注意保证虚拟机时间同步,否则无法拉取镜像

报错:x509: certificate has expired or is not yet valid

创建deployment

test1.zazayaya.com 和 test2.zazayaya.com

# apt install ntpdate;ntpdate cn.ntp.org.cn
mkdir ~/ingress-test
# 部署pod
cat > ~/ingress-test/nginx-deployment.yaml << 'EOF'
# Source: test1.zazayaya.com
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test1-zazayaya-com
  labels:
    app: test1.zazayaya.com
spec:
  replicas: 2
  selector:
    matchLabels:
      app: test1.zazayaya.com
  template:
    metadata:
      labels:
        app: test1.zazayaya.com
    spec:
      containers:
      - name: hello-world-go
        image: zazayaya/hello-world-go
        ports:
        - containerPort: 8080

---
# Source: test2.zazayaya.com
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test2-zazayaya-com
  labels:
    app: test2.zazayaya.com
spec:
  replicas: 2
  selector:
    matchLabels:
      app: test2.zazayaya.com
  template:
    metadata:
      labels:
        app: test2.zazayaya.com
    spec:
      containers:
      - name: hello-world-go
        image: zazayaya/hello-world-go
        ports:
        - containerPort: 8080
EOF

应用deployment

# 应用
kubectl apply -f ~/ingress-test/nginx-deployment.yaml
# 查看进度状态
kubectl get pods -o wide
# rs 等价与 replicasets.apps 
kubectl get rs -o wide
kubectl get deployment -o wide

创建Service

用于访问pod,pod调整的时候,Service会自动刷新后端pod信息

cat > ~/ingress-test/nginx-deployment-svc.yaml << 'EOF'
# Source: test1.zazayaya.com
apiVersion: v1
kind: Service
metadata:
  name: test1-zazayaya-com
spec:
  type: ClusterIP
  selector:
    app: test1.zazayaya.com
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080

---
# Source: test2.zazayaya.com
apiVersion: v1
kind: Service
metadata:
  name: test2-zazayaya-com
spec:
  type: ClusterIP
  selector:
    app: test2.zazayaya.com
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
EOF

应用Service

# 应用
kubectl apply -f ~/ingress-test/nginx-deployment-svc.yaml
#  查看(CLUSTER-IP)
kubectl get svc -o wide
# 测试(正常主机名会负载变化的)
ips=$(kubectl get svc -o wide|grep zazayaya-com|awk '{print $3}')
for ip in $ips;do cmd="curl http://$ip";echo $cmd;echo $cmd|bash;done

安装ingress-nginx

cd ~/ingress-test
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.49.0/deploy/static/provider/cloud/deploy.yaml

# 修改镜像地址
sed -i 's#k8s.gcr.io/ingress-nginx/controller#registry.aliyuncs.com/google_containers/nginx-ingress-controller#g' deploy.yaml

# 修改为:service-nodeport
# 建议:Daemonset运行(筛选器选择几个节点)
# kube-proxy 代理的
# Source: ingress-nginx/templates/controller-service.yaml
type: LoadBalancer -> type: NodePort
nodePort: 30080
nodePort: 30443

# 发布
kubectl apply -f deploy.yaml

# 检测
kubectl get pods -n ingress-nginx \
  -l app.kubernetes.io/name=ingress-nginx --watch -o wide

配置ingress

# 配置ingress
cat > ~/ingress-test/ingress.yaml << 'EOF'
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zazayaya-com
spec:
  rules:
  - host: zazayaya.com
    http:
      paths:
      - path: /test1
        pathType: Prefix
        backend:
          service:
            name: test1-zazayaya-com
            port:
              number: 80
      - path: /test2
        pathType: Prefix
        backend:
          service:
            name: test2-zazayaya-com
            port:
              number: 80
EOF

应用ingress

# 应用
kubectl apply -f ~/ingress-test/ingress.yaml 
# 查看
kubectl get ingress -o wide

测试ingress

# Powershell 下 curl 测试失败
# curl -v -L -H 'Host:zazayaya.com' http://10.0.26.190:30080/test1
# /test没有定义路由,返回404
# node1
curl -s -H 'Host:zazayaya.com' http://10.0.26.190:30080/test
curl -s -H 'Host:zazayaya.com' http://10.0.26.190:30080/test1
curl -s -H 'Host:zazayaya.com' http://10.0.26.190:30080/test2
# node2
curl -s -H 'Host:zazayaya.com' http://10.0.26.191:30080/test
curl -s -H 'Host:zazayaya.com' http://10.0.26.191:30080/test1
curl -s -H 'Host:zazayaya.com' http://10.0.26.191:30080/test2