rootsongjc
/
kubernetes-handbook
mirror of https://github.com/rootsongjc/kubernetes-handbook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

使用Helm安装Nginx ingress

pull/62/head
Jimmy Song 2017-10-27 19:10:06 +08:00
parent ca4c82cfbb
commit cff2bb1c8c
24 changed files with 1425 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SUMMARY.md
View File

@ -70,6 +70,7 @@
- [4.2.2 分布式负载测试](practice/distributed-load-test.md)
- [4.2.3 网络和集群性能测试](practice/network-and-cluster-perfermance-test.md)
- [4.2.4 边缘节点配置](practice/edge-node-configuration.md)
- [4.2.5 使用Helm安装Nginx ingress](practice/nginx-ingress-installation.md)
- [4.3 运维管理](practice/operation.md)
- [4.3.1 服务滚动升级](practice/service-rolling-update.md)
- [4.3.2 应用日志收集](practice/app-log-collection.md)
@ -105,6 +106,7 @@
- [5.2.1 Spark standalone on Kubernetes](usecases/spark-standalone-on-kubernetes.md)
- [5.2.2 运行支持kubernetes原生调度的Spark程序](usecases/running-spark-with-kubernetes-native-scheduler.md)
- [5.3 Serverless架构](usecases/serverless.md)
- [5.4 边缘计算](usecases/edge-computing.md)
- [6. 开发指南](develop/index.md)
- [6.1 开发环境搭建](develop/developing-environment.md)
- [6.2 单元测试和集成测试](develop/testing.md)

18
manifests/nginx-ingress/Chart.yaml 100755
View File

@ -0,0 +1,18 @@
appVersion: 0.9.0-beta.15
description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
engine: gotpl
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
keywords:
- ingress
- nginx
maintainers:
- email: jack.zampolin@gmail.com
name: jackzampolin
- email: mgoodness@gmail.com
name: mgoodness
- email: chance.zibolski@coreos.com
name: chancez
name: nginx-ingress
sources:
- https://github.com/kubernetes/ingress-nginx
version: 0.8.9

133
manifests/nginx-ingress/README.md 100755
View File

@ -0,0 +1,133 @@
# nginx-ingress
[nginx-ingress](https://github.com/kubernetes/ingress/tree/master/controllers/nginx) is an Ingress controller that uses ConfigMap to store the nginx configuration.
To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
## TL;DR;
```console
$ helm install stable/nginx-ingress
```
## Introduction
This chart bootstraps an nginx-ingress deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.4+ with Beta APIs enabled
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm install --name my-release stable/nginx-ingress
```
The command deploys nginx-ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following tables lists the configurable parameters of the nginx-ingress chart and their default values.
Parameter | Description | Default
--- | --- | ---
`controller.name` | name of the controller component | `controller`
`controller.image.repository` | controller container image repository | `gcr.io/google_containers/nginx-ingress-controller`
`controller.image.tag` | controller container image tag | `0.9.0-beta.15`
`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent`
`controller.config` | nginx ConfigMap entries | none
`controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace | false
`controller.defaultBackendService` | default 404 backend service; required only if `defaultBackend.enabled = false` | `""`
`controller.electionID` | election ID to use for the status update | `ingress-controller-leader`
`controller.ingressClass` | name of the ingress class to route through this controller | `nginx`
`controller.scope.enabled` | limit the scope of the ingress controller | `false` (watch all namespaces)
`controller.scope.namespace` | namespace to watch for ingress | `""` (use the release namespace)
`controller.extraArgs` | Additional controller container arguments | `{}`
`controller.kind` | install as Deployment or DaemonSet | `Deployment`
`controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`controller.nodeSelector` | node labels for pod assignment | `{}`
`controller.podAnnotations` | annotations to be added to pods | `{}`
`controller.replicaCount` | desired number of controller pods | `1`
`controller.resources` | controller pod resource requests & limits | `{}`
`controller.service.annotations` | annotations for controller service | `{}`
`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false`
`controller.publishService.pathOverride` | override of the default publish-service name | `""`
`controller.service.clusterIP` | internal controller cluster service IP | `""`
`controller.service.externalIPs` | controller service external IP addresses | `[]`
`controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`controller.service.targetPorts.http` | Sets the targetPort that maps to the Ingress' port 80 | `80`
`controller.service.targetPorts.https` | Sets the targetPort that maps to the Ingress' port 443 | `443`
`controller.service.type` | type of controller service to create | `LoadBalancer`
`controller.service.nodePorts.http` | If `controller.service.type` is `NodePort` and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 | `""`
`controller.service.nodePorts.https` | If `controller.service.type` is `NodePort` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""`
`controller.stats.enabled` | if true, enable "vts-status" page & Prometheus metrics | `false`
`controller.stats.service.annotations` | annotations for controller stats service | `{}`
`controller.stats.service.clusterIP` | internal controller stats cluster service IP | `""`
`controller.stats.service.externalIPs` | controller service stats external IP addresses | `[]`
`controller.stats.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`controller.stats.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`controller.stats.service.type` | type of controller stats service to create | `ClusterIP`
`defaultBackend.name` | name of the default backend component | `default-backend`
`defaultBackend.image.repository` | default backend container image repository | `gcr.io/google_containers/defaultbackend`
`defaultBackend.image.tag` | default backend container image tag | `1.3`
`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent`
`defaultBackend.extraArgs` | Additional default backend container arguments | `{}`
`defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`defaultBackend.nodeSelector` | node labels for pod assignment | `{}`
`defaultBackend.podAnnotations` | annotations to be added to pods | `{}`
`defaultBackend.replicaCount` | desired number of default backend pods | `1`
`defaultBackend.resources` | default backend pod resource requests & limits | `{}`
`defaultBackend.service.annotations` | annotations for default backend service | `{}`
`defaultBackend.service.clusterIP` | internal default backend cluster service IP | `""`
`defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]`
`defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`defaultBackend.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`defaultBackend.service.type` | type of default backend service to create | `ClusterIP`
`rbac.create` | If true, create & use RBAC resources | `false`
`rbac.serviceAccountName` | ServiceAccount to be used (ignored if rbac.create=true) | `default`
`statsExporter.name` | name of the Prometheus metrics exporter component | `stats-exporter`
`statsExporter.image.repository` | Prometheus metrics exporter container image repository | `sophos/nginx-vts-exporter`
`statsExporter.image.tag` | Prometheus metrics exporter image tag | `v0.6`
`statsExporter.image.pullPolicy` | Prometheus metrics exporter image pull policy | `IfNotPresent`
`statsExporter.endpoint` | path at which Prometheus metrics are exposed | `/metrics`
`statsExporter.extraArgs` | Additional Prometheus metrics exporter container arguments | `{}`
`statsExporter.metricsNamespace` | namespace used for metrics labeling | `nginx`
`statsExporter.statusPage` | URL of "vts-stats" page exposed by controller | `http://localhost:18080/nginx_status/format/json`
`statsExporter.resources` | Prometheus metrics exporter resource requests & limits | `{}`
`statsExporter.service.annotations` | annotations for Prometheus metrics exporter service | `{}`
`statsExporter.service.clusterIP` | cluster IP address to assign to service | `""`
`statsExporter.service.externalIPs` | Prometheus metrics exporter service external IP addresses | `[]`
`statsExporter.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`statsExporter.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`statsExporter.service.servicePort` | Prometheus metrics exporter service port | `9913`
`statsExporter.service.type` | type of Prometheus metrics exporter service to create | `ClusterIP`
`tcp` | TCP service key:value pairs | `{}`
`udp` | UDP service key:value pairs | `{}`
```console
$ helm install stable/nginx-ingress --name my-release \
--set controller.stats.enabled=true
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
$ helm install stable/nginx-ingress --name my-release -f values.yaml
```
> **Tip**: You can use the default [values.yaml](values.yaml)

64
manifests/nginx-ingress/templates/NOTES.txt 100755
View File

@ -0,0 +1,64 @@
The nginx-ingress controller has been installed.
{{- if contains "NodePort" .Values.controller.service.type }}
Get the application URL by running these commands:
{{- if (not (empty .Values.controller.service.nodePorts.http)) }}
export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
{{- else }}
export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ template "controller.fullname" . }})
{{- end }}
{{- if (not (empty .Values.controller.service.nodePorts.https)) }}
export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
{{- else }}
export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ template "controller.fullname" . }})
{{- end }}
export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
{{- else if contains "LoadBalancer" .Values.controller.service.type }}
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ template "controller.fullname" . }}'
{{- else if contains "ClusterIP" .Values.controller.service.type }}
Get the application URL by running these commands:
export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
echo "Visit http://127.0.0.1:8080 to access your application."
{{- end }}
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls

49
manifests/nginx-ingress/templates/_helpers.tpl 100755
View File

@ -0,0 +1,49 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified controller name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "controller.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct the path for the publish-service.
By convention this will simply use the <namesapce>/<controller-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
*/}}
{{- define "controller.publishServicePath" -}}
{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "controller.fullname" .) -}}
{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
{{- print $servicePath | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified default backend name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "defaultBackend.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

69
manifests/nginx-ingress/templates/clusterrole.yaml 100755
View File

@ -0,0 +1,69 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fullname" . }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
- apiGroups:
- ""
resources:
- namespaces
resourceNames:
- "{{ .Values.controller.scope.namespace }}"
verbs:
- get
{{- end }}
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
{{- end -}}

19
manifests/nginx-ingress/templates/clusterrolebinding.yaml 100755
View File

@ -0,0 +1,19 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

15
manifests/nginx-ingress/templates/controller-configmap.yaml 100755
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "controller.fullname" . }}
data:
enable-vts-status: "{{ .Values.controller.stats.enabled }}"
{{- if .Values.controller.config }}
{{ toYaml .Values.controller.config | indent 2 }}
{{- end }}

138
manifests/nginx-ingress/templates/controller-daemonset.yaml 100755
View File

@ -0,0 +1,138 @@
{{- if eq .Values.controller.kind "DaemonSet" }}
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "controller.fullname" . }}
spec:
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/controller-configmap.yaml") . | sha256sum }}
{{- if .Values.controller.podAnnotations }}
{{ toYaml .Values.controller.podAnnotations | indent 8}}
{{- end }}
labels:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
spec:
containers:
- name: {{ template "name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
args:
- /nginx-ingress-controller
- --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }}
{{- if and (contains "0.9" .Values.controller.image.tag) .Values.controller.publishService.enabled }}
- --publish-service={{ template "controller.publishServicePath" . }}
{{- end }}
{{- if (contains "0.9" .Values.controller.image.tag) }}
- --election-id={{ .Values.controller.electionID }}
{{- end }}
{{- if (contains "0.9" .Values.controller.image.tag) }}
- --ingress-class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if (contains "0.9" .Values.controller.image.tag) }}
- --configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }}
{{- else }}
- --nginx-configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }}
{{- end }}
{{- if .Values.tcp }}
- --tcp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
{{- if .Values.controller.stats.enabled }}
- name: stats
containerPort: 18080
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: "{{ $key }}-tcp"
containerPort: {{ $key }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: "{{ $key }}-udp"
containerPort: {{ $key }}
protocol: UDP
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
resources:
{{ toYaml .Values.controller.resources | indent 12 }}
{{- if .Values.controller.stats.enabled }}
- name: {{ template "name" . }}-{{ .Values.statsExporter.name }}
image: "{{ .Values.statsExporter.image.repository }}:{{ .Values.statsExporter.image.tag }}"
imagePullPolicy: "{{ .Values.statsExporter.image.pullPolicy }}"
env:
- name: METRICS_ADDR
value: ":9913"
- name: METRICS_ENDPOINT
value: "{{ .Values.statsExporter.endpoint }}"
- name: METRICS_NS
value: "{{ .Values.statsExporter.metricsNamespace }}"
- name: NGINX_STATUS
value: "{{ .Values.statsExporter.statusPage }}"
ports:
- name: metrics
containerPort: 9913
protocol: TCP
resources:
{{ toYaml .Values.statsExporter.resources | indent 12 }}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{ toYaml .Values.controller.tolerations | indent 8 }}
{{- end }}
serviceAccountName: {{ if .Values.rbac.create }}{{ template "fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
terminationGracePeriodSeconds: 60
{{- end }}

142
manifests/nginx-ingress/templates/controller-deployment.yaml 100755
View File

@ -0,0 +1,142 @@
{{- if eq .Values.controller.kind "Deployment" }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "controller.fullname" . }}
spec:
replicas: {{ .Values.controller.replicaCount }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/controller-configmap.yaml") . | sha256sum }}
{{- if .Values.controller.podAnnotations }}
{{ toYaml .Values.controller.podAnnotations | indent 8}}
{{- end }}
labels:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
{{- end }}
spec:
containers:
- name: {{ template "name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
args:
- /nginx-ingress-controller
- --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }}
{{- if and (contains "0.9" .Values.controller.image.tag) .Values.controller.publishService.enabled }}
- --publish-service={{ template "controller.publishServicePath" . }}
{{- end }}
{{- if (contains "0.9" .Values.controller.image.tag) }}
- --election-id={{ .Values.controller.electionID }}
{{- end }}
{{- if (contains "0.9" .Values.controller.image.tag) }}
- --ingress-class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if (contains "0.9" .Values.controller.image.tag) }}
- --configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }}
{{- else }}
- --nginx-configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }}
{{- end }}
{{- if .Values.tcp }}
- --tcp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
{{- if .Values.controller.stats.enabled }}
- name: stats
containerPort: 18080
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: "{{ $key }}-tcp"
containerPort: {{ $key }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: "{{ $key }}-udp"
containerPort: {{ $key }}
protocol: UDP
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
resources:
{{ toYaml .Values.controller.resources | indent 12 }}
{{- if .Values.controller.stats.enabled }}
- name: {{ template "name" . }}-{{ .Values.statsExporter.name }}
image: "{{ .Values.statsExporter.image.repository }}:{{ .Values.statsExporter.image.tag }}"
imagePullPolicy: "{{ .Values.statsExporter.image.pullPolicy }}"
env:
- name: METRICS_ADDR
value: ":9913"
- name: METRICS_ENDPOINT
value: "{{ .Values.statsExporter.endpoint }}"
- name: METRICS_NS
value: "{{ .Values.statsExporter.metricsNamespace }}"
- name: NGINX_STATUS
value: "{{ .Values.statsExporter.statusPage }}"
ports:
- name: metrics
containerPort: 9913
protocol: TCP
resources:
{{ toYaml .Values.statsExporter.resources | indent 12 }}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{ toYaml .Values.controller.tolerations | indent 8 }}
{{- end }}
serviceAccountName: {{ if .Values.rbac.create }}{{ template "fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
terminationGracePeriodSeconds: 60
{{- end }}

38
manifests/nginx-ingress/templates/controller-metrics-service.yaml 100755
View File

@ -0,0 +1,38 @@
{{- if .Values.controller.stats.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.statsExporter.service.annotations }}
annotations:
{{ toYaml .Values.statsExporter.service.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "controller.fullname" . }}-metrics
spec:
clusterIP: "{{ .Values.statsExporter.service.clusterIP }}"
{{- if .Values.statsExporter.service.externalIPs }}
externalIPs:
{{ toYaml .Values.statsExporter.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.statsExporter.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.statsExporter.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.statsExporter.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.statsExporter.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- name: metrics
port: {{ .Values.statsExporter.service.servicePort }}
targetPort: 9913
selector:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.statsExporter.service.type }}"
{{- end }}

65
manifests/nginx-ingress/templates/controller-service.yaml 100755
View File

@ -0,0 +1,65 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.service.annotations }}
annotations:
{{ toYaml .Values.controller.service.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "controller.fullname" . }}
spec:
clusterIP: "{{ .Values.controller.service.clusterIP }}"
{{- if .Values.controller.service.externalIPs }}
externalIPs:
{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.controller.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.controller.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- if and (ge .Capabilities.KubeVersion.Minor "7") (.Values.controller.service.externalTrafficPolicy) }}
externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}"
{{- end }}
{{- if and (ge .Capabilities.KubeVersion.Minor "7") (.Values.controller.service.healthCheckNodePort) }}
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
{{- end }}
ports:
- name: http
port: 80
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.http))) }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
- name: https
port: 443
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.https))) }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- range $key, $value := .Values.tcp }}
- name: "{{ $key }}-tcp"
port: {{ $key }}
protocol: TCP
targetPort: {{ $key }}
{{- end }}
{{- range $key, $value := .Values.udp }}
- name: "{{ $key }}-udp"
port: {{ $key }}
protocol: UDP
targetPort: {{ $key }}
{{- end }}
selector:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.controller.service.type }}"

38
manifests/nginx-ingress/templates/controller-stats-service.yaml 100755
View File

@ -0,0 +1,38 @@
{{- if .Values.controller.stats.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.stats.service.annotations }}
annotations:
{{ toYaml .Values.controller.stats.service.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "controller.fullname" . }}-stats
spec:
clusterIP: "{{ .Values.controller.stats.service.clusterIP }}"
{{- if .Values.controller.stats.service.externalIPs }}
externalIPs:
{{ toYaml .Values.controller.stats.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.controller.stats.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.controller.stats.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.controller.stats.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.stats.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- name: stats
port: {{ .Values.controller.stats.service.servicePort }}
targetPort: 18080
selector:
app: {{ template "name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.controller.stats.service.type }}"
{{- end }}

61
manifests/nginx-ingress/templates/default-backend-deployment.yaml 100755
View File

@ -0,0 +1,61 @@
{{- if .Values.defaultBackend.enabled }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "defaultBackend.fullname" . }}
spec:
replicas: {{ .Values.defaultBackend.replicaCount }}
template:
metadata:
{{- if .Values.defaultBackend.podAnnotations }}
annotations:
{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
{{- end }}
labels:
app: {{ template "name" . }}
component: "{{ .Values.defaultBackend.name }}"
release: {{ .Release.Name }}
{{- if .Values.defaultBackend.podLabels }}
{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
{{- end }}
spec:
containers:
- name: {{ template "name" . }}-{{ .Values.defaultBackend.name }}
image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
args:
{{- range $key, $value := .Values.defaultBackend.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
protocol: TCP
resources:
{{ toYaml .Values.defaultBackend.resources | indent 12 }}
{{- if .Values.defaultBackend.nodeSelector }}
nodeSelector:
{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.defaultBackend.tolerations }}
tolerations:
{{ toYaml .Values.defaultBackend.tolerations | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: 60
{{- end }}

37
manifests/nginx-ingress/templates/default-backend-service.yaml 100755
View File

@ -0,0 +1,37 @@
{{- if .Values.defaultBackend.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.defaultBackend.service.annotations }}
annotations:
{{ toYaml .Values.defaultBackend.service.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "defaultBackend.fullname" . }}
spec:
clusterIP: "{{ .Values.defaultBackend.service.clusterIP }}"
{{- if .Values.defaultBackend.service.externalIPs }}
externalIPs:
{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.defaultBackend.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- port: {{ .Values.defaultBackend.service.servicePort }}
targetPort: 8080
selector:
app: {{ template "name" . }}
component: "{{ .Values.defaultBackend.name }}"
release: {{ .Release.Name }}
type: "{{ .Values.defaultBackend.service.type }}"
{{- end }}

44
manifests/nginx-ingress/templates/role.yaml 100755
View File

@ -0,0 +1,44 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fullname" . }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- namespaces
- pods
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- update
{{- end -}}

19
manifests/nginx-ingress/templates/rolebinding.yaml 100755
View File

@ -0,0 +1,19 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

11
manifests/nginx-ingress/templates/serviceaccount.yaml 100755
View File

@ -0,0 +1,11 @@
{{- if .Values.rbac.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fullname" . }}
{{- end -}}

14
manifests/nginx-ingress/templates/tcp-configmap.yaml 100755
View File

@ -0,0 +1,14 @@
{{- if .Values.tcp }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fullname" . }}-tcp
data:
{{ toYaml .Values.tcp | indent 2 }}
{{- end }}

14
manifests/nginx-ingress/templates/udp-configmap.yaml 100755
View File

@ -0,0 +1,14 @@
{{- if .Values.udp }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "fullname" . }}-udp
data:
{{ toYaml .Values.udp | indent 2 }}
{{- end }}

253
manifests/nginx-ingress/values.yaml 100755
View File

@ -0,0 +1,253 @@
## nginx configuration
## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
##
controller:
name: controller
image:
repository: sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx-ingress-controller
tag: "0.9.0-beta.15"
pullPolicy: IfNotPresent
config: {}
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged
hostNetwork: false
## Required only if defaultBackend.enabled = false
## Must be <namespace>/<service_name>
##
defaultBackendService: ""
## Optionally specify the secret name for default SSL certificate
## Must be <namespace>/<secret_name>
##
defaultSSLCertificate: ""
## Election ID to use for status update
##
electionID: ingress-controller-leader
## Name of the ingress class to route through this controller
##
ingressClass: nginx
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Allows customization of the external service
## the ingress will be bound to via DNS
publishService:
enabled: false
## Allows overriding of the publish service to bind to
## Must be <namespace>/<service_name>
##
pathOverride: ""
## Limit the scope of the controller
##
scope:
enabled: false
namespace: "" # defaults to .Release.Namespace
extraArgs: {}
## DaemonSet or Deployment
##
kind: Deployment
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to controller pods
##
podAnnotations: {}
replicaCount: 1
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
service:
annotations: {}
clusterIP: ""
## List of IP addresses at which the controller services are available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
externalTrafficPolicy: ""
healthCheckNodePort: 0
targetPorts:
http: 80
https: 443
# type: LoadBalancer
type: NodePort
nodePorts:
http: 32080
https: 32443
nodePorts:
http: ""
https: ""
stats:
enabled: false
service:
annotations: {}
clusterIP: ""
## List of IP addresses at which the stats service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 18080
type: ClusterIP
## Default 404 backend
##
defaultBackend:
## If false, controller.defaultBackendService must be provided
##
enabled: true
name: default-backend
image:
repository: sz-pg-oam-docker-hub-001.tendcloud.com/library/defaultbackend
tag: "1.3"
pullPolicy: IfNotPresent
extraArgs: {}
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Node labels for default backend pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to default backend pods
##
podAnnotations: {}
replicaCount: 1
resources: {}
# limits:
# cpu: 10m
# memory: 20Mi
# requests:
# cpu: 10m
# memory: 20Mi
service:
annotations: {}
clusterIP: ""
## List of IP addresses at which the default backend service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 80
type: ClusterIP
## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
rbac:
create: true
serviceAccountName: default
## If controller.stats.enabled = true, Prometheus metrics will be exported
## Ref: https://github.com/hnlq715/nginx-vts-exporter
##
statsExporter:
name: stats-exporter
image:
repository: sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx-vts-exporter
tag: v0.6
pullPolicy: IfNotPresent
endpoint: /metrics
extraArgs: {}
metricsNamespace: nginx
statusPage: http://localhost:18080/nginx_status/format/json
resources: {}
# limits:
# cpu: 10m
# memory: 20Mi
# requests:
# cpu: 10m
# memory: 20Mi
service:
annotations: {}
clusterIP: ""
## List of IP addresses at which the stats-exporter service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 9913
type: ClusterIP
# TCP service key:value pairs
# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
##
tcp: {}
# 8080: "default/example-tcp-svc:9000"
# UDP service key:value pairs
# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
##
udp: {}
# 53: "kube-system/kube-dns:53"

2
practice/helm.md
View File

@ -2,7 +2,7 @@
读完本文后您应该可以自己创建chart并创建自己的私有chart仓库。
Helm是一个kubernetes应用的包管理工具用来管理[charts](https://github.com/kubernetes/charts)——预先配置好的安装包资源有点类似于Ubuntu的APT和CentOS中的yum。
[Helm](http://helm.sh)是一个kubernetes应用的包管理工具用来管理[charts](https://github.com/kubernetes/charts)——预先配置好的安装包资源有点类似于Ubuntu的APT和CentOS中的yum。
Helm chart是用来封装kubernetes原生应用程序的yaml文件可以在你部署应用的时候自定义应用程序的一些metadata便与应用程序的分发。

174
practice/nginx-ingress-installation.md 100644
View File

@ -0,0 +1,174 @@
# 使用Helm安装Nginx ingress
[Nginx ingress](https://github.com/kubernetes/ingress-nginx) 使用ConfigMap来管理Nginx配置nginx是大家熟知的代理和负载均衡软件比起[Traefik](https://traefik.io)来说功能更加强大,我们使用[helm](http://helm.sh)来部署,[chart](https://github.com/kubernetes/charts)保存在私有的仓库中helm安装使用见[使用Helm管理kubernetes应用](../practice/helm.md)。
安装时需要用到的镜像有:
- sophos/nginx-vts-exporter:v0.6
- gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
- gcr.io/google_containers/defaultbackend:1.3
gcr.io中的那个两个镜像我复制了一份到时速云可供大家下载
- index.tenxcloud.com/jimmy/defaultbackend:1.3
- index.tenxcloud.com/jimmy/nginx-ingress-controller:0.9.0-beta.15
Docker hub上的那个镜像可以直接下载所有的安装时需要的配置保存在[../manifests/nginx-ingress](https://github.com/rootsongjc/kubernetes-handbook/blob/master/manifests/nginx-ingress)目录下。
**安装nginx-ingress chart到本地repo中**
修改`values.yaml`配置启用RBAC支持相关配置见[nginx-ingress chart](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress#configuration)。
```bash
helm package .
```
**查看niginx-ingress**
```bash
$ helm search nginx-ingress
NAME VERSION DESCRIPTION
local/nginx-ingress 0.8.9 An nginx Ingress controller that uses ConfigMap...
stable/nginx-ingress 0.8.9 An nginx Ingress controller that uses ConfigMap...
stable/nginx-lego 0.3.0 Chart for nginx-ingress-controller and kube-lego
```
**使用helm部署nginx-ingress**
```bash
$ helm install --name nginx-ingress local/nginx-ingress
NAME: nginx-ingress
LAST DEPLOYED: Fri Oct 27 18:26:58 2017
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> rbac.authorization.k8s.io/v1beta1/Role
NAME KIND
nginx-ingress-nginx-ingress Role.v1beta1.rbac.authorization.k8s.io
==> rbac.authorization.k8s.io/v1beta1/RoleBinding
nginx-ingress-nginx-ingress RoleBinding.v1beta1.rbac.authorization.k8s.io
==> v1/Service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-nginx-ingress-controller 10.254.100.108 <nodes> 80:30484/TCP,443:31053/TCP 1s
nginx-ingress-nginx-ingress-default-backend 10.254.58.156 <none> 80/TCP 1s
==> extensions/v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx-ingress-nginx-ingress-default-backend 1 1 1 0 1s
nginx-ingress-nginx-ingress-controller 1 1 1 0 1s
==> v1/ConfigMap
NAME DATA AGE
nginx-ingress-nginx-ingress-controller 1 1s
==> v1/ServiceAccount
NAME SECRETS AGE
nginx-ingress-nginx-ingress 1 1s
==> rbac.authorization.k8s.io/v1beta1/ClusterRole
NAME KIND
nginx-ingress-nginx-ingress ClusterRole.v1beta1.rbac.authorization.k8s.io
==> rbac.authorization.k8s.io/v1beta1/ClusterRoleBinding
nginx-ingress-nginx-ingress ClusterRoleBinding.v1beta1.rbac.authorization.k8s.io
NOTES:
The nginx-ingress controller has been installed.
Get the application URL by running these commands:
export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller)
export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller)
export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
```
**访问Nginx**
首先获取Nginx的地址从我们使用helm安装nginx-ingress命令的输出中那个可以看到提示根据提示执行可以看到nginx的http和https地址
```bash
export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller)
export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller)
export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
Visit http://172.20.0.113:30484 to access your application via HTTP.
Visit https://172.20.0.113:31053 to access your application via HTTPS.
```
- http地址http://172.20.0.113:30484
- https地址https://172.20.0.113:31053
我们分别在http和https地址上测试一下
- `/healthz`返回200
- `/`返回404错误
```bash
curl -v http://172.20.0.113:30484/healthz
# 返回200
curl -v http://172.20.0.113:30484/
# 返回404
curl -v --insecure http://172.20.0.113:30484/healthz
# 返回200
curl -v --insecure http://172.20.0.113:30484/
# 返回404
```
**删除nginx-ingress**
```bash
helm delete --purge nginx-ingress
```
使用`--purge`参数可以彻底删除release不留下记录否则下一次部署的时候不能使用重名的release。
## 参考
[Ingress-nginx github](https://github.com/kubernetes/ingress-nginx)
[Nginx chart configuration](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress)
[使用Helm管理kubernetes应用](practice/helm.md)

7
usecases/edge-computing.md 100644
View File

@ -0,0 +1,7 @@
# 边缘计算
## 参考
[The Birth of an Edge Orchestrator Cloudify Meets Edge Computing](http://cloudify.co/2017/07/26/birth-of-edge-orchestrator-cloudify.html)
[K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment ](http://events.linuxfoundation.org/sites/events/files/slides/HS-OSSjapan-final.pdf)