CentOS搭建k8s集群(7)—安装nginx-ingress

服务器信息
master:192.168.201.1
node1:192.168.101.2
node2:192.168.101.3

1、查找nginx-ingress
helm search repo nginx-ingress
选择这个nginx/nginx-ingress

2、展示values.yaml文件,分析helm安装nginx ingress的命令行覆盖参数(很重要)
helm show values nginx/nginx-ingress

3、安装nginx-ingress
kubectl create namespace nginx-ingress
helm install gateway nginx/nginx-ingress \
--namespace nginx-ingress \
--set controller.hostNetwork=true \
--set controller.healthStatus=true \
--set controller.service.type=NodePort \
--set controller.service.httpPort.nodePort=30080 \
--set controller.service.httpsPort.nodePort=30443

使用NodePort网络访问方式,http端口为30080,https端口为30443

4、安装显示
NAME: gateway
LAST DEPLOYED: Wed Nov 4 09:40:59 2020
NAMESPACE: nginx-ingress
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The NGINX Ingress Controller has been installed.

5、查看pod
kubectl get pod -n nginx-ingress -o wide

NAME                                     READY   STATUS    RESTARTS   AGE     IP               NODE        NOMINATED NODE   READINESS GATES
gateway-nginx-ingress-84fd9b79fd-6qscj   1/1     Running   0          2m54s   192.168.101.2    k8s-node1   <none>           <none>

6、ingress-controller的作用
实现反向代理及负载均衡的功能,对ingress定义的规则进行解析,根据配置的规则来实现请求转发。也就是说有了一个外网的统一入口。网上有些文章会先打一个边缘节点的label,在安装时指定nodeSelector,也是这个作用,就是指定了一个对外暴露的公网ip地址

7、查看node1和node2
由于这个pod的副本只有一份,放到了node1上
所以node1上拉取了nginx/nginx-ingress 1.9.0的docker镜像
在集群所有服务器上都监听了30080和30443端口

8、访问健康检查地址
分两种情况
1)本机访问本机IP
master访问:curl http://192.168.201.1:30080/nginx-health
node1访问:curl http://192.168.101.2:30080/nginx-health
node2访问:curl http://192.168.101.3:30080/nginx-health
2)集群外及master、node2访问node1 IP
curl http://192.168.101.2:30080/nginx-health
3)都返回
healthy

9、查看nginx-ingress资源
kubectl get all -n nginx-ingress

NAME                                         READY   STATUS    RESTARTS   AGE
pod/gateway-nginx-ingress-84fd9b79fd-6qscj   1/1     Running   0          4m43s

NAME                            TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
service/gateway-nginx-ingress   NodePort   10.102.221.147           80:30080/TCP,443:30443/TCP   4m43s

NAME                                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gateway-nginx-ingress   1/1     1            1           4m43s

NAME                                               DESIRED   CURRENT   READY   AGE
replicaset.apps/gateway-nginx-ingress-84fd9b79fd   1         1         1       4m43s

10、更新nginx-ingress配置(需要全量参数)
执行:
helm install gateway nginx/nginx-ingress \
--namespace nginx-ingress \
--set controller.hostNetwork=true \
--set controller.healthStatus=true \
--set controller.service.type=NodePort \
--set controller.service.httpPort.nodePort=30080 \
--set controller.service.httpsPort.nodePort=30443 \
--set enableTLSPassthrough=true

提示:
Release "gateway" has been upgraded. Happy Helming!
NAME: gateway
LAST DEPLOYED: Sun Nov 22 07:35:52 2020
NAMESPACE: nginx-ingress
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
The NGINX Ingress Controller has been installed.

参考资料:
https://blog.csdn.net/twingao/article/details/105157724
https://www.cnblogs.com/iiiiher/p/8051947.html