1.使用docker pull nginx-ingress镜像,并确认已下载成功
2.打包镜像并上传至需要部署的masterhe和node主机上(此处省略传输步骤),然后再load镜像。
[root@localhost ~]# docker save nginx/nginx-ingress -o nginx-ingress.tar
3.从github Clone the Ingress Controller repo 并切换到 deployments目录:
$ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v3.0.1
$ cd kubernetes-ingress/deployments
4.配置RBAC
- Create a namespace and a service account for the Ingress Controller:
$ kubectl apply -f common/ns-and-sa.yaml
- Create a cluster role and cluster role binding for the service account:
$ kubectl apply -f rbac/rbac.yaml
- (App Protect only) Create the App Protect role and role binding:
$ kubectl apply -f rbac/ap-rbac.yaml
- (App Protect DoS only) Create the App Protect DoS role and role binding:
$ kubectl apply -f rbac/apdos-rbac.yaml
5.Create common resources
In this section, we create resources common for most of the Ingress Controller installations:
- Create a secret with a TLS certificate and a key for the default server in NGINX:
$ kubectl apply -f common/default-server-secret.yaml
Note: The default server returns the Not Found page with the 404 status code for all requests for domains for which there are no Ingress rules defined. For testing purposes we include a self-signed certificate and key that we generated. However, we recommend that you use your own certificate and key.
- Create a config map for customizing NGINX configuration:
$ kubectl apply -f common/nginx-config.yaml
- Create an IngressClass resource:
$ kubectl apply -f common/ingress-class.yaml
If you would like to set the Ingress Controller as the default one, uncomment the annotation ingressclass.kubernetes.io/is-default-class. With this annotation set to true all the new Ingresses without an ingressClassName field specified will be assigned this IngressClass.
Note: The Ingress Controller will fail to start without an IngressClass resource.
6. Deploy the Ingress Controller
We include two options for deploying the Ingress Controller:
- Deployment. Use a Deployment if you plan to dynamically change the number of Ingress Controller replicas.
- DaemonSet. Use a DaemonSet for deploying the Ingress Controller on every node or a subset of nodes.
Before creating a Deployment or Daemonset resource, make sure to update the command-line arguments of the Ingress Controller container in the corresponding manifest file according to your requirements.
Deploy Arbitrator for NGINX App Protect DoS
If you would like to use the App Protect DoS module, you will need to deploy the Arbitrator.
- Build your own image and push it to your private Docker registry by following the instructions from here.
- Run the Arbitrator by using a Deployment and Service
$ kubectl apply -f deployment/appprotect-dos-arb.yaml
$ kubectl apply -f service/appprotect-dos-arb-svc.yaml
3.1 Run the Ingress Controller
- Use a Deployment. When you run the Ingress Controller by using a Deployment, by default, Kubernetes will create one Ingress Controller pod.For NGINX, run:
$ kubectl apply -f deployment/nginx-ingress.yaml
For NGINX Plus, run:
$ kubectl apply -f deployment/nginx-plus-ingress.yaml
Note: Update the nginx-plus-ingress.yaml with the chosen image from the F5 Container registry; or the container image that you have built.
- Use a DaemonSet: When you run the Ingress Controller by using a DaemonSet, Kubernetes will create an Ingress Controller pod on every node of the cluster.
See also: See the Kubernetes DaemonSet docs to learn how to run the Ingress Controller on a subset of nodes instead of on every node of the cluster.
For NGINX, run:
$ kubectl apply -f daemon-set/nginx-ingress.yaml
For NGINX Plus, run:
$ kubectl apply -f daemon-set/nginx-plus-ingress.yaml
Note: Update the nginx-plus-ingress.yaml with the chosen image from the F5 Container registry; or the container image that you have built.
3.2 Check that the Ingress Controller is Running
Run the following command to make sure that the Ingress Controller pods are running:
$ kubectl get pods --namespace=nginx-ingress
参考文档:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
