kubeadm安装集群系列-6.ingress-nginx安装

本安装暴露方式为hostnetwork，即暴露pod所在node的相应端口

kubectl apply -f mandatory.yaml

  1 apiVersion: v1
  2 kind: Namespace
  3 metadata:
  4   name: ingress-nginx
  5   labels:
  6     app.kubernetes.io/name: ingress-nginx
  7     app.kubernetes.io/part-of: ingress-nginx
  8 
  9 ---
 10 
 11 kind: ConfigMap
 12 apiVersion: v1
 13 metadata:
 14   name: nginx-configuration
 15   namespace: ingress-nginx
 16   labels:
 17     app.kubernetes.io/name: ingress-nginx
 18     app.kubernetes.io/part-of: ingress-nginx
 19 
 20 ---
 21 kind: ConfigMap
 22 apiVersion: v1
 23 metadata:
 24   name: tcp-services
 25   namespace: ingress-nginx
 26   labels:
 27     app.kubernetes.io/name: ingress-nginx
 28     app.kubernetes.io/part-of: ingress-nginx
 29 
 30 ---
 31 kind: ConfigMap
 32 apiVersion: v1
 33 metadata:
 34   name: udp-services
 35   namespace: ingress-nginx
 36   labels:
 37     app.kubernetes.io/name: ingress-nginx
 38     app.kubernetes.io/part-of: ingress-nginx
 39 
 40 ---
 41 apiVersion: v1
 42 kind: ServiceAccount
 43 metadata:
 44   name: nginx-ingress-serviceaccount
 45   namespace: ingress-nginx
 46   labels:
 47     app.kubernetes.io/name: ingress-nginx
 48     app.kubernetes.io/part-of: ingress-nginx
 49 
 50 ---
 51 apiVersion: rbac.authorization.k8s.io/v1beta1
 52 kind: ClusterRole
 53 metadata:
 54   name: nginx-ingress-clusterrole
 55   labels:
 56     app.kubernetes.io/name: ingress-nginx
 57     app.kubernetes.io/part-of: ingress-nginx
 58 rules:
 59   - apiGroups:
 60       - ""
 61     resources:
 62       - configmaps
 63       - endpoints
 64       - nodes
 65       - pods
 66       - secrets
 67     verbs:
 68       - list
 69       - watch
 70   - apiGroups:
 71       - ""
 72     resources:
 73       - nodes
 74     verbs:
 75       - get
 76   - apiGroups:
 77       - ""
 78     resources:
 79       - services
 80     verbs:
 81       - get
 82       - list
 83       - watch
 84   - apiGroups:
 85       - ""
 86     resources:
 87       - events
 88     verbs:
 89       - create
 90       - patch
 91   - apiGroups:
 92       - "extensions"
 93       - "networking.k8s.io"
 94     resources:
 95       - ingresses
 96     verbs:
 97       - get
 98       - list
 99       - watch
100   - apiGroups:
101       - "extensions"
102       - "networking.k8s.io"
103     resources:
104       - ingresses/status
105     verbs:
106       - update
107 
108 ---
109 apiVersion: rbac.authorization.k8s.io/v1beta1
110 kind: Role
111 metadata:
112   name: nginx-ingress-role
113   namespace: ingress-nginx
114   labels:
115     app.kubernetes.io/name: ingress-nginx
116     app.kubernetes.io/part-of: ingress-nginx
117 rules:
118   - apiGroups:
119       - ""
120     resources:
121       - configmaps
122       - pods
123       - secrets
124       - namespaces
125     verbs:
126       - get
127   - apiGroups:
128       - ""
129     resources:
130       - configmaps
131     resourceNames:
132       # Defaults to "<election-id>-<ingress-class>"
133       # Here: "<ingress-controller-leader>-<nginx>"
134       # This has to be adapted if you change either parameter
135       # when launching the nginx-ingress-controller.
136       - "ingress-controller-leader-nginx"
137     verbs:
138       - get
139       - update
140   - apiGroups:
141       - ""
142     resources:
143       - configmaps
144     verbs:
145       - create
146   - apiGroups:
147       - ""
148     resources:
149       - endpoints
150     verbs:
151       - get
152 
153 ---
154 apiVersion: rbac.authorization.k8s.io/v1beta1
155 kind: RoleBinding
156 metadata:
157   name: nginx-ingress-role-nisa-binding
158   namespace: ingress-nginx
159   labels:
160     app.kubernetes.io/name: ingress-nginx
161     app.kubernetes.io/part-of: ingress-nginx
162 roleRef:
163   apiGroup: rbac.authorization.k8s.io
164   kind: Role
165   name: nginx-ingress-role
166 subjects:
167   - kind: ServiceAccount
168     name: nginx-ingress-serviceaccount
169     namespace: ingress-nginx
170 
171 ---
172 apiVersion: rbac.authorization.k8s.io/v1beta1
173 kind: ClusterRoleBinding
174 metadata:
175   name: nginx-ingress-clusterrole-nisa-binding
176   labels:
177     app.kubernetes.io/name: ingress-nginx
178     app.kubernetes.io/part-of: ingress-nginx
179 roleRef:
180   apiGroup: rbac.authorization.k8s.io
181   kind: ClusterRole
182   name: nginx-ingress-clusterrole
183 subjects:
184   - kind: ServiceAccount
185     name: nginx-ingress-serviceaccount
186     namespace: ingress-nginx
187 
188 ---
189 
190 apiVersion: apps/v1
191 kind: Deployment
192 metadata:
193   name: nginx-ingress-controller
194   namespace: ingress-nginx
195   labels:
196     app.kubernetes.io/name: ingress-nginx
197     app.kubernetes.io/part-of: ingress-nginx
198 spec:
199   replicas: 1
200   selector:
201     matchLabels:
202       app.kubernetes.io/name: ingress-nginx
203       app.kubernetes.io/part-of: ingress-nginx
204   template:
205     metadata:
206       labels:
207         app.kubernetes.io/name: ingress-nginx
208         app.kubernetes.io/part-of: ingress-nginx
209       annotations:
210         prometheus.io/port: "10254"
211         prometheus.io/scrape: "true"
212     spec:
213       serviceAccountName: nginx-ingress-serviceaccount
214       hostNetwork: true
215       nodeSelector:
216         nginx: host
217       containers:
218         - name: nginx-ingress-controller
219           image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1
220           args:
221             - /nginx-ingress-controller
222             - --configmap=$(POD_NAMESPACE)/nginx-configuration
223             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
224             - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
225             - --publish-service=$(POD_NAMESPACE)/ingress-nginx
226             - --annotations-prefix=nginx.ingress.kubernetes.io
227           securityContext:
228             allowPrivilegeEscalation: true
229             capabilities:
230               drop:
231                 - ALL
232               add:
233                 - NET_BIND_SERVICE
234             # www-data -> 33
235             runAsUser: 33
236           env:
237             - name: POD_NAME
238               valueFrom:
239                 fieldRef:
240                   fieldPath: metadata.name
241             - name: POD_NAMESPACE
242               valueFrom:
243                 fieldRef:
244                   fieldPath: metadata.namespace
245           ports:
246             - name: http
247               containerPort: 80
248             - name: https
249               containerPort: 443
250           livenessProbe:
251             failureThreshold: 3
252             httpGet:
253               path: /healthz
254               port: 10254
255               scheme: HTTP
256             initialDelaySeconds: 10
257             periodSeconds: 10
258             successThreshold: 1
259             timeoutSeconds: 10
260           readinessProbe:
261             failureThreshold: 3
262             httpGet:
263               path: /healthz
264               port: 10254
265               scheme: HTTP
266             periodSeconds: 10
267             successThreshold: 1
268             timeoutSeconds: 10
269 
270 ---

mandatory.yaml

kubectl apply -f service-nodeport.yaml

 1 apiVersion: v1
 2 kind: Service
 3 metadata:
 4   name: ingress-nginx
 5   namespace: ingress-nginx
 6   labels:
 7     app.kubernetes.io/name: ingress-nginx
 8     app.kubernetes.io/part-of: ingress-nginx
 9 spec:
10   type: NodePort
11   ports:
12     - name: http
13       port: 80
14       targetPort: 80
15       protocol: TCP
16     - name: https
17       port: 443
18       targetPort: 443
19       protocol: TCP
20   selector:
21     app.kubernetes.io/name: ingress-nginx
22     app.kubernetes.io/part-of: ingress-nginx
23 
24 ---

service-nodeport.yaml

可以根据个人情况使用 nodeSelector 和 replicas 绑定到一台或多台node
注意214行～216行，与官方文件略有变化
此例暴露node的80和443端口

参考

官方文档：https://kubernetes.github.io/ingress-nginx/deploy/baremetal/