前言
Nginx-Proxy-Manager 是一个基于 Web 的 Nginx 服务器管理工具,它允许用户通过浏览器界面轻松地管理和监控 Nginx 服务器。通过 Nginx-Proxy-Manager,可以获得受信任的 SSL 证书,并通过单独的配置、自定义和入侵保护来管理多个代理。用户还可以查看服务器的状态、配置、日志以及流量等信息,还可以对服务器进行一键重启、停止等操作。
1、创建命名空间
kubectl create namespace nginx-proxy-manager
2、创建持久化卷(PV)
# 创建编排文件:nginx-proxy-manager-pv.yml
vim /k8s/nginx-proxy-manager-pv.yml
文件内容如下:
apiVersion: v1
kind: PersistentVolume
metadata:
name: nginx-proxy-manager-pv
spec:
capacity:
storage: 500Mi
accessModes:
- ReadWriteOnce
# 这里就用hostPath,指向所在节点的外部主机的相应目录下,如/k8s-pv/nginx-proxy-manager-pv,如果出现节点漂移,数据会无法读取的哦
# 建议使用云服务器或者nfs
hostPath:
path: /k8s-pv/nginx-proxy-manager-pv
# 部署持久化卷到k8s
kubectl apply -f /k8s/nginx-proxy-manager-pv.yml
3、创建持久卷申明(PVC)
# 创建编排文件:nginx-proxy-manager-pvc.yml
vim /k8s/nginx-proxy-manager-pvc.yml
文件内容如下:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nginx-proxy-manager-pvc
namespace: nginx-proxy-manager
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
# 指向前面创建的PV的名称
volumeName: nginx-proxy-manager-pv
# 部署持久化卷申明到k8s
kubectl apply -f /k8s/nginx-proxy-manager-pvc.yml
4、部署Nginx Proxy Manager
# 创建编排文件:nginx-proxy-manager-deployment.yml
vim /k8s/nginx-proxy-manager-deployment.yml
文件内容如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-proxy-manager
namespace: nginx-proxy-manager
spec:
replicas: 1
selector:
matchLabels:
app: nginx-proxy-manager
template:
metadata:
labels:
app: nginx-proxy-manager
spec:
containers:
- name: nginx-proxy-manager
image: jc21/nginx-proxy-manager:latest
ports:
- containerPort: 80
name: http
- containerPort: 81
name: https
volumeMounts:
- name: data
mountPath: /data
env:
# 这里必须要配置能访问正常的mysql数据库
- name: DB_MYSQL_HOST
value: "192.168.6.1"
- name: DB_MYSQL_PORT
value: "3306"
- name: DB_MYSQL_USER
value: "root"
- name: DB_MYSQL_PASSWORD
value: "cm207893"
- name: DB_MYSQL_NAME
value: "npm"
volumes:
- name: data
persistentVolumeClaim:
# 指向前面创建的pvc
claimName: nginx-proxy-manager-pvc
# 部署nginx proxy manager镜像到k8s
kubectl apply -f /k8s/nginx-proxy-manager-deployment.yml
5、创建Service
# 创建编排文件:nginx-proxy-manager-service.yml
vim /k8s/nginx-proxy-manager-service.yml
文件内容如下:
apiVersion: v1
kind: Service
metadata:
name: nginx-proxy-manager
namespace: nginx-proxy-manager
spec:
selector:
app: nginx-proxy-manager
ports:
- protocol: TCP
port: 80
targetPort: 80
name: http
- protocol: TCP
port: 81
targetPort: 81
name: https
type: LoadBalancer
# 部署service到k8s
kubectl apply -f /k8s/nginx-proxy-manager-service.yml
这里可能会遇到k8s的端口限制而报错:
[root@master ~]# kubectl apply -f /k8s/nginx-proxy-manager-service.yml
The Service “nginx-proxy-manager” is invalid: spec.ports[0].nodePort: Invalid value: 80: provided port is not in the valid range. The range of valid ports is 30000-32767
解决:
(1)、 编辑 kube-apiserver.yaml文件
vim /etc/kubernetes/manifests/kube-apiserver.yaml
(2)、 找到 --service-cluster-ip-range 这一行,在该行下面1行增加以下内容
- --service-node-port-range=1-65535
如图所示:
(3)、重启 kubelet
systemctl daemon-reload
systemctl restart kubelet
6、创建Ingress
# 创建编排文件:nginx-proxy-manager-ingress.yml
vim /k8s/nginx-proxy-manager-ingress.yml
文件内容如下:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-proxy-manager-ingress
namespace: nginx-proxy-manager
spec:
rules:
# 这里配置通配符,表示以.felix666.com的都可以访问
- host: "*.felix666.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-proxy-manager-service
port:
number: 80
# 部署ingress到k8s
kubectl apply -f /k8s/nginx-proxy-manager-ingress.yml
7、测试访问
查看服务端口:
[root@k8s-master k8s]# kubectl get service -n nginx-proxy-manager
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-proxy-manager LoadBalancer 10.97.63.81 <pending> 80:80/TCP,81:81/TCP 17h
将容器内部nginx-proxy-manager服务所在端口81映射到了外部主机(我的是虚拟机:192.168.6.11)的81端口
所以外部访问地址:http://192.168.6.11:81
默认登陆的用户名:admin@example.com 密码:changeme