash
[root@k8s-master ingress]# kubectl -n ingress-nginx get pods
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-nfjbh 0/1 Completed 0 10h
ingress-nginx-admission-patch-wp7zd 0/1 Completed 1 10h
ingress-nginx-controller-bb7d8f97c-r6z69 1/1 Running 0 10h4.6 将ingress的命名空间微服务类型改为LoadBalancer
bash
[root@k8s-master ingress]# kubectl -n ingress-nginx \
edit service ingress-nginx-controller
51 type: LoadBalancer4.7 查询分配的IP
bash
[root@k8s-master ingress]# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.97.25.16 192.168.239.201 80:30467/TCP,443:31166/TCP 10h
ingress-nginx-controller-admission ClusterIP 10.99.91.236 <none> 443/TCP 10h
bash
# 创建 Ingress 的命令:
kubectl create ingress NAME --rule=host/path=service:port[,tls[=secretname]] [options]
# 常用选项
host/path # 服务对应的 FQDN 和 URL
--annotation=[] # 注解信息,格式为 "annotation=value"
--rule=[] # 代理规则,格式为 "host/path=service:port[,tls=secretname]"
--class='' # 此 Ingress 适配的 Ingress Class
# 基于 URI 方式代理不同应用的请求时,后端应用的 URI 若与代理时使用的 URI 不同,则需要启用 URL Rewrite 完成 URI 的重写
# Ingress-Nginx 支持使用 "annotation nginx.ingress.kubernetes.io/rewrite-target" 注解进行5 ingress-nginx功能使用案例
5.1 创建基础的ingress架构:基于路径访问
5.1.1 创建deployment控制器验证MmetalLB是否可用
创建两个deployment资源类型命名为myapp-v1 与 v2
bash
[root@k8s-master ingress]# kubectl create deployment myapp-v1 \
--image myapp:v1 --dry-run=client -o yaml > myapp-v1.yml
[root@k8s-master ingress]# kubectl create deployment myapp-v2 \
--image myapp:v2 --dry-run=client -o yaml > myapp-v2.yml
bash
[root@k8s-master ingress]# vim myapp-v1.yml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: myapp-v1
name: myapp-v1
spec:
replicas: 1
selector:
matchLabels:
app: myapp-v1
template:
metadata:
labels:
app: myapp-v1
spec:
containers:
- image: myapp:v1
name: myapp
[root@k8s-master ingress]# vim myapp-v2.yml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: myapp-v2
name: myapp-v2
spec:
replicas: 1
selector:
matchLabels:
app: myapp-v2
template:
metadata:
labels:
app: myapp-v2
spec:
containers:
- image: myapp:v2
name: myapp
# 声明资源类型
[root@k8s-master ingress]# kubectl apply -f myapp-v1.yml
[root@k8s-master ingress]# kubectl apply -f myapp-v1.yml
# 查看是否创建成功
[root@k8s-master ingress]# kubectl get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
myapp-v1 1/1 1 1 85m
myapp-v2 1/1 1 1 85m
# 查看集群IP
[root@k8s-master ingress]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-v1-7479d6c54d-x2zvr 1/1 Running 0 86m 10.244.2.51 k8s-node2 <none> <none>
myapp-v2-7cd6d597d-gmgt6 1/1 Running 0 86m 10.244.1.43 k8s-node1 <none> <none>
# 测试集群内是否可访问
[root@k8s-master ingress]# curl 10.244.2.51
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@k8s-master ingress]# curl 10.244.1.43
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>5.1.2 创建ingress资源类型和服务
使用ingress进行七层与外界通讯
由于ingress 类型是由外界传到ingress再由ingress传给内部的service 所以需要暴露端口需要创建service 进行连通
myapp-v1添加微服务
bash
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: myapp-v1
name: myapp-v1
spec:
replicas: 1
selector:
matchLabels:
app: myapp-v1
template:
metadata:
labels:
app: myapp-v1
spec:
containers:
- image: myapp:v1
name: myapp
---
apiVersion: v1
kind: Service
metadata:
labels:
app: myapp-v1
name: myapp-v1
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: myapp-v1myapp-v2添加微服务
bash
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: myapp-v2
name: myapp-v2
spec:
replicas: 1
selector:
matchLabels:
app: myapp-v2
template:
metadata:
labels:
app: myapp-v2
spec:
containers:
- image: myapp:v2
name: myapp
---
apiVersion: v1
kind: Service
metadata:
labels:
app: myapp-v2
name: myapp-v2
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: myapp-v2重新声明更新
bash
[root@k8s-master ingress]# kubectl apply -f myapp-v1.yml
[root@k8s-master ingress]# kubectl apply -f myapp-v2.yml
[root@k8s-master ingress]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d11h
myapp-v1 ClusterIP 10.108.70.49 <none> 80/TCP 91m
myapp-v2 ClusterIP 10.101.121.115 <none> 80/TCP 86m5.1.3 创建 ingress 资源类型作为与内部service的一个链接
bash
[root@k8s-master ingress]# kubectl create ingress webcluster \
--rule '*/=shuyan-svc:80' --dry-run=client -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webcluster
spec:
rules:
- host: '*'
http:
paths:
- backend:
service:
name: shuyan-svc
port:
number: 80
path: /
pathType: Exact
status:
loadBalancer: {}
[root@k8s-master ingress]# kubectl create ingress webcluster \
--rule '*/=shuyan-svc:80' --dry-run=client -o yaml > shuyan-inccress.yml
[root@k8s-master ingress]# vim shuyan-inccress.yml
## 以下是修改之后 的
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webcluster
annotations:
nginx.ingress.kubernetes.io/rewrite-target: / # 访问路径后加任何内容都被定向到/
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: myapp-v1
port:
number: 80
path: /v1 # 定义访问路径为v1
pathType: Prefix
- backend:
service:
name: myapp-v2
port:
number: 80
path: /v2 # 定义访问路径为v2
pathType: Prefix声明ingress类型
bash
[root@k8s-master ingress]# kubectl apply -f shuyan-inccress.yml查看ingress分配的地址
bash
[root@k8s-master ingress]# kubectl -n ingress-nginx get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.97.25.16 192.168.239.201 80:30467/TCP,443:31166/TCP 11h
ingress-nginx-controller-admission ClusterIP 10.99.91.236 <none> 443/TCP 11h访问分配的地址
bash
[root@complete ~]# curl 192.168.239.201/v1
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl 192.168.239.201/v2
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>5.2 基于域名的访问
bash
[root@k8s-master ingress]# vim shuyan-inccress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webcluster
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: myapp-v1.shuyan.com # v1 域名
http:
paths:
- backend:
service:
name: myapp-v1
port:
number: 80
path: /
pathType: Prefix
- host: myapp-v2.shuyan.com # v2 域名
http:
paths:
- backend:
service:
name: myapp-v2
port:
number: 80
path: /
pathType: Prefix声明修改后代码
bash
[root@k8s-master ingress]# kubectl apply -f shuyan-inccress.yml查看是否创建成功
bash
[root@k8s-master ingress]# kubectl describe ingress webcluster 
在集群之外的主机做域名解析
bash
[root@complete ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.239.20 complete reg.shuyan.com
192.168.239.110 k8s-node1
192.168.239.120 k8s-node2
192.168.239.100 k8s-master
192.168.239.201 myapp-v1.shuyan.com myapp-v2.shuyan.com # 添加解析
bash
[root@complete ~]# curl myapp-v1.shuyan.com
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl myapp-v2.shuyan.com
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>5.3 建立tls加密
建立证书
这条命令创建了一个名为 web-tls-secret 的 Secret,其中包含了你之前生成的 TLS 证书 (tls.crt) 和私钥 (tls.key)。Secret 是 Kubernetes 中用于存储敏感信息的对象,如密码、密钥等。
创建证书
bash
[root@k8s-master ingress]# openssl req -newkey rsa:2048 \
-nodes -keyout tls.key -x509 -days 365 \
-subj "/CN=nginxsvc/O=nginxsvc" -out tls.crt
bash
[root@k8s-master ingress]# kubectl describe secrets web-tls-secret
Name: web-tls-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 1164 bytes
tls.key: 1704 bytes
bash
[root@k8s-master ingress]# kubectl get secrets web-tls-secret -o yaml
bash
[root@k8s-master ingress]# vim myapp-v1.yml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: myapp-v1
name: myapp-v1
spec:
replicas: 1
selector:
matchLabels:
app: myapp-v1
template:
metadata:
labels:
app: myapp-v1
spec:
containers:
- image: myapp:v1
name: myapp
---
apiVersion: v1
kind: Service
metadata:
labels:
app: myapp-v1
name: myapp-v1
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: myapp-v1
bash
[root@k8s-master ingress]# vim ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webcluster
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls: # 使用tls
- hosts:
- myapp-v1.shuyan.com
secretName: web-tls-secret # 指定secret资源类型的名称
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: myapp-v1
port:
number: 80
path: /
pathType: Prefix删除原有的,声明新的
bash
[root@k8s-master ingress]# kubectl delete -f shuyan-inccress.yml
[root@k8s-master ingress]# kubectl apply -f ingress.yml 查看是否成功
bash
[root@k8s-master ingress]# kubectl describe ingress webcluster
Name: webcluster
Labels: <none>
Namespace: default
Address: 192.168.239.110
Ingress Class: nginx
Default backend: <default>
TLS:
web-tls-secret terminates myapp-v1.shuyan.com
Rules:
Host Path Backends
---- ---- --------
*
/ myapp-v1:80 (10.244.2.51:80)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 3m46s (x2 over 4m17s) nginx-ingress-controller Scheduled for sync网页输入认证
5.4 建立auth认证
bash
[root@k8s-master ingress]# yum install httpd-tools
# 创建本地文件为auth 用户名为shuyan
[root@k8s-master ingress]# htpasswd -cm auth shuyan
New password:
Re-type new password:
Adding password for user shuyan
[root@k8s-master ingress]# ls | grep auth
auth
[root@k8s-master ingress]# cat auth
shuyan:$apr1$Zqqr6uJj$a0Kb0nUK2CiqXYP7OugYj1
[root@k8s-master ingress]# kubectl create secret generic auth-web \
--from-file /root/ingress/auth 查看本地导入的资源类型
bash
[root@k8s-master ingress]# kubectl describe secrets auth-web
Name: auth-web
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
auth: 45 bytes
[root@k8s-master ingress]# kubectl get secrets auth-web -o yaml
apiVersion: v1
data:
auth: c2h1eWFuOiRhcHIxJFpxcXI2dUpqJGEwS2IwblVLMkNpcVhZUDdPdWdZajEK
kind: Secret
metadata:
creationTimestamp: "2024-09-08T11:42:25Z"
name: auth-web
namespace: default
resourceVersion: "733478"
uid: 84cc365b-de63-40f3-b134-75ed984a1692
type: Opaque建立ingress2基于用户认证的yaml文件
bash
[root@k8s-master ingress]# vim ingress2.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-auth
annotations:
nginx.ingress.kubernetes.io/auth-type: basic # 定义认证类型
nginx.ingress.kubernetes.io/auth-secret: auth-web # 选定导入的本地加密文件名称
nginx.ingress.kubernetes.io/auth-realm: "Please input username and password" # 打印一条语句
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- myapp-v1.shuyan.com
secretName: web-tls-secret
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: myapp-v1
port:
number: 80
path: /
pathType: Prefix删除旧的并创建新的
bash
[root@k8s-master ingress]# kubectl delete -f ingress.yml
[root@k8s-master ingress]# kubectl apply -f ingress2.yml 查看认证文件资源类型
bash
[root@k8s-master ingress]# kubectl describe ingress ingress-auth
Name: ingress-auth
Labels: <none>
Namespace: default
Address:
Ingress Class: nginx
Default backend: <default>
TLS:
web-tls-secret terminates myapp-v1.shuyan.com
Rules:
Host Path Backends
---- ---- --------
*
/ myapp-v1:80 (10.244.2.51:80)
Annotations: nginx.ingress.kubernetes.io/auth-realm: Please input username and password
nginx.ingress.kubernetes.io/auth-secret: auth-web
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 27s nginx-ingress-controller Scheduled for 实现效果
5.5 rewrite重定向
基于正则表达式的重定向
bash
[root@k8s-master ingress]# vim ingress3.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-rewite
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: myapp-v1
port:
number: 80
path: /
pathType: Prefix
- backend:
service:
name: myapp-v2
port:
number: 80
path: /shuyan(/|$)(.*)
pathType: ImplementationSpecific
host: myapp-v1.shuyan.com
nginx.ingress.kubernetes.io/rewrite-target: /$2:
这个注解告诉 Nginx Ingress 控制器,对于匹配 /shuyan/(/|$)(.*) 的路径,
将路径重写为 / 后面加上 $2。
$2 是正则表达式中捕获的第二个分组,即 / 或空字符串后面的所有内容。
例如,请求 https://myapp-v1.shuyan.com/shuyan/some/path 将被重写为 /some/path。
根路径请求:
客户端请求 https://myapp-v1.shuyan.com/,直接转发到 myapp-v1 服务。
带 /shuyan 的路径请求:
客户端请求 https://myapp-v1.shuyan.com/shuyan/some/path,
匹配 /shuyan/(/|$)(.*),路径重写为 /some/path,然后转发到 myapp-v2 服务。声明并查看状态
bash
[root@k8s-master ingress]# kubectl delete -f ingress2.yml
[root@k8s-master ingress]# kubectl apply -f ingress3.yml
[root@k8s-master ingress]# kubectl describe ingress ingress-rewite
Name: ingress-rewite
Labels: <none>
Namespace: default
Address: 192.168.239.110
Ingress Class: nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
myapp-v1.shuyan.com
/ myapp-v1:80 (10.244.2.51:80)
/shuyan(/|$)(.*) myapp-v2:80 (10.244.1.43:80)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 5m50s (x5 over 18m) nginx-ingress-controller Scheduled for sync
bash
[root@complete ~]# curl myapp-v1.shuyan.com
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl myapp-v1.shuyan.com/shuyan/index.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl myapp-v1.shuyan.com/shuyan/hostname.html
myapp-v2-7cd6d597d-gmgt6基于根目录的重定向
bash
[root@k8s-master ingress]# vim ingress4.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-rewite
annotations:
nginx.ingress.kubernetes.io/app-root: /hostname.html
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: myapp-v1
port:
number: 80
path: /
pathType: Prefix
host: myapp-v1.shuyan.com声明并查看
bash
[root@k8s-master ingress]# kubectl delete -f ingress3.yml
[root@k8s-master ingress]# kubectl apply -f ingress4.yml
[root@k8s-master ingress]# kubectl describe ingress ingress-rewite
Name: ingress-rewite
Labels: <none>
Namespace: default
Address: 192.168.239.110
Ingress Class: nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
myapp-v1.shuyan.com
/ myapp-v1:80 (10.244.2.51:80)
Annotations: nginx.ingress.kubernetes.io/app-root: /hostname.html
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 9s (x2 over 16s) nginx-ingress-controller Scheduled for sync
bash
[root@complete ~]# curl -L myapp-v1.shuyan.com/
myapp-v1-7479d6c54d-x2zvr
[root@complete ~]# curl myapp-v1.shuyan.com/123/3123/ -L
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>能不能写什么都会被重定向到指定目录呢?
当然可以
使用 nginx.ingress.kubernetes.io/rewrite-target注解来重写所有请求到 /hostname.html 的 Ingress 规则:
bash
[root@k8s-master ingress]# vim ingress5.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-rewite
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /hostname.html
spec:
ingressClassName: nginx
rules:
- host: myapp-v1.shuyan.com
http:
paths:
- backend:
service:
name: myapp-v1
port:
number: 80
path: /
pathType: Prefix
bash
[root@k8s-master ingress]# kubectl delete -f ingress4.yml
ingress.networking.k8s.io "ingress-rewite" deleted
[root@k8s-master ingress]# kubectl apply -f ingress5.yml
ingress.networking.k8s.io/ingress-rewite created
bash
[root@complete ~]# curl myapp-v1.shuyan.com/123/3123/ -L
myapp-v1-7479d6c54d-x2zvr
[root@complete ~]# curl myapp-v1.shuyan.com/123/3123/
myapp-v1-7479d6c54d-x2zvr
[root@complete ~]# curl myapp-v1.shuyan.com/123/31233123/
myapp-v1-7479d6c54d-x2zvr
[root@complete ~]# curl myapp-v1.shuyan.com/123/31233123/3213
myapp-v1-7479d6c54d-x2zvr
根据新的 Ingress 规则,所有请求都将被重写到 /hostname.html。这意味着:
请求 https://myapp-v1.shuyan.com/ 将被重写到 /hostname.html。
请求 https://myapp-v1.shuyan.com/123 也将被重写到 /hostname.html。
请求 https://myapp-v1.shuyan.com/some/path 也将被重写到 /hostname.html。