Kubernetes Ingress Controller
A „hivatalos” Kubernetes vezérlő. A közösség fejleszti. Ahogy a névből sejthető, az Nginx webszerveren alapul.
Két népszerű Kubernetes Ingress vezérlő is használ NGINX-et – mindkettő nyílt forráskódú, és a GitHubon található. Az egyiket a Kubernetes nyílt forráskódú közösség ( kubernetes/ingress-nginx a GitHubon), a másikat pedig az NGINX, Inc. ( nginxinc/kubernetes-ingress a GitHubon).
Az eltérések a verziók között: https://gist.github.com/grigorkh/f8e4fd73e99f0fde06a51e2ed7c2156c
Egy fürtön belül tetszőleges számú belépésvezérlő telepíthető. Belépés létrehozásakor minden bemenetet meg kell jelölni a megfelelő ingress.class– szal hogy jelezzük, melyik bemeneti vezérlőt kell majd használni, ha egynél több is létezik a fürtben.
Ha nem adunk meg osztályt, akkor a felhőszolgáltató alapértelmezett bemeneti vezérlőt használja.
A “hivatalos” kubernetes ingress telepítés Helm segítségével:
# addon kikapcsolása, helm bekapcsolása
microk8s disable ingress
microk8s enable helm
microk8s enable helm3
microk8s status
# Nginx Ingress Controller legújabb stabil kiadása, kicsomagolása, installálása
controller_tag=$(curl -s https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest | grep tag_name | cut -d '"' -f 4)
wget https://github.com/kubernetes/ingress-nginx/archive/refs/tags/${controller_tag}.tar.gz
tar xvf ${controller_tag}.tar.gz
cd ingress-nginx-${controller_tag}
cd charts/ingress-nginx/
# új namespace az nginx-hez
kubectl create namespace ingress-nginx
#telepítés:
microk8s helm install -n ingress-nginx ingress-nginx -f values.yaml .
# ellenörzés, ha kész a helm
kubectl get all -n ingress-nginx
kubectl get pods -n ingress-nginx
# a napló megtekintése:
kubectl -n ingress-nginx logs deploy/ingress-nginx-controller
# 3 node-unk van fusson 1 helyett 3 példányban:
cd ingress-nginx-helm-chart-4.6.0/charts/ingress-nginx
cp values.yaml values.yaml.bak
$ nano values.yaml
# a replacaCount értékét irjuk át 3-ra
# controller:
# replicaCount: 3
# listázás
$ kubectl -n ingress-nginx get deploy
$ kubectl get nodes
# jöhet az upgrade:
$ microk8s helm upgrade -n ingress-nginx ingress-nginx -f values.yaml .
$ kubectl -n ingress-nginx get deploy
$ kubectl get all -n ingres-nginx
# uninstall, ha mégsem kell :
$ helm -n ingress-nginx uninstall ingress-nginx
release "ingress-nginx" uninstalled
Próbáljuk ki:
# metallb bekapcsolása:
microk8s enable metallb:192.168.1.20-192.168.1.29cert_manager.yaml (letsencrypt)
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: lets-encrypt
namespace: ingress-nginx
spec:
acme:
email: vaxxx@cxxxxel.hu
server: https://acme-v02.api.letsencrypt.org/directory
#server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: lets-encrypt-priviate-key
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: public teszt podok és service-ek:
teszt.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: service1
namespace: ingress-nginx
spec:
replicas: 3
selector:
matchLabels:
app: service1
template:
metadata:
labels:
app: service1
spec:
containers:
- name: service1
image: docker.io/dontrebootme/microbot:v1
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: service1
namespace: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: service1
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: service2
namespace: ingress-nginx
spec:
replicas: 3
selector:
matchLabels:
app: service2
template:
metadata:
labels:
app: service2
spec:
containers:
- name: service2
image: docker.io/dontrebootme/microbot:v1
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: service2
namespace: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: service2
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: service3
namespace: ingress-nginx
spec:
replicas: 3
selector:
matchLabels:
app: service3
template:
metadata:
labels:
app: service3
spec:
containers:
- name: service3
image: docker.io/dontrebootme/microbot:v1
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: service3
namespace: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: service3
type: ClusterIP
---
kind: Pod
apiVersion: v1
metadata:
name: apple-app
namespace: ingress-nginx
labels:
app: apple
spec:
containers:
- name: apple-app
image: hashicorp/http-echo
args:
- "-text=apple"
---
kind: Service
apiVersion: v1
metadata:
name: apple-service
namespace: ingress-nginx
spec:
selector:
app: apple
ports:
- port: 5678 # Default port for imageIngress:
ingress-nginx.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
labels:
app: ingress-nginx-controller
annotations:
cert-manager.io/cluster-issuer: lets-encrypt
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
spec:
ingressClassName: nginx
tls:
- hosts:
- as201c.buckarooranch.hu
secretName: as201c-buck-tls
- hosts:
- as202c.buckarooranch.hu
secretName: as202c-buck-tls
- hosts:
- as203c.buckarooranch.hu
secretName: as203c-buck-tls
rules:
- host: as201c.buckarooranch.hu
http:
paths:
- pathType: Prefix
path: "/apple"
backend:
service:
name: apple-service
port:
number: 5678
- host: as201c.buckarooranch.hu
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service1
port:
number: 80
- host: as202c.buckarooranch.hu
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service2
port:
number: 80
- host: as203c.buckarooranch.hu
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service3
port:
number: 80 # yaml-ok futtatása:
microk8s.kibernetes apply -f cert-manager.yaml
microk8s.kibernetes apply -f teszt.yaml
microk8s.kibernetes apply -f ingress-nginx.yaml## az elkészült ingres loadbalance ip-vel: 192.168.1.20
$ microk8s kubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-nginx ingress-nginx-controller nginx as201c.buckarooranch.hu,as201c.buckarooranch.hu,as202c.buckarooranch.hu + 1 more... 192.168.1.20 80, 443 47h
# a podok és servicek az ingress-nginx namespace-ben:
root@asa201:/home# k get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/service1-7fd97cf458-gmkd4 1/1 Running 1 (45h ago) 46h
pod/service2-b77f9c95b-tbct4 1/1 Running 1 (44h ago) 45h
pod/service3-6f5d67b678-g6m4g 1/1 Running 1 (45h ago) 45h
pod/service3-6f5d67b678-7d2b9 1/1 Running 1 (44h ago) 45h
pod/apple-app 1/1 Running 1 (44h ago) 46h
pod/service1-7fd97cf458-wkbc2 1/1 Running 1 (44h ago) 46h
pod/service1-7fd97cf458-fnbqx 1/1 Running 1 (44h ago) 46h
pod/service2-b77f9c95b-tv5t2 1/1 Running 1 (44h ago) 45h
pod/service3-6f5d67b678-b8b77 1/1 Running 1 (44h ago) 45h
pod/service2-b77f9c95b-m46xb 1/1 Running 1 (45h ago) 45h
pod/ingress-nginx-controller-5c6fd54c59-fdvzd 1/1 Running 1 (45h ago) 47h
pod/ingress-nginx-controller-5c6fd54c59-btwqr 1/1 Running 0 44h
pod/ingress-nginx-controller-5c6fd54c59-5bh72 1/1 Running 0 44h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller-admission ClusterIP 10.152.183.58 <none> 443/TCP 47h
service/ingress-nginx-controller LoadBalancer 10.152.183.154 192.168.1.20 80:32149/TCP,443:31968/TCP 47h
service/apple-service ClusterIP 10.152.183.242 <none> 5678/TCP 46h
service/service1 ClusterIP 10.152.183.22 <none> 80/TCP 46h
service/service2 ClusterIP 10.152.183.198 <none> 80/TCP 45h
service/service3 ClusterIP 10.152.183.222 <none> 80/TCP 45h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/service1 3/3 3 3 46h
deployment.apps/service2 3/3 3 3 45h
deployment.apps/service3 3/3 3 3 45h
deployment.apps/ingress-nginx-controller 3/3 3 3 47h
NAME DESIRED CURRENT READY AGE
replicaset.apps/service1-7fd97cf458 3 3 3 46h
replicaset.apps/service2-b77f9c95b 3 3 3 45h
replicaset.apps/service3-6f5d67b678 3 3 3 45h
replicaset.apps/ingress-nginx-controller-5c6fd54c59 3 3 3 47h
root@asa201:/home#
Próbálhatjuk az oldalakat, a böngésző frissitésekor más-más pod fog válaszolni:
http(s)://as201c.buckarooranch.hu
http(s)://as202c.buckarooranch.hu
http(s)://as203c.buckarooranch.hu
http(s)://as201c.buckarooranch.hu/apple
A https átirányitás letiltott, a https és a http is működik. Az átirányitás tiltása:
nginx.ingress.kubernetes.io/ssl-redirect: “false”
nginx.ingress.kubernetes.io/force-ssl-redirect: “false”
teszt curl-lel:
root@asa201:/home# curl -v http://as201c.buckarooranch.hu
* Trying 1XX.2XX.XXX.10:80...
* Connected to as201c.buckarooranch.hu (1XX.2XX.XXX.10) port 80 (#0)
> GET / HTTP/1.1
> Host: as201c.buckarooranch.hu
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 28 Mar 2023 20:19:20 GMT
< Content-Type: text/html
< Content-Length: 351
< Connection: keep-alive
< Last-Modified: Sun, 26 Mar 2023 23:14:54 GMT
< ETag: "6420dee-15f"
< Accept-Ranges: bytes
<
<!DOCTYPE html>
<html>
<style type="text/css">
.centered
{
text-align:center;
margin-top:0px;
margin-bottom:0px;
padding:0px;
}
</style>
<body>
<p class="centered"><img src="microbot.png" alt="microbot"/></p>
<p class="centered">Container hostname: service1-7fd97cf458-fnbqx</p>
</body>
</html>
root@asa201:/home#
Az nginx naplóban látható a service1, service2, service3 kiszolgálása: [ingress-nginx-service1/2/3-80]
$ kubectl -n ingress-nginx logs deploy/ingress-nginx-controller
192.168.1.201 - - [28/Mar/2023:20:40:15 +0000] "GET / HTTP/1.1" 200 351 "-" "curl/7.81.0" 87 0.004 [ingress-nginx-service1-80] [] 10.1.151.79:80 351 0.003 200 250f926be7c3fb682f6dd2b3588dad11
192.168.1.201 - - [28/Mar/2023:20:40:22 +0000] "GET / HTTP/1.1" 200 351 "-" "curl/7.81.0" 87 0.002 [ingress-nginx-service3-80] [] 10.1.121.144:80 351 0.003 200 d0c80dd9bae966263a7b104a87828751
192.168.1.201 - - [28/Mar/2023:20:40:55 +0000] "GET / HTTP/1.1" 200 351 "-" "curl/7.81.0" 87 0.003 [ingress-nginx-service3-80] [] 10.1.151.82:80 351 0.004 200 9b87decf07839bc13871b605db8745b5
root@asa201:/home#