8.3 NGINXコントローラのインストール
NGINXコントローラをインストールするには:
$WORKDIR/kubernetes/helm14c/に移動し、次を含むnginx-ingress-values-override.yamlを作成します:ノート:
次の構成では:- ネームスペース
oudnsのデプロイメント/リリース名として値oud-ds-rsを含むoud-ds-rsがインストールされていると想定しています。別のデプロイメント名またはネームスペース(あるいはその両方)を使用する場合は、適切に変更してください。 - LoadBalancerを使用してイングレスがデプロイされます。NodePortを使用する場合は、構成を適切に変更してください。NGINX構成の詳細は、NGINXイングレス・コントローラに関する項を参照してください。
# Configuration for additional TCP ports to be exposed through Ingress # Format for each port would be like: # <PortNumber>: <Namespace>/<Service> tcp: # Map 1389 TCP port to LBR LDAP service to get requests handled through any available POD/Endpoint serving LDAP Port 1389: oudns/oud-ds-rs-lbr-ldap:ldap # Map 1636 TCP port to LBR LDAP service to get requests handled through any available POD/Endpoint serving LDAPS Port 1636: oudns/oud-ds-rs-lbr-ldap:ldaps controller: admissionWebhooks: enabled: false extraArgs: # The secret referred to by this flag contains the default certificate to be used when accessing the catch-all server. # If this flag is not provided NGINX will use a self-signed certificate. # If the TLS Secret is in different namespace, name can be mentioned as <namespace>/<tlsSecretName> default-ssl-certificate: oudns/oud-ds-rs-tls-cert service: # controller service external IP addresses # externalIPs: # - < External IP Address > # To configure Ingress Controller Service as LoadBalancer type of Service # Based on the Kubernetes configuration, External LoadBalancer would be linked to the Ingress Controller Service type: LoadBalancer # Configuration for NodePort to be used for Ports exposed through Ingress # If NodePorts are not defied/configured, Node Port would be assigend automatically by Kubernetes # These NodePorts are helpful while accessing services directly through Ingress and without having External Load Balancer. nodePorts: # For HTTP Interface exposed through LoadBalancer/Ingress http: 30080 # For HTTPS Interface exposed through LoadBalancer/Ingress https: 30443 tcp: # For LDAP Interface 1389: 31389 # For LDAPS Interface 1636: 31636ノート:
Kubernetes構成用に構成された外部ロード・バランサがない場合は、type: LoadBalancerをtype: NodePortに変更します。- ネームスペース
- NGINXイングレスをインストールおよび構成するには、次のコマンドを発行します:
cd $WORKDIR/kubernetes/helm14c/
説明:helm install --namespace <namespace> \ --values nginx-ingress-values-override.yaml \ lbr-nginx stable/ingress-nginxlbr-nginxは、デプロイメント名ですstable/ingress-nginxは、チャート参照です
cd $WORKDIR/kubernetes/helm14c/
出力は次のようになります:helm install --namespace mynginxns \ --values nginx-ingress-values-override.yaml \ lbr-nginx stable/ingress-nginxNAME: lbr-nginx LAST DEPLOYED: <DATE> NAMESPACE: mynginxns STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The ingress-nginx controller has been installed. It may take a few minutes for the LoadBalancer IP to be available. You can watch the status by running 'kubectl --namespace mynginxns get services -o wide -w lbr-nginx-ingress-nginx-controller' An example Ingress that makes use of the controller: apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx name: example namespace: foo spec: rules: - host: www.example.com http: paths: - backend: serviceName: exampleService servicePort: 80 path: / # This section is only required if TLS is to be enabled for the Ingress tls: - hosts: - www.example.com secretName: example-tls If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: apiVersion: v1 kind: Secret metadata: name: example-tls namespace: foo data: tls.crt: <base64 encoded cert> tls.key: <base64 encoded key> type: kubernetes.io/tls
オプション: nginx-ingressを更新するためのHelm upgradeコマンド
必要に応じて、次のコマンドでnginx-ingressデプロイメントを更新/アップグレードできます。
この例では、特定のポッドのLDAP/LDAPSポートにアクセスするための追加のTCPポートおよびノード・ポートで
ingress-nginx構成が更新されます:
- 次を含む
nginx-ingress-values-override.yamlを作成します:# Configuration for additional TCP ports to be exposed through Ingress # Format for each port would be like: # <PortNumber>: <Namespace>/<Service> tcp: # Map 1389 TCP port to LBR LDAP service to get requests handled through any available POD/Endpoint serving LDAP Port 1389: oudns/oud-ds-rs-lbr-ldap:ldap # Map 1636 TCP port to LBR LDAP service to get requests handled through any available POD/Endpoint serving LDAPS Port 1636: oudns/oud-ds-rs-lbr-ldap:ldaps # Map specific ports for LDAP and LDAPS communication from individual Services/Pods # To redirect requests on 3890 port to oudns/oud-ds-rs-ldap-0:ldap 3890: oudns/oud-ds-rs-ldap-0:ldap # To redirect requests on 6360 port to oudns/oud-ds-rs-ldaps-0:ldap 6360: oudns/oud-ds-rs-ldap-0:ldaps # To redirect requests on 3891 port to oudns/oud-ds-rs-ldap-1:ldap 3891: oudns/oud-ds-rs-ldap-1:ldap # To redirect requests on 6361 port to oudns/oud-ds-rs-ldaps-1:ldap 6361: oudns/oud-ds-rs-ldap-1:ldaps # To redirect requests on 3892 port to oudns/oud-ds-rs-ldap-2:ldap 3892: oudns/oud-ds-rs-ldap-2:ldap # To redirect requests on 6362 port to oudns/oud-ds-rs-ldaps-2:ldap 6362: oudns/oud-ds-rs-ldap-2:ldaps # Map 1444 TCP port to LBR Admin service to get requests handled through any available POD/Endpoint serving Admin LDAPS Port 1444: oudns/oud-ds-rs-lbr-admin:adminldaps # To redirect requests on 4440 port to oudns/oud-ds-rs-0:adminldaps 4440: oudns/oud-ds-rs-0:adminldaps # To redirect requests on 4441 port to oudns/oud-ds-rs-1:adminldaps 4441: oudns/oud-ds-rs-1:adminldaps # To redirect requests on 4442 port to oudns/oud-ds-rs-2:adminldaps 4442: oudns/oud-ds-rs-2:adminldaps controller: admissionWebhooks: enabled: false extraArgs: # The secret referred to by this flag contains the default certificate to be used when accessing the catch-all server. # If this flag is not provided NGINX will use a self-signed certificate. # If the TLS Secret is in different namespace, name can be mentioned as <namespace>/<tlsSecretName> default-ssl-certificate: oudns/oud-ds-rs-tls-cert service: # controller service external IP addresses # externalIPs: # - < External IP Address > # To configure Ingress Controller Service as LoadBalancer type of Service # Based on the Kubernetes configuration, External LoadBalancer would be linked to the Ingress Controller Service type: LoadBalancer # Configuration for NodePort to be used for Ports exposed through Ingress # If NodePorts are not defied/configured, Node Port would be assigend automatically by Kubernetes # These NodePorts are helpful while accessing services directly through Ingress and without having External Load Balancer. nodePorts: # For HTTP Interface exposed through LoadBalancer/Ingress http: 30080 # For HTTPS Interface exposed through LoadBalancer/Ingress https: 30443 tcp: # For LDAP Interface referring to LBR LDAP services serving LDAP port 1389: 31389 # For LDAPS Interface referring to LBR LDAP services serving LDAPS port 1636: 31636 # For LDAP Interface from specific service oud-ds-rs-ldap-0 3890: 30890 # For LDAPS Interface from specific service oud-ds-rs-ldap-0 6360: 30360 # For LDAP Interface from specific service oud-ds-rs-ldap-1 3891: 30891 # For LDAPS Interface from specific service oud-ds-rs-ldap-1 6361: 30361 # For LDAP Interface from specific service oud-ds-rs-ldap-2 3892: 30892 # For LDAPS Interface from specific service oud-ds-rs-ldap-2 6362: 30362 # For LDAPS Interface referring to LBR Admin services serving adminldaps port 1444: 31444 # For Admin LDAPS Interface from specific service oud-ds-rs-0 4440: 30440 # For Admin LDAPS Interface from specific service oud-ds-rs-1 4441: 30441 # For Admin LDAPS Interface from specific service oud-ds-rs-2 4442: 30442 - 次のコマンドを実行して、イングレスをアップグレードします:
説明:helm upgrade --namespace <namespace> \ --values nginx-ingress-values-override.yaml \ lbr-nginx stable/ingress-nginxlbr-nginxは、デプロイメント名ですstable/ingress-nginxは、チャート参照です
helm upgrade --namespace mynginxns \ --values nginx-ingress-values-override.yaml \ lbr-nginx stable/ingress-nginx