nginx ingress deploy

1
2
3
4
5
6
7
8
9
 https://kubernetes.github.io/ingress-nginx/
 
# 必备command
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

# 使用seletor daemonset

# nodeport 暴露 ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

部署nginx应用

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[root@master ingress-nginx]# cat first-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: first-ingress
  namespace: dabing-test
spec:
  rules:
  - host: first-ing.dabing.com
    http:
      paths:
      - path: /
        backend:
          serviceName: webapp
          servicePort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: first-ingress1
  namespace: dabing-test
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "600M #修改域名的nginx配置。
spec:
  rules:
  - host: first-ing1.dabing.com
    http:
      paths:
      - path: /
        backend:
          serviceName: webapp
          servicePort: 8082

修改nginx配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# 修改整体的nginx配置  修改config
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
# example: 修改data
[root@master ingress-nginx]# cat cm.yaml
apiVersion: v1
data:
  proxy-body-size: 200m
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx


# 修改单个域名的配置 修改annotations
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
# example: 修改annotations
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: first-ingress1
  namespace: dabing-test
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "600M #修改域名的nginx配置。

# 修改session支持
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/session-cookie-hash: sha1
    nginx.ingress.kubernetes.io/session-cookie-name: route

# 修改configMap
[root@master ~]# kubectl edit cm nginx-configuration -n ingress-nginx
apiVersion: v1
data:
  access-log-path: /var/log/nginx/all_access.log
  error-log-path: /var/log/nginx/all_error.log
  http-redirect-code: "301"
  log-format-escape-json: "true"
  log-format-upstream: '{ "time": "$time_iso8601", "remote_addr": "$remote_addr","x-forward-for":
    "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user":"$remote_user",
    "bytes_sent": $bytes_sent, "request_time": $request_time, "status":$status, "vhost":
    "$host", "request_proto": "$server_protocol", "path": "$uri","request_query":
    "$args", "request_length": $request_length, "duration": $request_time,"method":
    "$request_method", "http_referrer": "$http_referer", "http_user_agent":"$http_user_agent",
    "upstream_time": $upstream_response_time }'
  ssl-redirect: "false"

配置https证书

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 准备证书,创建 tls 的 secret
kubectl create secret tls 9fbank-com --key server.key --cert server.pem -n op-test

# 配置yaml文件
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: go-example
  namespace: op-test
spec:
  tls:
  - hosts:
    - gp-examplet.9fbank.com
    secretName: 9fbank-com
  rules:
  - host: gp-examplet.9fbank.com
    http:
      paths:
      - backend:
          serviceName: go-example
          servicePort: 8080
        path: /

tcp支持

1
2
3
4
5
6
7
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  "30000": web-demo:80
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
# 修改nginx 全局日志, 日志格式
apiVersion: v1
data:
  access-log-path: /tmp/acc.log
  error-log-path: /tmp/err.log
  log-format-escape-json: "true"
  log-format-upstream: '{ "time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr","x-forward-for":
    "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user":"$remote_user",
    "bytes_sent": $bytes_sent, "request_time": $request_time, "status":$status, "vhost":
    "$host", "request_proto": "$server_protocol", "path": "$uri","request_query":
    "$args", "request_length": $request_length, "duration": $request_time,"method":
    "$request_method", "http_referrer": "$http_referer", "http_user_agent":"$http_user_agent"
    }'

# 单域名配置 # 自定义日志路径  基于cookie 负载均衡
  annotations:
    #nginx.ingress.kubernetes.io/server-snippet: |
    #    access_log  /tmp/go-access.log;
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/session-cookie-hash: sha1
    nginx.ingress.kubernetes.io/session-cookie-name: route

修改k8s容器时区问题

1
2
3
4
5
6
7
8
9
spec:
  volumes:
  - name: host-time
    hostPath:
      path: /etc/localtime
containers:
  volumeMounts:
  - name: host-time
    mountPath: "/usr/share/zoneinfo/Asia/Shanghai"