Ingress 部署
- Ngnix 部署(前面文章有部署过在此忽略)
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --target-port=80 --type=NodePort
- Ingress Nginx 部署
首先修改apiserver 启动参数vi /etc/kubernetes/manifests/kube-apiserver.yaml
把- --enable-admission-plugins=NodeRestriction修改为- --enable-admission-plugins=NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook
打开官方部署https://kubernetes.github.io/ingress-nginx/deploy/
下载控制器wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/baremetal/deploy.yaml
第一个编辑 vi deploy.yaml 搜索内容 controller:v1.1.1
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: k8s.gcr.io/ingress-nginx/controller:v1.1.1@sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de
#上面image修改为下面image
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
阿里云镜像登录搜索 https://cr.console.aliyun.com/cn-hangzhou/instances/images
google_containers/nginx-ingress-controller
第二个编辑 vi deploy.yaml 搜索内容 kube-webhook-certgen:v1.1.1
image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
改成
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1
注意:有两个相同的地方都需要修改
k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
第三个编辑 vi deploy.yaml 搜索内容 Deployment
原文
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-4.0.15
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 1.1.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
改成
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-4.0.15
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 1.1.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true #与宿主机共享网络
nodeName: k8smaster #设置只能在k8s-master-1节点运行
tolerations: #设置能容忍master污点
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- name: controller
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
执行安装 kubectl apply -f deploy.yaml
[root@k8smaster ~]# kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
查看ingress命名空间 kubectl get ns
[root@k8smaster ~]# kubectl get ns
NAME STATUS AGE
default Active 3d19h
ingress-nginx Active 2m10s
kube-node-lease Active 3d19h
kube-public Active 3d19h
kube-system Active 3d19h
kubernetes-dashboard Active 12h
查询安装状态kubectl get all -n ingress-nginx
[root@k8smaster ~]# kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-vjg65 0/1 ImagePullBackOff 0 3m41s
pod/ingress-nginx-admission-patch-r4sd4 0/1 ImagePullBackOff 0 3m41s
pod/ingress-nginx-controller-75b798bd89-zzdsk 0/1 ContainerCreating 0 3m42s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.66.23.11 <none> 80:31370/TCP,443:32467/TCP 3m42s
service/ingress-nginx-controller-admission ClusterIP 10.66.10.27 <none> 443/TCP 3m42s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 0/1 1 0 3m42s
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-75b798bd89 1 1 0 3m42s
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 0/1 3m41s 3m41s
job.batch/ingress-nginx-admission-patch 0/1 3m41s 3m41s
错误提示
Error from server (InternalError): error when applying patch:
解决命令:kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
