-
-
[原创]学习Kubernetes笔记——暴露站点服务(Ingress)
-
发表于: 2022-12-31 14:50 23527
-
这是我踩坑最多的一个地方 QAQ
Kubernetes 暴露服务的方式目前只有三种:LoadBlancer Service
、NodePort Service
、Ingress
。
可以将 Ingress 配置为服务提供外部可访问的 URL、负载均衡流量、终止 SSL/TLS,以及提供基于名称的虚拟主机等能力。 Ingress 控制器通常负责通过负载均衡器来实现 Ingress,尽管它也可以配置边缘路由器或其他前端来帮助处理流量。
Ingress 不会公开任意端口或协议。将 HTTP 和 HTTPS 以外的服务公开到 Internet 时,通常使用 Service.Type=NodePort
或 Service.Type=LoadBalancer
类型的服务。
下面是一个将所有流量都发送到同一 Service 的简单 Ingress 示例:
要用Ingress,必须安装在K8S中安装Ingress控制器
Ingress 控制器有非常非常多,这里采用的Ingress+Nginx,采用其他控制器可查阅官方文档
Ingress控制器的部署方式也有很多,可查阅NGINX Ingress Controller
接下来踩坑最多的地方来了
有条件的话,推荐执行官方YAML文件
国内需要自己去找镜像,然后替换掉官方文件中的镜像
已修改版,可直接使用
创建deploy.yaml
文件然后执行。输出如下
查看pod,确认pod状态正常
Ingress绑定web-svc,编写规则
执行Ingress,然后查看刚刚添加的 Ingress 的状态:
说明: 入口控制器和负载平衡器可能需要一两分钟才能分配 IP 地址。 在此之前,通常会看到地址字段的值被设定为 <pending>
。
Ingress 控制器启动引导时使用一些适用于所有 Ingress 的负载均衡策略设置,例如负载均衡算法、后端权重方案等。
值得注意的是,尽管健康检查不是通过 Ingress 直接暴露的,在 Kubernetes 中存在并行的概念,比如 就绪检查, 允许实现相同的目的。
要更新现有的 Ingress 以添加新的 Host,可以通过编辑资源来对其进行更新:
这一命令将打开编辑器,允许以 YAML 格式编辑现有配置。 修改它来增加新的主机:
保存更改后,kubectl 将更新 API 服务器中的资源,该资源将告诉 Ingress 控制器重新配置负载均衡器。
kubectl
apply
-
f https:
/
/
raw.githubusercontent.com
/
kubernetes
/
ingress
-
nginx
/
controller
-
v1.
5.1
/
deploy
/
static
/
provider
/
cloud
/
deploy.yaml
kubectl
apply
-
f https:
/
/
raw.githubusercontent.com
/
kubernetes
/
ingress
-
nginx
/
controller
-
v1.
5.1
/
deploy
/
static
/
provider
/
cloud
/
deploy.yaml
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
namespace: ingress
-
nginx
automountServiceAccountToken: true
-
-
-
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
-
controller
namespace: ingress
-
nginx
data:
-
-
-
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: ClusterRole
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
name: ingress
-
nginx
rules:
-
apiGroups:
-
''
resources:
-
configmaps
-
endpoints
-
nodes
-
pods
-
secrets
verbs:
-
list
-
watch
-
apiGroups:
-
''
resources:
-
nodes
verbs:
-
get
-
apiGroups:
-
''
resources:
-
services
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
''
resources:
-
events
verbs:
-
create
-
patch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
/
status
verbs:
-
update
-
apiGroups:
-
networking.k8s.io
resources:
-
ingressclasses
verbs:
-
get
-
list
-
watch
-
-
-
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
name: ingress
-
nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress
-
nginx
subjects:
-
kind: ServiceAccount
name: ingress
-
nginx
namespace: ingress
-
nginx
-
-
-
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: Role
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
namespace: ingress
-
nginx
rules:
-
apiGroups:
-
''
resources:
-
namespaces
verbs:
-
get
-
apiGroups:
-
''
resources:
-
configmaps
-
pods
-
secrets
-
endpoints
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
''
resources:
-
services
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
/
status
verbs:
-
update
-
apiGroups:
-
networking.k8s.io
resources:
-
ingressclasses
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
''
resources:
-
configmaps
resourceNames:
-
ingress
-
controller
-
leader
verbs:
-
get
-
update
-
apiGroups:
-
''
resources:
-
configmaps
verbs:
-
create
-
apiGroups:
-
''
resources:
-
events
verbs:
-
create
-
patch
-
-
-
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: RoleBinding
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
namespace: ingress
-
nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress
-
nginx
subjects:
-
kind: ServiceAccount
name: ingress
-
nginx
namespace: ingress
-
nginx
-
-
-
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
-
controller
-
admission
namespace: ingress
-
nginx
spec:
type
: ClusterIP
ports:
-
name: https
-
webhook
port:
443
targetPort: webhook
appProtocol: https
selector:
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
component: controller
-
-
-
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io
/
exoscale
-
loadbalancer
-
description: NGINX Ingress Controller
load balancer
service.beta.kubernetes.io
/
exoscale
-
loadbalancer
-
name: nginx
-
ingress
-
controller
service.beta.kubernetes.io
/
exoscale
-
loadbalancer
-
service
-
healthcheck
-
interval:
10s
service.beta.kubernetes.io
/
exoscale
-
loadbalancer
-
service
-
healthcheck
-
mode: tcp
service.beta.kubernetes.io
/
exoscale
-
loadbalancer
-
service
-
healthcheck
-
retries:
'1'
service.beta.kubernetes.io
/
exoscale
-
loadbalancer
-
service
-
healthcheck
-
timeout:
3s
service.beta.kubernetes.io
/
exoscale
-
loadbalancer
-
service
-
strategy: source
-
hash
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
-
controller
namespace: ingress
-
nginx
spec:
type
: LoadBalancer
externalTrafficPolicy: Local
ports:
-
name: http
port:
80
protocol: TCP
targetPort: http
appProtocol: http
-
name: https
port:
443
protocol: TCP
targetPort: https
appProtocol: https
selector:
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
component: controller
-
-
-
# Source: ingress-nginx/templates/controller-daemonset.yaml
apiVersion: apps
/
v1
kind: DaemonSet
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
-
controller
namespace: ingress
-
nginx
spec:
selector:
matchLabels:
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
component: controller
revisionHistoryLimit:
10
minReadySeconds:
0
template:
metadata:
labels:
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
component: controller
spec:
hostNetwork: true
dnsPolicy: ClusterFirst
containers:
-
name: controller
image: serenade11
/
ingress
-
nginx
-
controller:v1.
0.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec
:
command:
-
/
wait
-
shutdown
args:
-
/
nginx
-
ingress
-
controller
-
-
-
election
-
id
=
ingress
-
controller
-
leader
-
-
-
controller
-
class
=
k8s.io
/
ingress
-
nginx
-
-
-
configmap
=
$(POD_NAMESPACE)
/
ingress
-
nginx
-
controller
-
-
-
validating
-
webhook
=
:
8443
-
-
-
validating
-
webhook
-
certificate
=
/
usr
/
local
/
certificates
/
cert
-
-
-
validating
-
webhook
-
key
=
/
usr
/
local
/
certificates
/
key
securityContext:
capabilities:
drop:
-
ALL
add:
-
NET_BIND_SERVICE
runAsUser:
101
allowPrivilegeEscalation: true
env:
-
name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
-
name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
-
name: LD_PRELOAD
value:
/
usr
/
local
/
lib
/
libmimalloc.so
livenessProbe:
failureThreshold:
5
httpGet:
path:
/
healthz
port:
10254
scheme: HTTP
initialDelaySeconds:
10
periodSeconds:
10
successThreshold:
1
timeoutSeconds:
1
readinessProbe:
failureThreshold:
3
httpGet:
path:
/
healthz
port:
10254
scheme: HTTP
initialDelaySeconds:
10
periodSeconds:
10
successThreshold:
1
timeoutSeconds:
1
ports:
-
name: http
containerPort:
80
protocol: TCP
-
name: https
containerPort:
443
protocol: TCP
-
name: webhook
containerPort:
8443
protocol: TCP
volumeMounts:
-
name: webhook
-
cert
mountPath:
/
usr
/
local
/
certificates
/
readOnly: true
resources:
requests:
cpu:
100m
memory:
90Mi
nodeSelector:
kubernetes.io
/
os: linux
serviceAccountName: ingress
-
nginx
terminationGracePeriodSeconds:
300
volumes:
-
name: webhook
-
cert
secret:
secretName: ingress
-
nginx
-
admission
-
-
-
# Source: ingress-nginx/templates/controller-ingressclass.yaml
# We don't support namespaced ingressClass yet
# So a ClusterRole and a ClusterRoleBinding is required
apiVersion: networking.k8s.io
/
v1
kind: IngressClass
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: nginx
namespace: ingress
-
nginx
spec:
controller: k8s.io
/
ingress
-
nginx
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
apiVersion: admissionregistration.k8s.io
/
v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
name: ingress
-
nginx
-
admission
webhooks:
-
name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent
rules:
-
apiGroups:
-
networking.k8s.io
apiVersions:
-
v1
operations:
-
CREATE
-
UPDATE
resources:
-
ingresses
failurePolicy: Fail
sideEffects:
None
admissionReviewVersions:
-
v1
clientConfig:
service:
namespace: ingress
-
nginx
name: ingress
-
nginx
-
controller
-
admission
path:
/
networking
/
v1
/
ingresses
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress
-
nginx
-
admission
namespace: ingress
-
nginx
annotations:
helm.sh
/
hook: pre
-
install,pre
-
upgrade,post
-
install,post
-
upgrade
helm.sh
/
hook
-
delete
-
policy: before
-
hook
-
creation,hook
-
succeeded
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: ClusterRole
metadata:
name: ingress
-
nginx
-
admission
annotations:
helm.sh
/
hook: pre
-
install,pre
-
upgrade,post
-
install,post
-
upgrade
helm.sh
/
hook
-
delete
-
policy: before
-
hook
-
creation,hook
-
succeeded
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
rules:
-
apiGroups:
-
admissionregistration.k8s.io
resources:
-
validatingwebhookconfigurations
verbs:
-
get
-
update
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: ClusterRoleBinding
metadata:
name: ingress
-
nginx
-
admission
annotations:
helm.sh
/
hook: pre
-
install,pre
-
upgrade,post
-
install,post
-
upgrade
helm.sh
/
hook
-
delete
-
policy: before
-
hook
-
creation,hook
-
succeeded
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress
-
nginx
-
admission
subjects:
-
kind: ServiceAccount
name: ingress
-
nginx
-
admission
namespace: ingress
-
nginx
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: Role
metadata:
name: ingress
-
nginx
-
admission
namespace: ingress
-
nginx
annotations:
helm.sh
/
hook: pre
-
install,pre
-
upgrade,post
-
install,post
-
upgrade
helm.sh
/
hook
-
delete
-
policy: before
-
hook
-
creation,hook
-
succeeded
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
rules:
-
apiGroups:
-
''
resources:
-
secrets
verbs:
-
get
-
create
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: RoleBinding
metadata:
name: ingress
-
nginx
-
admission
namespace: ingress
-
nginx
annotations:
helm.sh
/
hook: pre
-
install,pre
-
upgrade,post
-
install,post
-
upgrade
helm.sh
/
hook
-
delete
-
policy: before
-
hook
-
creation,hook
-
succeeded
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress
-
nginx
-
admission
subjects:
-
kind: ServiceAccount
name: ingress
-
nginx
-
admission
namespace: ingress
-
nginx
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch
/
v1
kind: Job
metadata:
name: ingress
-
nginx
-
admission
-
create
namespace: ingress
-
nginx
annotations:
helm.sh
/
hook: pre
-
install,pre
-
upgrade
helm.sh
/
hook
-
delete
-
policy: before
-
hook
-
creation,hook
-
succeeded
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
spec:
template:
metadata:
name: ingress
-
nginx
-
admission
-
create
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
spec:
containers:
-
name: create
image: serenade11
/
kube
-
webhook
-
certgen:v1.
0
imagePullPolicy: IfNotPresent
args:
-
create
-
-
-
host
=
ingress
-
nginx
-
controller
-
admission,ingress
-
nginx
-
controller
-
admission.$(POD_NAMESPACE).svc
-
-
-
namespace
=
$(POD_NAMESPACE)
-
-
-
secret
-
name
=
ingress
-
nginx
-
admission
env:
-
name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress
-
nginx
-
admission
nodeSelector:
kubernetes.io
/
os: linux
securityContext:
runAsNonRoot: true
runAsUser:
2000
-
-
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch
/
v1
kind: Job
metadata:
name: ingress
-
nginx
-
admission
-
patch
namespace: ingress
-
nginx
annotations:
helm.sh
/
hook: post
-
install,post
-
upgrade
helm.sh
/
hook
-
delete
-
policy: before
-
hook
-
creation,hook
-
succeeded
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
spec:
template:
metadata:
name: ingress
-
nginx
-
admission
-
patch
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: admission
-
webhook
spec:
containers:
-
name: patch
image: serenade11
/
kube
-
webhook
-
certgen:v1.
0
imagePullPolicy: IfNotPresent
args:
-
patch
-
-
-
webhook
-
name
=
ingress
-
nginx
-
admission
-
-
-
namespace
=
$(POD_NAMESPACE)
-
-
-
patch
-
mutating
=
false
-
-
-
secret
-
name
=
ingress
-
nginx
-
admission
-
-
-
patch
-
failure
-
policy
=
Fail
env:
-
name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress
-
nginx
-
admission
nodeSelector:
kubernetes.io
/
os: linux
securityContext:
runAsNonRoot: true
runAsUser:
2000
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
namespace: ingress
-
nginx
automountServiceAccountToken: true
-
-
-
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
-
controller
namespace: ingress
-
nginx
data:
-
-
-
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: ClusterRole
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
name: ingress
-
nginx
rules:
-
apiGroups:
-
''
resources:
-
configmaps
-
endpoints
-
nodes
-
pods
-
secrets
verbs:
-
list
-
watch
-
apiGroups:
-
''
resources:
-
nodes
verbs:
-
get
-
apiGroups:
-
''
resources:
-
services
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
''
resources:
-
events
verbs:
-
create
-
patch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
/
status
verbs:
-
update
-
apiGroups:
-
networking.k8s.io
resources:
-
ingressclasses
verbs:
-
get
-
list
-
watch
-
-
-
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
name: ingress
-
nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress
-
nginx
subjects:
-
kind: ServiceAccount
name: ingress
-
nginx
namespace: ingress
-
nginx
-
-
-
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: Role
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
namespace: ingress
-
nginx
rules:
-
apiGroups:
-
''
resources:
-
namespaces
verbs:
-
get
-
apiGroups:
-
''
resources:
-
configmaps
-
pods
-
secrets
-
endpoints
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
''
resources:
-
services
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
networking.k8s.io
resources:
-
ingresses
/
status
verbs:
-
update
-
apiGroups:
-
networking.k8s.io
resources:
-
ingressclasses
verbs:
-
get
-
list
-
watch
-
apiGroups:
-
''
resources:
-
configmaps
resourceNames:
-
ingress
-
controller
-
leader
verbs:
-
get
-
update
-
apiGroups:
-
''
resources:
-
configmaps
verbs:
-
create
-
apiGroups:
-
''
resources:
-
events
verbs:
-
create
-
patch
-
-
-
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io
/
v1
kind: RoleBinding
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
app.kubernetes.io
/
instance: ingress
-
nginx
app.kubernetes.io
/
version:
1.0
.
0
app.kubernetes.io
/
managed
-
by: Helm
app.kubernetes.io
/
component: controller
name: ingress
-
nginx
namespace: ingress
-
nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress
-
nginx
subjects:
-
kind: ServiceAccount
name: ingress
-
nginx
namespace: ingress
-
nginx
-
-
-
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
labels:
helm.sh
/
chart: ingress
-
nginx
-
4.0
.
1
app.kubernetes.io
/
name: ingress
-
nginx
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课