92、K8s之ingress下集

ly14356786192024-09-14 23:19

一、ingress

1.1、两种部署方式

1、ingress------------deployment + nodeport

​ daemonset + hostnetwork----每台设备只能有一个pod,因为直接使用宿主机的端口,所以只能开启一个pod。

2、ingress------svc------deployment里面的pod,这种可以有多个pod。

1.2、ingess的权限控制:

访问页面的时候,输入账号密码才可以访问页面。

basicAuth:可以创建访问密码

traefik ingress controller

专门为了部署k8s微服务开发的http方向代理和负载均衡工具。

自动发现匹配的后端pod的变化,同时有可视化的页面

自动感知变化,实现服务的自动发现

daemonset + hostnetwork 适用于大集群

deployment + nodeport 适用内部访问,性能较低

1.3、ingress-traefik和ingress-nginx之间的区别。

igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。

动态实现nginx的配置修改。

ingress-traefik:

本身就能和k8s的api的交互,感知后端的service以及pod的变化。

traefik更简单,更方便。

go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。

二、试验操作

1、访问页面的时候,输入账号密码才可以访问页面。

basicAuth:可以创建访问密码

[root@master01 opt]# cd ingress/
[root@master01 ingress]# htpasswd -c auth zhailiming
New password: 
Re-type new password: 
Adding password for user zhailiming
[root@master01 ingress]# ls
auth   ingress-nginx1.yaml  service-nodeport.yaml
https  mandatory.yaml
[root@master01 ingress]# kubectl create secret generic basic-auth --from-file=auth 
secret/basic-auth created

[root@master01 ingress]# vim ingress-nginx1.yaml 


  annotations:
#设置认证的类型::
    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'

[root@master01 ingress]# kubectl apply -f ingress-nginx1.yaml 

[root@master01 ingress]# kubectl get pod -o wide -n ingress-nginx 
NAME                             READY   STATUS    RESTARTS   AGE   IP               NODE       NOMINATED NODE   READINESS GATES
nginx-ingress-controller-44ktd   1/1     Running   0          18h   192.168.168.83   node02     <none>           <none>
nginx-ingress-controller-ksjkr   1/1     Running   0          18h   192.168.168.81   master01   <none>           <none>
nginx-ingress-controller-z4lrr   1/1     Running   0          18h   192.168.168.82   node01     <none>           <none>


##进入虚拟机终端浏览器


2、重定向-----rewrite-target:

实现从www.zlm.com跳转www.xy102.com

[root@master01 ingress]# vim ingress-nginx1.yaml

  annotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
    nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
  tls:
    - hosts:
      - www.zlm.com
      secretName: tls.secret
#指定加密通信的域名,上下文一直,指定secret加密的名称,获取私钥和证
书
  rules:
  - host: www.zlm.com
    http:


[root@master01 ingress]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.168.81 master01 www.xy102.com www.zlm.com

3、ingress-traefik和ingress-nginx之间的区别。

igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。

动态实现nginx的配置修改。

ingress-traefik:

本身就能和k8s的api的交互,感知后端的service以及pod的变化。

traefik更简单,更方便。

go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。

DaemonSet+hostPort:

[root@master01 ingress]# vim mandatory.yaml 

apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
#  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
      annotations:
        prometheus.io/port: "10254"
        prometheus.io/scrape: "true"
    spec:
      # wait up to five minutes for the drain of connections
      terminationGracePeriodSeconds: 300
      serviceAccountName: nginx-ingress-serviceaccount
      nodeSelector:
        kubernetes.io/os: linux
      hostNetwork: true
#      nodeSelector:
#        ingress: "true"
---------------------------------------------------

ingress-traefik

[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik



----------------
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月  11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月  11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root  788 9月  11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root  471 9月  11 10:27 ui.yaml



[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
[root@master01 traefik]# kubectl apply -f ui.yaml 

[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        15d
traefik-ingress-service   NodePort    10.96.27.248   <none>        80:30789/TCP,8080:31818/TCP   71s
traefik-web-ui            ClusterIP   10.96.45.60    <none>        80/TCP                        61s


[root@master01 traefik]# cd ..
[root@master01 ingress]# kubectl delete -f mandatory.yaml


[root@master01 ingress]# cp ingress-nginx1.yaml traefik/traefik-nginx1.yaml
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml


[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth   ingress-nginx1.yaml  service-nodeport.yaml
https  mandatory.yaml       traefik
[root@master01 ingress]# kubectl delete -f ingress-nginx1.yaml 

[root@master01 traefik]# vim traefik-nginx1.yaml 


apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-client-storageclass
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-traefik
  labels:
    app1: nginx1
spec:
  replicas: 3
  selector:
    matchLabels:
      app1: nginx1
  template:
    metadata:
      labels:
        app1: nginx1
    spec:
      containers:
        - name: nginx1
          image: nginx:1.22
          ports:
            - containerPort: 80
          volumeMounts:
          - name: nfs-pvc
            mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-pvc
        persistentVolumeClaim:
          claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-traefik-svc
spec:
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-traefik-ingress
  annotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
#    nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
  rules:
  - host: www.xy102.com
    http:
      paths:
      - path: /
        pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2
        backend:
#匹配的svc的名称----pod
          service:
            name: nginx-traefik-svc
            port:
              number: 80
              
              
              
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml 



[root@k8s5 k8s]# cd default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace/
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 0
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 4
-rw-r--r--. 1 root root 4 9月  11 10:52 index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# 


[root@master01 traefik]# kubectl get pod -o wide
NAME                             READY   STATUS    RESTARTS   AGE    IP             NODE       NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl             1/1     Running   0          5d1h   10.244.2.173   node02     <none>           <none>
nginx-traefik-7c5f68df5b-9zxqc   1/1     Running   0          44m    10.244.1.242   node01     <none>           <none>
nginx-traefik-7c5f68df5b-fx46k   1/1     Running   0          44m    10.244.0.29    master01   <none>           <none>
nginx-traefik-7c5f68df5b-zjlzt   1/1     Running   0          44m    10.244.2.242   node02     <none>           <none>



[root@master01 traefik]# curl 10.244.1.242
123




[root@master01 traefik]# kubectl get svc -o wide -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE    SELECTOR
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        15d    k8s-app=kube-dns
traefik-ingress-service   NodePort    10.96.27.248   <none>        80:30789/TCP,8080:31818/TCP   134m   k8s-app=traefik-ingress-lb
traefik-web-ui            ClusterIP   10.96.45.60    <none>        80/TCP                        134m   k8s-app=traefik-ingress-lb
[root@master01 traefik]# curl www.xy102.com:30789
123

4、Deployment+nodeport----四个yaml文件都执行

[root@master01 ingress]# vim mandatory.yaml 



apiVersion: apps/v1
kind: Deployment
#kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
      annotations:
        prometheus.io/port: "10254"
        prometheus.io/scrape: "true"
    spec:
      # wait up to five minutes for the drain of connections
      terminationGracePeriodSeconds: 300
      serviceAccountName: nginx-ingress-serviceaccount
      nodeSelector:
        kubernetes.io/os: linux
#      hostNetwork: true
#      nodeSelector:
#        ingress: "true"



[root@master01 ingress]# kubectl apply -f mandatory.yaml 

[root@master01 ingress]# vim service-nodeport.yaml 

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

[root@master01 ingress]# kubectl apply -f service-nodeport.yaml

[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik

----------------
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月  11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月  11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root  788 9月  11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root  471 9月  11 10:27 ui.yaml



[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
[root@master01 traefik]# kubectl apply -f ui.yaml 


[root@master01 traefik]# vim traefik-nginx1.yaml 

kind: Deployment
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-client-storageclass
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-traefik
  labels:
    app1: nginx1
spec:
  replicas: 3
  selector:
    matchLabels:
      app1: nginx1
  template:
    metadata:
      labels:
        app1: nginx1
    spec:
      containers:
        - name: nginx1
          image: nginx:1.22
          ports:
            - containerPort: 80
          volumeMounts:
          - name: nfs-pvc
            mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-pvc
        persistentVolumeClaim:
          claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-traefik-svc
spec:
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-traefik-ingress
  annotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
#    nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
  rules:
  - host: www.xy102.com
    http:
      paths:
      - path: /
        pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2
        backend:
#匹配的svc的名称----pod
          service:
            name: nginx-traefik-svc
            port:
              number: 80


[root@master01 traefik]# kubectl get pod -o wide
NAME                             READY   STATUS    RESTARTS   AGE    IP             NODE       NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl             1/1     Running   0          5d3h   10.244.2.173   node02     <none>           <none>
nginx-traefik-849b6f9457-5cj9x   1/1     Running   0          16m    10.244.1.244   node01     <none>           <none>
nginx-traefik-849b6f9457-jmznh   1/1     Running   0          16m    10.244.0.31    master01   <none>           <none>
nginx-traefik-849b6f9457-kj2rx   1/1     Running   0          16m    10.244.2.245   node02     <none>   



[root@master01 traefik]# kubectl get svc -o wide -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE     SELECTOR
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        15d     k8s-app=kube-dns
traefik-ingress-service   NodePort    10.96.27.248   <none>        80:30789/TCP,8080:31818/TCP   3h15m   k8s-app=traefik-ingress-lb
traefik-web-ui            ClusterIP   10.96.45.60    <none>        80/TCP                        3h14m   k8s-app=traefik-ingress-lb


[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月  11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# 



[root@master01 traefik]# curl www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl www.xy102.com:30789
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>

[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月  11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# ls
[root@k8s5 test2]# echo 789 > index.html



[root@master01 traefik]# curl -L www.xy102.com:30733
123
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# vim traefik-nginx1.yaml 
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml 
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   16d
traefik-ingress-service   ClusterIP   10.96.231.58   <none>        80/TCP,8080/TCP          21m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                   21m
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml 
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.231.58   <none>        80:31767/TCP,8080:32510/TCP   22m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                        22m
[root@master01 traefik]# curl -L www.xy102.com:31767
123
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
789

三、ingress的总结+项目部署

ingress: 对外提供访问:

ingress----根据servicename选择service-----service把服务把请求根据匹配的标签转发pod。

支持http 80 https 443

deployment+NodePort

daemonset+hostnetwork

ingress-traefik

ingress-nginx

四、作业

1、Deployment+nodeport----四个yaml文件都执行

[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# vim traefik-
[root@master01 traefik]# vim traefik-deployment.yaml 
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# vim traefik-nginx1.yaml 
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.231.58   <none>        80:31767/TCP,8080:32510/TCP   71m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                        71m
[root@master01 traefik]# kubectl get pod -o wide
NAME                   READY   STATUS    RESTARTS   AGE    IP             NODE     NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl   1/1     Running   0          5d5h   10.244.2.173   node02   <none>           <none>
[root@master01 traefik]# vim traefik-nginx1.yaml 
[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth  https  ingress-nginx1.yaml  mandatory.yaml  service-nodeport.yaml  traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml 
persistentvolumeclaim/nfs-pvc created
deployment.apps/nginx-traefik created
service/nginx-traefik-svc created
ingress.networking.k8s.io/nginx-traefik-ingress created
[root@master01 traefik]# kubectl get pod -o wide
NAME                             READY   STATUS    RESTARTS   AGE    IP             NODE       NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl             1/1     Running   0          5d5h   10.244.2.173   node02     <none>           <none>
nginx-traefik-64f4cf4c65-cr6m8   1/1     Running   0          7s     10.244.1.251   node01     <none>           <none>
nginx-traefik-64f4cf4c65-ls2j8   1/1     Running   0          7s     10.244.0.38    master01   <none>           <none>
nginx-traefik-64f4cf4c65-qxmt7   1/1     Running   0          7s     10.244.2.254   node02     <none>           <none>
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.231.58   <none>        80:31767/TCP,8080:32510/TCP   76m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                        76m
[root@master01 traefik]# curl www.xy102.com
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>






[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月  11 15:57 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777/
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# ls
index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# echo 789 > index.html

[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com:31767
123
[root@master01 traefik]# curl www.xy102.com:31767/test1
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
789

2、DaemonSet+hostPort----三个yaml文件都执行

[root@master01 traefik]# vim traefik-nginx1.yaml 


apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-client-storageclass
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-traefik
  labels:
    app1: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app1: nginx
  template:
    metadata:
      labels:
        app1: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:1.22
          ports:
            - containerPort: 80
          volumeMounts:
          - name: nfs-pvc
            mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-pvc
        persistentVolumeClaim:
          claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-traefik-svc
spec:
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app1: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-traefik-ingress
  annotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
#    nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:
  rules:
  - host: www.xy102.com
    http:
      paths:
      - path: /
        pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2
        backend:
#匹配的svc的名称----pod
          service:
            name: nginx-traefik-svc
            port:
              number: 80
              
              
              
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml 


wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml



[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
[root@master01 traefik]# kubectl apply -f ui.yaml 


[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.251.209   <none>        80:31552/TCP,8080:30058/TCP   3m33s
traefik-web-ui            ClusterIP   10.96.71.175    <none>        80/TCP                        23s

[root@master01 traefik]# curl -L www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:31552
123
[root@master01 traefik]# curl -L www.xy102.com:31552/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接

[root@master01 traefik]# kubectl apply -f traefik-ds.yaml 

[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 

[root@master01 traefik]# kubectl apply -f ui.yaml 

[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   16d
traefik-ingress-service   ClusterIP   10.96.201.30   <none>        80/TCP,8080/TCP          39s
traefik-web-ui            ClusterIP   10.96.71.175   <none>        80/TCP                   16m
[root@master01 traefik]# curl -L www.xy102.com:30023/test1
curl: (7) Failed connect to www.xy102.com:30023; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com
123

##发现只要apply-------traefik-ds.yaml----------traefik-rbac.yaml-----------------ui.yaml

3、Deployment+nodeport

[root@master01 traefik]# kubectl apply -f traefik-ds.yaml 
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service unchanged
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml 
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.201.30   <none>        80:31318/TCP,8080:32115/TCP   9m38s
traefik-web-ui            ClusterIP   10.96.71.175   <none>        80/TCP                        25m
[root@master01 traefik]# curl -L www.xy102.com
123
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com:31318
123
[root@master01 traefik]# curl -L www.xy102.com:31318/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2
789

is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress

ingress.extensions/traefik-web-ui configured

[root@master01 traefik]# kubectl get svc -n kube-system

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP,9153/TCP 16d

traefik-ingress-service NodePort 10.96.201.30 80:31318/TCP,8080:32115/TCP 9m38s

traefik-web-ui ClusterIP 10.96.71.175 80/TCP 25m

[root@master01 traefik]# curl -L www.xy102.com

123

[root@master01 traefik]# curl -L www.xy102.com/test1

456

[root@master01 traefik]# curl -L www.xy102.com/test1/test2

789

[root@master01 traefik]# curl -L www.xy102.com:31318

123

[root@master01 traefik]# curl -L www.xy102.com:31318/test1

456

[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2

789

复制代码
相关推荐
大白菜和MySQL30 分钟前
rockylinux9.4单master节点k8s1.28集群部署
云原生·容器·kubernetes
玖石书30 分钟前
Docker 容器网络技术
运维·docker·容器
向往风的男子31 分钟前
【从问题中去学习k8s】k8s中的常见面试题(夯实理论基础)(三十)
学习·容器·kubernetes
爱吃番茄的小狐狸6 小时前
Docker镜像下载-使用github action- 解决无法下载docker镜像的问题
docker·容器·github
andy7_7 小时前
运行在docker环境下的图片压缩小工具
运维·docker·容器
七夜zippoe8 小时前
nacos和eureka的区别详解
云原生·eureka
唐大爹8 小时前
kubeadm方式安装k8s续:
云原生·容器·kubernetes
陈小肚8 小时前
openeuler 22.03 lts sp4 使用 kubeadm 部署 k8s-v1.28.2 高可用集群
kubernetes
ly14356786198 小时前
94 、k8s之rbac
云原生·容器·kubernetes
.生产的驴10 小时前
Docker 消息队列RabbitMQ 安装延迟消息插件
运维·spring boot·后端·docker·容器·rabbitmq·java-rabbitmq
热门推荐
01RAG 实践- Ollama+RagFlow 部署本地知识库02组基轨迹建模 GBTM的介绍与实现(Stata 或 R)032024年高教社杯数学建模国赛C题超详细解题思路分析04CANoe Trace窗口过滤栏消失的几种解决方法(附上最终解决方案)05苍穹外卖面试总结06【2024数模国赛赛题思路公开】国赛B题思路丨附可运行代码丨无偿自提0751-2 万字长文,深度解读端到端自动驾驶的挑战和前沿08Coze扣子平台完整体验和实践(附国内和国际版对比)09【2024高教社杯全国大学生数学建模竞赛】B题 生产过程中的决策问题——解题思路 代码 论文10【立创EDA-PCB设计基础】6.布线铺铜实战及细节详解