为Kubernetes集群提供反向代理，从集群外部通过标准http端口访问kube-Dashboard等内部应用

安装Ingress Controller

Ingress Controller运行于k8s集群的容器内，既让每台node监听80和443端口，为来自集群外部的请求提供反向代理，又能实时监听集群内Ingress配置，自动更新反向代理规则。

部署default http backend

nginx ingress controller要求有一个默认的http服务给它进行测试。
注意替换命令中的image下载路径

cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: default-http-backend  labels:    k8s-app: default-http-backend  namespace: kube-systemspec:  replicas: 1  template:    metadata:      labels:        k8s-app: default-http-backend    spec:      terminationGracePeriodSeconds: 60      containers:      - name: default-http-backend        # Any image is permissable as long as:        # 1. It serves a 404 page at /        # 2. It serves 200 on a /healthz endpoint        image: centos-master:5000/defaultbackend:1.0        livenessProbe:          httpGet:            path: /healthz            port: 8080            scheme: HTTP          initialDelaySeconds: 30          timeoutSeconds: 5        ports:        - containerPort: 8080        resources:          limits:            cpu: 10m            memory: 20Mi          requests:            cpu: 10m            memory: 20Mi---apiVersion: v1kind: Servicemetadata:  name: default-http-backend  namespace: kube-system  labels:    k8s-app: default-http-backendspec:  ports:  - port: 80    targetPort: 8080  selector:    k8s-app: default-http-backendEOF

部署nginx ingress controller

使用DaemonSet让每台node都运行一个反向代理，都开通80和443端口接受集群外的请求。

cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: DaemonSetmetadata:  name: nginx-ingress-controller  labels:    k8s-app: nginx-ingress-controller  namespace: kube-systemspec:  template:    metadata:      labels:        k8s-app: nginx-ingress-controller      annotations:        prometheus.io/port: '10254'        prometheus.io/scrape: 'true'    spec:      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used      # like with kubeadm      # hostNetwork: true      terminationGracePeriodSeconds: 60      containers:      - image: centos-master:5000/nginx-ingress-controller:0.8.3        name: nginx-ingress-controller        readinessProbe:          httpGet:            path: /healthz            port: 10254            scheme: HTTP        livenessProbe:          httpGet:            path: /healthz            port: 10254            scheme: HTTP          initialDelaySeconds: 10          timeoutSeconds: 1        ports:        - containerPort: 80          hostPort: 80        - containerPort: 443          hostPort: 443        env:          - name: POD_NAME            valueFrom:              fieldRef:                fieldPath: metadata.name          - name: POD_NAMESPACE            valueFrom:              fieldRef:                fieldPath: metadata.namespace        args:        - /nginx-ingress-controller        - --default-backend-service=\$(POD_NAMESPACE)/default-http-backendEOF

 
 
 

安装并访问kubernetes dashboard

dashboard让管理员在web页面上查看k8s集群的状态、容器的日志。

部署dashboard

这里通过设置NodePort来监听node的30090端口的配置并不是必要的，因为已有nginx ingress controller提供的反向代理。

cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: kube-dashboard  namespace: kube-system  labels:    k8s-app: kube-dashboard    version: v1.6.0    kubernetes.io/cluster-service: "true"spec:  replicas: 1  template:    metadata:      labels:        k8s-app: kube-dashboard        version: v1.6.0        kubernetes.io/cluster-service: "true"      annotations:        scheduler.alpha.kubernetes.io/critical-pod: ''        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'    spec:      containers:      - name: kube-dashboard        image: centos-master:5000/kubernetes-dashboard-amd64:v1.6.0        resources:          limits:            cpu: 100m            memory: 50Mi          requests:            cpu: 100m            memory: 50Mi        ports:        - containerPort: 9090        livenessProbe:          httpGet:            path: /            port: 9090          initialDelaySeconds: 30          timeoutSeconds: 30---apiVersion: v1kind: Servicemetadata:  name: kube-dashboard  namespace: kube-system  labels:    k8s-app: kube-dashboard    kubernetes.io/cluster-service: "true"spec:  type: NodePort  selector:    k8s-app: kube-dashboard  ports:  - port: 80    targetPort: 9090    nodePort: 30090EOF

配置ingress

ingress目前提供HTTP层的负载均衡配置，可根据HTTP请求里的host+路径，把请求转发给集群内的相应Service。

cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: Ingressmetadata:  name: kube-dashboard-ingress  namespace: kube-systemspec:  rules:    - host: dashboard.wzp.local      http:        paths:          - backend:              serviceName: kube-dashboard              servicePort: 80EOF

在windows机器上访问dashboard网站

在hosts文件里，把上述ingress里指定的域名的IP配置为某台node的IP，即可访问dashboard网站。
在生产环境里，可能就要更新子域名服务器，让其解析子域名到node的IP。