helm部署ingress-nginx
19/100
保存草稿
发布文章
sj1163739403
未选择任何文件
ingress-nginx是管理南北向流量很好的一个工具,可以避免在云端频繁对LB进行配置,通过Label也可以实现让ingress-nginx都部署在指定的NodeGroup
一、helm安装ingress-nginx
版本选择,先确认要使用的版本
https://github.com/kubernetes/ingress-nginx
1.1、ingress-nginx vaules文件配置
kind: DaemonSet
NodeSelector:
nginx: "true"
type: NodePort
nodePorts:
http: "30080"
https: "30443"
# 创建了pvc存放日志
extraVolumeMounts:
- name: log-volume
mountPath: /var/log/nginx
# -- Additional volumes to the controller pod.
extraVolumes:
- name: log-volume
persistentVolumeClaim:
claimName: ingress-nginx-pvc
1.2、安装
helm install nginx ingress-nginx/ingress-nginx --namespace ingress-nginx
1.3、给ingress node配置label
NodeSelector:
nginx: "true"
kubectl label node ip-172-28-68-223.ap-southeast-1.compute.internal nginx=true
1.4、获取客户端真实IP
这里配置了forwarded-ip和日志格式
data:
allow-snippet-annotations: "false"
compute-full-forwarded-for: "true"
log-format-upstream: '{"@timestamp":"$time_iso8601","host":"$hostname","server_ip":"$server_addr","client_ip":"$http_x_forwarded_for","xff":"$http_x_forwarded_for","domain":"$host","url":"$uu
ri","referer":"$http_referer","args":"$args","upstreamtime":"$upstream_response_time","responsetime":"$request_time","request_method":"$request_method","status":"$status","size":"$body_bytes_ss
ent","request_length":"$request_length","protocol":"$server_protocol","upstreamhost":"$upstream_addr","file_dir":"$request_filename","http_user_agent":"$http_user_agent"}'
use-forwarded-headers: "true
进入容器后查看access.log
真实的客户端IP存储在http_x_forwarded_for
字段中
{"@timestamp":"2024-09-29T07:25:31+00:00","host":"nginx-ingress-nginx-controller-nz9hq","server_ip":"172.28.2.239","client_ip":"xxxxxxxxx, 172.69.63.211","
配置ingress资源
我从kubernetes1.18直接升级到了1.29 1.30,ingress-nginx的版本也是大变样,语法也有了一定变化
ingressClassName不在是annotions配置,属于spec资源,另外host和path也有变化,有个模板配置以后问题不大
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vault-ui
namespace: vault
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: vault.baga.life
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: vault
port:
number: 8200
三、配置grpc ngress资源
参考文档
https://help.aliyun.com/zh/ack/ack-managed-and-ack-dedicated/user-guide/use-an-ingress-controller-to-access-grpc-services
3.1、下载grpcurl工具
wget https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz
3.2、dp和service配置
grpc-dp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grpc-service
namespace: baga
spec:
replicas: 1
selector:
matchLabels:
run: grpc-service
template:
metadata:
labels:
run: grpc-service
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/acs-sample/grpc-server:latest
imagePullPolicy: Always
name: grpc-service
ports:
- containerPort: 50051
protocol: TCP
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: grpc-service
namespace: baga
spec:
ports:
- port: 50051
protocol: TCP
targetPort: 50051
selector:
run: grpc-service
sessionAffinity: None
type: ClusterIP
3.3、grpc ingress配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grpc-ingress
namespace: baga
annotations:
# 必须指明后端服务为gRPC服务,核心配置
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
ingressClassName: nginx
rules:
- host: baga.baga.life # gRPC服务域名,替换为您的域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
# gRPC服务
name: grpc-service
port:
number: 50051
3.4、请求方法
在 gRPC 中,方法的全路径(也称为方法描述符)通常被表示为 /。所以,这里的方法和路径可以被描述为:
完整路径:helloworld.Greeter/SayHello
内部请求
grpcurl -plaintext -d '{"name": "World"}' 172.28.69.248:50051 helloworld.Greeter/SayHello
公网请求
![!](https://i-blog.csdnimg.cn/direct/f82a52f97e8146709659bd9b98aa8c2a.png)
测试环境需求完成
ingress-nginx是管理南北向流量很好的一个工具,可以避免在云端频繁对LB进行配置,通过Label也可以实现让ingress-nginx都部署在指定的NodeGroup
一、helm安装ingress-nginx
版本选择,先确认要使用的版本
https://github.com/kubernetes/ingress-nginx
1.1、ingress-nginx vaules文件配置
在这里插入图片描述
kind: DaemonSet
NodeSelector:
nginx: “true”
type: NodePort
nodePorts:
http: “30080”
https: “30443”
创建了pvc存放日志
extraVolumeMounts:
- name: log-volume
mountPath: /var/log/nginx
– Additional volumes to the controller pod.
extraVolumes:
- name: log-volume
persistentVolumeClaim:
claimName: ingress-nginx-pvc
1.2、安装
helm install nginx ingress-nginx/ingress-nginx --namespace ingress-nginx
1.3、给ingress node配置label
NodeSelector:
nginx: “true”
kubectl label node ip-172-28-68-223.ap-southeast-1.compute.internal nginx=true
1.4、获取客户端真实IP
这里配置了forwarded-ip和日志格式
data:
allow-snippet-annotations: “false”
compute-full-forwarded-for: “true”
log-format-upstream: ‘{“@timestamp”:“
t
i
m
e
i
s
o
8601
"
,
"
h
o
s
t
"
:
"
time_iso8601","host":"
timeiso8601","host":"hostname”,“server_ip”:“
s
e
r
v
e
r
a
d
d
r
"
,
"
c
l
i
e
n
t
i
p
"
:
"
server_addr","client_ip":"
serveraddr","clientip":"http_x_forwarded_for”,“xff”:“KaTeX parse error: Double subscript at position 7: http_x_̲forwarded_for",…host”,“url”:“
u
u
r
i
"
,
"
r
e
f
e
r
e
r
"
:
"
uu ri","referer":"
uuri","referer":"http_referer”,“args”:“
a
r
g
s
"
,
"
u
p
s
t
r
e
a
m
t
i
m
e
"
:
"
args","upstreamtime":"
args","upstreamtime":"upstream_response_time”,“responsetime”:“
r
e
q
u
e
s
t
t
i
m
e
"
,
"
r
e
q
u
e
s
t
m
e
t
h
o
d
"
:
"
request_time","request_method":"
requesttime","requestmethod":"request_method”,“status”:“
s
t
a
t
u
s
"
,
"
s
i
z
e
"
:
"
status","size":"
status","size":"body_bytes_ss
ent”,“request_length”:“
r
e
q
u
e
s
t
l
e
n
g
t
h
"
,
"
p
r
o
t
o
c
o
l
"
:
"
request_length","protocol":"
requestlength","protocol":"server_protocol”,“upstreamhost”:“
u
p
s
t
r
e
a
m
a
d
d
r
"
,
"
f
i
l
e
d
i
r
"
:
"
upstream_addr","file_dir":"
upstreamaddr","filedir":"request_filename”,“http_user_agent”:“$http_user_agent”}’
use-forwarded-headers: "true
进入容器后查看access.log
真实的客户端IP存储在http_x_forwarded_for字段中
{“@timestamp”:“2024-09-29T07:25:31+00:00”,“host”:“nginx-ingress-nginx-controller-nz9hq”,“server_ip”:“172.28.2.239”,“client_ip”:“xxxxxxxxx, 172.69.63.211”,"
配置ingress资源
我从kubernetes1.18直接升级到了1.29 1.30,ingress-nginx的版本也是大变样,语法也有了一定变化
ingressClassName不在是annotions配置,属于spec资源,另外host和path也有变化,有个模板配置以后问题不大
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vault-ui
namespace: vault
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: vault.baga.life
http:
paths:- pathType: Prefix
path: “/”
backend:
service:
name: vault
port:
number: 8200
三、配置grpc ngress资源
参考文档
https://help.aliyun.com/zh/ack/ack-managed-and-ack-dedicated/user-guide/use-an-ingress-controller-to-access-grpc-services
- pathType: Prefix
3.1、下载grpcurl工具
wget https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz
3.2、dp和service配置
grpc-dp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grpc-service
namespace: baga
spec:
replicas: 1
selector:
matchLabels:
run: grpc-service
template:
metadata:
labels:
run: grpc-service
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/acs-sample/grpc-server:latest
imagePullPolicy: Always
name: grpc-service
ports:
- containerPort: 50051
protocol: TCP
restartPolicy: Always
apiVersion: v1
kind: Service
metadata:
name: grpc-service
namespace: baga
spec:
ports:
- port: 50051
protocol: TCP
targetPort: 50051
selector:
run: grpc-service
sessionAffinity: None
type: ClusterIP
3.3、grpc ingress配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grpc-ingress
namespace: baga
annotations:必须指明后端服务为gRPC服务,核心配置
nginx.ingress.kubernetes.io/backend-protocol: “GRPC”
spec:
ingressClassName: nginx
rules: - host: baga.baga.life # gRPC服务域名,替换为您的域名
http:
paths:- path: /
pathType: Prefix
backend:
service:
# gRPC服务
name: grpc-service
port:
number: 50051
3.4、请求方法
在 gRPC 中,方法的全路径(也称为方法描述符)通常被表示为 /。所以,这里的方法和路径可以被描述为:
完整路径:helloworld.Greeter/SayHello
内部请求
- path: /
grpcurl -plaintext -d ‘{“name”: “World”}’ 172.28.69.248:50051 helloworld.Greeter/SayHello
公网请求
测试环境需求完成
Markdown 3640 字数 175 行数 当前行 6, 当前列 0 文章已保存16:03:06HTML 3380 字数 138 段落