我的 EKS 集群中有一个现有的 Nginx 控制器。这是一个群集范围的入口控制器。我想创建另一个Nginx控制器来做一些测试。这也将是一个面向公众的入口控制器。有可能做到吗?我尝试通过创建一个新的命名空间然后在该命名空间下创建新资源来创建它,但它开始记录所有已经存在的入口的日志。知道如何做到这一点吗?
您需要指定注释kubernetes.io/ingress.class: "$INGRESS_CONTROLLER"
例如,在这里你说nginx将负责这个入口
kind: Ingress
metadata:
name: foo
annotations:
kubernetes.io/ingress.class: "nginx"
如果未定义类,则云提供商可能会使用默认入口控制器。 使用多个入口控制器
alb.ingress.kubernetes.io/scheme注释用于决定内部或公共。
入口注释列表
您可以通过将nginx入口映像部署为部署或守护程序集来创建其他入口。下面是此示例的清单。完成此操作后,您应该能够使用 nodeIP 和 nodeport 访问此入口。然后,拥有内部可访问的云负载均衡器并解析为节点 IP 应该可以让您端到端地工作。
或者,您最好在以下示例中创建负载均衡器类型的服务
==> config-map.yml <==
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configuration
==> deployment.yml <==
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
spec:
replicas: 1
selector:
matchLabels:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
spec:
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
args:
- /nginx-ingress-controller
- --configmap=${POD_NAMESPACE}/nginx-configuration
env:
- name: POD_NAM
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
==> service-account.yml <==
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-ingress
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- watch
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers
- virtualserverroutes
verbs:
- list
- watch
- get
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-ingress
subjects:
- kind: ServiceAccount
name: nginx-ingress
namespace: nginx-ingress
roleRef:
kind: ClusterRole
name: nginx-ingress
apiGroup: rbac.authorization.k8s.io
==> service.yml <==
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
spec:
selector:
app: nginx-ingress
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
- port: 443
targetPort: 443
protocol: TCP
name: https