标签:ingress name tomcat yaml 部署 nginx io
安装部署 nginx-ingress-controller
输入下面网址:选择版本
https://github.com/kubernetes/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml
vim mandatory.yaml #新建一个yaml文件直接复制粘贴 ps: vim 编辑器 需要 set paste 防止格式错误
官网提示(0.30版本):!!! tip If you are using a Kubernetes version previous to 1.14, you need to change kubernetes.io/os to beta.kubernetes.io/os at line 217 of mandatory.yaml, see Labels details. #如果你的k8s集群版本低于1.14,需要
把第217 行 的 kubernetes.io/os 替换成 beta.kubernetes.io/os
kubectl version 查看集群版本
Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:08:12Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
214 terminationGracePeriodSeconds: 300
215 serviceAccountName: nginx-ingress-serviceaccount
216 nodeSelector:
217 beta.kubernetes.io/os: linux
218 containers:
219 - name: nginx-ingress-controller
:set nu
修改完创建资源
[root@localhost ~/test/ingress]# kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
查看控制器Pod 已经正常运行
[root@localhost ~/test/ingress]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-97547988b-jh9q4 1/1 Running 0 3m32s
创建个service 集群外访问
[root@localhost ~/test/ingress]# vim service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
kubectl apply -f service-nodeport.yaml
创建一组应用pod和对应的service
[root@localhost ~/test/ingress/tomcat]# vim deploy-tomcat.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
port: 80
targetPort: 8080
# - name: ajp
# port: 8009
# targetPort: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: tomcat:7-alpine
ports:
- name: httpd
containerPort: 8080
# - name: ajp
# containerPort: 8009
kubectl apply -f deploy-tomcat.yaml
配置 ingress 规则
[root@localhost ~/test/ingress/tomcat]# vim tomcat.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.luoluo.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
kubectl apply -f tomcat.yaml
浏览器输入 tomcat.luoluo.com:30080 验证 #测试需要修改宿主机 C:\Windows\System32\drivers\etc 下 HOSTS文件 映射
对tomcat服务添加httpds服务
创建私有证书及secret
openssl genrsa -out tls.key 2048
[root@localhost ~/test/ingress/tomcat]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.luoluo.com #注意域名要和服务的域名一致
kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key #创建secret
将证书应用至tomcat服务中
[root@localhost ~/test/ingress/tomcat]# vim ingress-tomcat-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- tomcat.luoluo.com #与secret证书的域名需要保持一致
secretName: tomcat-ingress-secret #secret证书的名称
rules:
- host: tomcat.luoluo.com
https:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
~
~
kubectl apply -f ingress-tomcat-tls.yaml
~
标签:ingress,name,tomcat,yaml,部署,nginx,io 来源: https://www.cnblogs.com/luoluo160717/p/15757925.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。