欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

kubernetes之ingress安装及遇到的rbac问题

程序员文章站 2024-03-19 14:14:28
...

话不多少,直接上创建步骤

一、default-backend

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: default-http-backend
  labels:
    k8s-app: default-http-backend
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        k8s-app: default-http-backend
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: default-http-backend
        # Any image is permissable as long as:
        # 1. It serves a 404 page at /
        # 2. It serves 200 on a /healthz endpoint
        image: registry.cn-beijing.aliyuncs.com/gcrs/defaultbackend:1.0  
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        ports:
        - containerPort: 8080
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
          requests:
            cpu: 10m
            memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
  name: default-http-backend
  namespace: kube-system
  labels:
    k8s-app: default-http-backend
spec:
  ports:
  - port: 80
    targetPort: 8080
  selector:
    k8s-app: default-http-backend

二、ingress-controlerr

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  labels:
    k8s-app: nginx-ingress-controller
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-controller
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
    spec:
      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the ho
st
      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is u
sed
      # like with kubeadm
      hostNetwork: true
      serviceAccountName: ingress
      terminationGracePeriodSeconds: 60
      containers:
      - image: registry.cn-hangzhou.aliyuncs.com/souban/nginx-ingress-controller:0.9.0-beta.10  
        name: nginx-ingress-controller
        readinessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          timeoutSeconds: 1
        ports:
        - containerPort: 80
          hostPort: 80
        - containerPort: 443
          hostPort: 443
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend

三、创建测试应用

1、tea.yaml
      apiVersion: v1
      kind: Service
      metadata:
        name: tea-svc
        labels:
          app: tea
      spec:
        ports:
        - port: 808
          targetPort: 80
          protocol: TCP
          name: http
        selector:
          app: tea
      ---
      apiVersion: v1
      kind: ReplicationController
      metadata:
        name: tea-rc
      spec:
        replicas: 1
        template:
          metadata:
            labels:
              app: tea
          spec:
            containers:
            - name: tea
              image: nginxdemos/hello
              ports:
              - containerPort: 80
2、coffee.yaml
    apiVersion: v1
    kind: Service
    metadata:
      name: coffee-svc
      labels:
        app: coffee
    spec:
      ports:
      - port: 806
        targetPort: 80
        protocol: TCP
        name: http
      selector:
        app: coffee
    ---
    apiVersion: v1
    kind: ReplicationController
    metadata:
      name: coffee-rc
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: coffee
        spec:
          containers:
          - name: coffee
            image: nginxdemos/hello
            ports:
            - containerPort: 80

四、ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test
  annotations:
    ingress.kubernetes.io/force-ssl-redirect: "false"
    ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - http:
      paths:
      - path: /tea
        backend:
          serviceName: tea-svc
          servicePort: 808
      - path: /coffee
        backend:
          serviceName: coffee-svc
          servicePort: 806

测试

http://nodeip/tea
http://nodeip/coffee

rbac问题

no service with name kube-system/default-http-backend found: the server does not allow access to the 
requested resource (get services default-http-backend)
此问题为访问apiserver权限问题,请自行创建rabc。

参考

https://github.com/kubernetes/ingress/issues/575
https://github.com/kubernetes/ingress/tree/master/examples/deployment/nginx
https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example

补充

annotations这个参数也比较重要
https://github.com/kubernetes/ingress/blob/master/docs/annotations.md
相关标签: ingress kubernetes rbac

上一篇: User does not have permission on weblogic.management.adminhome to perform lookup operati

下一篇: DSA数字签名例子

推荐阅读