1、下載ingress控制器yml文件

#git clone https://github.com/nginxinc/kubernetes-ingress.git
#cd kubernetes-ingress/deployments/

2、為Ingress控制器創(chuàng)建命名空間和服務(wù)帳戶

#kubectl apply -f common/ns-and-sa.yaml

3、使用TLS證書和NGINX中默認(rèn)服務(wù)器的密鑰創(chuàng)建密鑰

#kubectl apply -f common/default-server-secret.yaml

4、創(chuàng)建用于自定義NGINX配置的配置圖

#cat common/nginx-config.yaml

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config
  namespace: nginx-ingress
data:
  proxy-connect-timeout: "10s"
  proxy-read-timeout: "10s"
  client-max-body-size: "2m"

#kubectl apply -f common/nginx-config.yaml

5、配置RBAC

#kubectl apply -f rbac/rbac.yaml

6、部署Ingress控制器

deployment 如果您計劃動態(tài)更改Ingress控制器副本的數(shù)量，請使用deployment

#kubectl apply -f deployment/nginx-ingress.yaml

#添加 hostNetwork: true 暴露端口 ,或者采用nodeport或者loadbancer訪問，參考官方文檔https://github.com/nginxinc/kubernetes-ingress/blob/v1.4.3/docs/installation.md

#也可以用 label 控制 Pod 的位置，指定哪些pod運(yùn)行

DaemonSet 使用DaemonSet在每個節(jié)點或節(jié)點子集上部署Ingress控制器

#也可以用 label 控制 Pod 的位置，指定哪些pod運(yùn)行

#kubectl apply -f daemon-set/nginx-ingress.yaml

7、檢查ingress控制器是否運(yùn)行

#kubectl get pods --namespace=nginx-ingress

8、創(chuàng)建service

#cat service-ui2.yml

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
  namespace: nginx-ingress
spec:
#  type: NodePort
  selector:
    app: web_server
  ports:
  - protocol: TCP       
    name: http
    port: 80
    targetPort: 80
#通過ingress來配置tls證書不需要server開啟443端口
#  - protocol: TCP
#    name: https
#    port: 443
#    targetPort: 443

#kubectl apply -f   service-ui2.yml

9、創(chuàng)建ingress規(guī)則

#cat ingress.yml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
  rules:
  - host: ui2.test.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

#kubectl apply -f   ingress.yml

10、配置tls證書

#create secret tls hhzl-ssl -n nginx-ingress --key=./ssl/hhzl.key  --cert=./ssl/hhzl.crt

#如果沒有證書，先創(chuàng)建證書 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=China/O=adm5.cn"

#cat ui1-pv.yml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: ui1-pv
  namespace: nginx-ingress
  labels: 
    pv: ui1-pv
spec:
  capacity:
    storage: 800Mi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  nfs:
    path: /var/data/ui1
    server: 192.168.15.100

#cat ui1-pvc.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ui1-pvc
  namespace: nginx-ingress
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 800Mi
  storageClassName: nfs
  selector:
    matchLabels:
      pv: ui1-pv

#cat nginx-ui1.yml

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: hhzl
  namespace: nginx-ingress
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: my_hhzl
    spec:
      containers:
      - name: nginx
        image: nginx:1.15.2
        ports:
        - containerPort: 80
          name: nginx
        volumeMounts:
        - name: nginx-persistent-storage
          mountPath: /usr/share/nginx/html
      volumes:
        - name: nginx-persistent-storage
          persistentVolumeClaim:
            claimName: ui1-pvc

#cat service-ui1.yml

apiVersion: v1
kind: Service
metadata:
  name: hhzl-svc
  namespace: nginx-ingress
spec:
#  type: NodePort
  selector:
    app: my_hhzl
  ports:
  - protocol: TCP       
    name: http
    port: 80
    targetPort: 80

#cat ingress.yml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
  tls:
  - hosts:
    - www.zhongjima.net
    secretName: hhzl-ssl
  rules:
  - host: www.zhongjima.net
    http:
      paths:
      - path: /
        backend:
          serviceName: hhzl-svc
          servicePort: 80
  - host: ui2.test.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-svc
          servicePort: 80

11、訪問測試