kubernetes提供了Ingress资源对象，Ingress只需要一个NodePort或者一个LB就可以满足暴露多个Service的需求。

两个核心概念：

 ingress：kubernetes中的一个对象，作用是定义请求如何转发到service的规则
 
 ingress controller：具体实现反向代理及负载均衡的程序，对ingress定义的规则进行解析，根据配置的规则来实现请求转发，实现方式有Nginx, Contour, Haproxy等

Ingress以Nginx实现的工作流程：

1.编写Ingress规则，描述某个域名对应集群中的某个Service

2.Ingress控制器动态感知Ingress服务规则的变化，生成一段对应的Nginx反向代理配置

3.Ingress控制器将生成的Nginx配置写入到一个运行着的Nginx服务中，并动态更新

4.到此为止，其实真正在工作的就是一个Nginx了，内部配置了用户定义的请求转发规则

注意: 镜像地址在国外，镜像将会下载失败。方案：

1.使用代理

2.使用国内镜像地址

minikube start  --vm-driver=none --image-mirror-country=cn --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers

3.拉取国内镜像对应容器再修改其Tag ：

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1 k8s.gcr.io/nginx-ingress-controller:v1.1.1 

1.根据yaml文件创建Pod

访问：https://github.com/kubernetes/ingress-nginx/releases下载与K8S版本对应的ingress-nginx版本，修改资源清单文件中关于镜像的地址信息

2.若使用minikube，则直接使用其提供的ingress插件

minikube addons list # 插件列表

minikube addons enable ingress # 启用ingress插件

# 查看ingress-nginx
[root@administrator docker]# kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-controller-6cfb67d797-ww4qc   1/1     Running     0          5m15s

# 查看service
[root@administrator docker]# kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.103.28.251           80:31315/TCP,443:31438/TCP   4m35s

vim nginx-deployment-service.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
      - name: nginx-name
        image: nginx
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: default
spec:
  selector:
    app: nginx-pod
  clusterIP: None
  type: ClusterIP
  ports:
  - port: 80
    targetPort: 80

# 创建deployment
kubectl create -f nginx-deployment-service.yaml

# 查看Pod
[root@administrator k8s]# kubectl get pods
NAME                                 READY   STATUS    RESTARTS   AGE
nginx-deployment-6c568d58df-76sm4    1/1     Running   0          2m48s
nginx-deployment-6c568d58df-9845j    1/1     Running   0          2m48s
nginx-deployment-6c568d58df-bbz8c    1/1     Running   0          2m48s

# 查看Service
[root@administrator k8s]# kubectl get svc
NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
kubernetes       ClusterIP   10.96.0.1            443/TCP    20m
nginx-service    ClusterIP   None                 80/TCP     2m28s

创建vim ingress-http.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-http
  namespace: default
spec:
  rules:
  - host: nginx.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port: 
              number: 80

# 创建
[root@administrator k8s]# kubectl create -f ingress-http.yaml
ingress.networking.k8s.io/ingress-http created

# 查看
[root@administrator k8s]# kubectl get ing ingress-http
NAME           CLASS   HOSTS        ADDRESS PORTS   AGE
ingress-http   nginx   nginx.com    80      7s

# 查看详情
[root@administrator k8s]# kubectl describe ing ingress-http
Name:             ingress-http
Labels:           
Namespace:        default
Address:
Default backend:  default-http-backend:80 ()
Rules:
  Host        Path  Backends
  ----        ----  --------
  nginx.com
              /   nginx-service:80 (172.17.0.6:80,172.17.0.7:80,172.17.0.8:80)
Annotations:  
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  Sync    19s   nginx-ingress-controller  Scheduled for sync

修改hosts文件进行域名映射

vim /etc/hosts

127.0.0.1 nginx.com

source /etc/hosts

[root@administrator ~]# kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.103.28.251           80:31315/TCP,443:31438/TCP   46m

[root@administrator ~]# curl nginx.com:31315







Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

For online documentation and support please refer to
nginx.org.

Commercial support is available at
nginx.com.

Thank you for using nginx.

HTTPS代理需要使用证书，使用openssl生成证书

req 　　  产生证书签发申请命令
-newkey  生成新私钥
rsa:4096 生成秘钥位数
-nodes   表示私钥不加密
-sha256  使用SHA-2哈希算法
-keyout  将新创建的私钥写入的文件名
-x509 　　签发X.509格式证书命令。X.509是最通用的一种签名证书格式。
-out 	 指定要写入的输出文件名
-subj    指定用户信息
-days    有效期

openssl req -newkey rsa:4096 -nodes -sha256 -keyout ./tls.key -x509 -out ./tls.crt -subj /C=CN/ST=SC/L=SC/O=nginx/CN=CJ -days 365

kubectl create secret tls tls-secret --key=tls.key --cert tls.crt

创建 vim ingress-https.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-https
  namespace: default
spec:
  tls:
    - hosts: 
      - nginx.com
      secretName: tls-secret # 指定秘钥
  rules:
  - host: nginx.com   
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port: 
              number: 80

[root@administrator k8s]# kubectl create -f ingress-https.yaml
ingress.networking.k8s.io/ingress-https created


[root@administrator k8s]# kubectl get ing ingress-https
NAME            CLASS   HOSTS       ADDRESS   PORTS     AGE
ingress-https   nginx   nginx.com             80, 443   8s


[root@administrator k8s]# kubectl describe ing ingress-https
Name:             ingress-https
Labels:           
Namespace:        default
Address:
Default backend:  default-http-backend:80 ()
TLS:
  tls-secret terminates nginx.com
Rules:
  Host        Path  Backends
  ----        ----  --------
  nginx.com
              /   nginx-service:80 (172.17.0.6:80,172.17.0.7:80,172.17.0.8:80)
Annotations:  
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  Sync    14s   nginx-ingress-controller  Scheduled for sync

[root@administrator k8s]# kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.103.28.251           80:31315/TCP,443:31438/TCP   74m
ingress-nginx-controller-admission   ClusterIP   10.99.215.96            443/TCP                      74m


[root@administrator k8s]# curl -k https://nginx.com:31438







Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

For online documentation and support please refer to
nginx.org.

Commercial support is available at
nginx.com.

Thank you for using nginx.