小知识：k8s部署Ingress并创建规则的详细介绍

## 这个地址被墙,需要科学上网！！！ # mandatory.yaml为ingress所有资源yml文件的集合 # 若是单独部署，需要分别下载configmap.yaml、namespace.yaml、rbac.yaml、service-nodeport.yaml、with-rbac.yaml wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml # service-nodeport.yaml为ingress通过nodeport对外提供服务，注意默认nodeport暴露端口为随机，可以编辑该文件自定义端口 wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

apiVersion: v1 kind: Namespace metadata: name: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx — kind: ConfigMap name: nginx-configuration namespace: ingress-nginx name: tcp-services name: udp-services kind: ServiceAccount name: nginx-ingress-serviceaccount apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole name: nginx-ingress-clusterrole rules: – apiGroups: – “” resources: – configmaps – endpoints – nodes – pods – secrets verbs: – list – watch – get – services – “extensions” – ingresses – events – create – patch – ingresses/status – update kind: Role name: nginx-ingress-role – namespaces resourceNames: # Defaults to “<election-id>-<ingress-class>” # Here: “<ingress-controller-leader>-<nginx>” # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. – “ingress-controller-leader-nginx” kind: RoleBinding name: nginx-ingress-role-nisa-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role subjects: – kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx kind: ClusterRoleBinding name: nginx-ingress-clusterrole-nisa-binding kind: ClusterRole apiVersion: apps/v1 kind: DaemonSet name: nginx-ingress-controller spec: selector: matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx template: metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: prometheus.io/port: “10254” prometheus.io/scrape: “true” spec: hostNetwork: true serviceAccountName: nginx-ingress-serviceaccount containers: – name: nginx-ingress-controller image: siriuszg/nginx-ingress-controller:0.20.0 args: – /nginx-ingress-controller – –configmap=$(POD_NAMESPACE)/nginx-configuration – –tcp-services-configmap=$(POD_NAMESPACE)/tcp-services – –udp-services-configmap=$(POD_NAMESPACE)/udp-services – –publish-service=$(POD_NAMESPACE)/ingress-nginx – –annotations-prefix=nginx.ingress.kubernetes.io securityContext: allowPrivilegeEscalation: true capabilities: drop: – ALL add: – NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 env: – name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name – name: POD_NAMESPACE fieldPath: metadata.namespace ports: – name: http containerPort: 80 – name: https containerPort: 443 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 readinessProbe: kind: Service #type: NodePort ports: – name: http port: 80 targetPort: 80 protocol: TCP – name: https port: 443 targetPort: 443

kubectl apply -f ingress-controller.yaml

kubectl get pods –all-namespaces

kubectl get all

vi ingress-tomcat8.yaml

apiVersion: extensions/v1beta1 kind: Ingress metadata: name: web spec: rules: – host: k8s.tomcat8.com http: paths: – backend: serviceName: tomcat8 servicePort: 80

kubectl apply -f ingress-tomcat8.yaml