kubernetes之ingress安装及遇到的rbac问题

话不多少，直接上创建步骤

一、default-backend

apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: default-http-backend  labels:    k8s-app: default-http-backend  namespace: kube-systemspec:  replicas: 1  template:    metadata:      labels:        k8s-app: default-http-backend    spec:      terminationGracePeriodSeconds: 60      containers:      - name: default-http-backend        # Any image is permissable as long as:        # 1. It serves a 404 page at /        # 2. It serves 200 on a /healthz endpoint        image: registry.cn-beijing.aliyuncs.com/gcrs/defaultbackend:1.0          livenessProbe:          httpGet:            path: /healthz            port: 8080            scheme: HTTP          initialDelaySeconds: 30          timeoutSeconds: 5        ports:        - containerPort: 8080        resources:          limits:            cpu: 10m            memory: 20Mi          requests:            cpu: 10m            memory: 20Mi---apiVersion: v1kind: Servicemetadata:  name: default-http-backend  namespace: kube-system  labels:    k8s-app: default-http-backendspec:  ports:  - port: 80    targetPort: 8080  selector:    k8s-app: default-http-backend

二、ingress-controlerr

apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: nginx-ingress-controller  labels:    k8s-app: nginx-ingress-controller  namespace: kube-systemspec:  replicas: 1  template:    metadata:      labels:        k8s-app: nginx-ingress-controller      annotations:        prometheus.io/port: '10254'        prometheus.io/scrape: 'true'    spec:      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used      # like with kubeadm      hostNetwork: true      serviceAccountName: ingress      terminationGracePeriodSeconds: 60      containers:      - image: registry.cn-hangzhou.aliyuncs.com/souban/nginx-ingress-controller:0.9.0-beta.10          name: nginx-ingress-controller        readinessProbe:          httpGet:            path: /healthz            port: 10254            scheme: HTTP        livenessProbe:          httpGet:            path: /healthz            port: 10254            scheme: HTTP          initialDelaySeconds: 10          timeoutSeconds: 1        ports:        - containerPort: 80          hostPort: 80        - containerPort: 443          hostPort: 443        env:          - name: POD_NAME            valueFrom:              fieldRef:                fieldPath: metadata.name          - name: POD_NAMESPACE            valueFrom:              fieldRef:                fieldPath: metadata.namespace        args:        - /nginx-ingress-controller        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend

三、创建测试应用

1、tea.yaml      apiVersion: v1      kind: Service      metadata:        name: tea-svc        labels:          app: tea      spec:        ports:        - port: 808          targetPort: 80          protocol: TCP          name: http        selector:          app: tea      ---      apiVersion: v1      kind: ReplicationController      metadata:        name: tea-rc      spec:        replicas: 1        template:          metadata:            labels:              app: tea          spec:            containers:            - name: tea              image: nginxdemos/hello              ports:              - containerPort: 802、coffee.yaml    apiVersion: v1    kind: Service    metadata:      name: coffee-svc      labels:        app: coffee    spec:      ports:      - port: 806        targetPort: 80        protocol: TCP        name: http      selector:        app: coffee    ---    apiVersion: v1    kind: ReplicationController    metadata:      name: coffee-rc    spec:      replicas: 1      template:        metadata:          labels:            app: coffee        spec:          containers:          - name: coffee            image: nginxdemos/hello            ports:            - containerPort: 80

四、ingress

apiVersion: extensions/v1beta1kind: Ingressmetadata:  name: test  annotations:    ingress.kubernetes.io/force-ssl-redirect: "false"    ingress.kubernetes.io/ssl-redirect: "false"spec:  rules:  - http:      paths:      - path: /tea        backend:          serviceName: tea-svc          servicePort: 808      - path: /coffee        backend:          serviceName: coffee-svc          servicePort: 806

测试

http://nodeip/teahttp://nodeip/coffee

rbac问题

no service with name kube-system/default-http-backend found: the server does not allow access to the requested resource (get services default-http-backend)此问题为访问apiserver权限问题，请自行创建rabc。

参考

https://github.com/kubernetes/ingress/issues/575https://github.com/kubernetes/ingress/tree/master/examples/deployment/nginxhttps://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example

补充

annotations这个参数也比较重要https://github.com/kubernetes/ingress/blob/master/docs/annotations.md