Ingress-Nginx部署

博主： xinyu_he
发布时间：2025 年 05 月 10 日
65 次浏览
暂无评论
20460字数
分类： kubernetes

### Ingress-Nginx 基本概念与核心功能

> Ingress-Nginx 是 Kubernetes 生态中最流行的 **Ingress Controller** 实现之一，用于管理集群外部到内部服务的 HTTP (S) 流量。它本质上是一个基于 Nginx 的负载均衡器，通过 Kubernetes 的 Ingress 资源进行配置。

#### **1. 基本概念**

##### **1.1 Ingress vs Ingress Controller**

* **Ingress**：Kubernetes 的 API 对象，定义了外部访问集群内服务的规则（如域名、路径、TLS 配置等）。
* **Ingress Controller**：具体实现这些规则的组件（如 Nginx、Traefik、HAProxy 等），负责将流量转发到后端服务。

##### **1.2 Ingress-Nginx 的角色**

* 作为 Kubernetes 集群的 "前门"，接收所有外部 HTTP (S) 流量。
* 根据 Ingress 资源的配置，将请求路由到对应的后端 Service。
* 提供负载均衡、SSL 终止、路径重写、访问控制等功能。

#### **2. 流程逻辑**

##### **2.1 组件交互流程**

```plaintext
客户端请求 → 负载均衡器（如云厂商 LB 或 NodePort） → Ingress-Nginx Pod → 根据 Ingress 规则 → 后端 Service → Pod
```

##### **2.2 关键步骤详解**

1. **部署 Ingress-Nginx**：

* 在集群中部署 Ingress-Nginx Controller（通常作为 DaemonSet 或 Deployment）。
   * 创建 Service（类型为 LoadBalancer 或 NodePort）暴露 Controller。
2. **定义 Ingress 规则**：
   yaml

```yaml
   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: my-ingress
   spec:
     rules:
       - host: example.com
         http:
           paths:
             - path: /api
               pathType: Prefix
               backend:
                 service:
                   name: backend-service
                   port:
                     number: 8080
   ```
3. **规则生效**：

* Ingress-Nginx 监控 Ingress 资源的变化，动态更新 Nginx 配置。
   * 当请求到达时，根据 host 和 path 匹配规则，转发到对应 Service。

#### **3. 使用场景**

##### **3.1 域名路由**

* 将不同域名的请求路由到不同服务：
  yaml

```yaml
  spec:
    rules:
      - host: api.example.com
        http: ...  # 路由到 API 服务
      - host: www.example.com
        http: ...  # 路由到前端服务
  ```

##### **3.2 路径前缀路由**

* 根据 URL 路径将请求分发到不同服务：
  yaml

```yaml
  spec:
    rules:
      - host: example.com
        http:
          paths:
            - path: /api
              backend: { service: { name: api-service } }
            - path: /web
              backend: { service: { name: web-service } }
  ```

##### **3.3 SSL/TLS 终止**

* 在 Ingress 层处理 HTTPS 请求，卸载 SSL 证书管理：
  yaml

```yaml
  spec:
    tls:
      - hosts:
          - example.com
        secretName: tls-secret  # 包含证书和私钥的 Secret
  ```

##### **3.4 负载均衡与流量控制**

* 通过 Ingress-Nginx 实现请求限流、重试策略、加权负载均衡等。

##### **3.5 微服务网关**

* 作为微服务架构的统一入口，处理认证、授权、API 聚合等功能。

#### **4. 优势与最佳实践**

##### **4.1 优势**

* **声明式配置**：通过 Ingress 资源定义规则，无需直接修改 Nginx 配置。
* **动态更新**：配置变更实时生效，无需重启服务。
* **扩展性**：支持丰富的注解（Annotations）扩展功能。

#### 5.Ingress-Nginx部署

##### 5.1部署Ingress-Nginx

> 下面配置内容是已经替换好的（可以直接CV使用），在 K8S 主节点上创建`ingress-deploy.yaml`文件内容，内容如下，然后进行`kubectl apply -f ingress-deploy.yaml` 就可以了！

```shell
[root@k8s-master01 k8s-demo]# cat ingress-deploy.yaml 
apiVersion: v1
kind: Namespace
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - secrets
  - endpoints
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - coordination.k8s.io
  resourceNames:
  - ingress-nginx-leader
  resources:
  - leases
  verbs:
  - get
  - update
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - discovery.k8s.io
  resources:
  - endpointslices
  verbs:
  - list
  - watch
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods
  - secrets
  - namespaces
  verbs:
  - list
  - watch
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - discovery.k8s.io
  resources:
  - endpointslices
  verbs:
  - list
  - watch
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission
rules:
- apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
  - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: v1
data:
  allow-snippet-annotations: "false"
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  externalTrafficPolicy: Local
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - appProtocol: http
    name: http
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
spec:
  ports:
  - appProtocol: https
    name: https-webhook
    port: 443
    targetPort: webhook
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  strategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.9.1
    spec:
      hostNetwork: true  #与宿主机共享网络
      tolerations:       #设置能在master上部署
      - key: node-role.kubernetes.io/master
        operator: Exists
      nodeName: k8s-master01
      containers:
      - args:
        - /nginx-ingress-controller
        - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
        - --election-id=ingress-nginx-leader
        - --controller-class=k8s.io/ingress-nginx
        - --ingress-class=nginx
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
        image: bitnami/nginx-ingress-controller:1.9.1
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - /wait-shutdown
        livenessProbe:
          failureThreshold: 5
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: controller
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
        - containerPort: 8443
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          requests:
            cpu: 100m
            memory: 90Mi
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - ALL
          runAsUser: 101
        volumeMounts:
        - mountPath: /usr/local/certificates/
          name: webhook-cert
          readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
      - name: webhook-cert
        secret:
          secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.9.1
      name: ingress-nginx-admission-create
    spec:
      containers:
      - args:
        - create
        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
        - --namespace=$(POD_NAMESPACE)
        - --secret-name=ingress-nginx-admission
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: dyrnq/kube-webhook-certgen:v20230407
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.9.1
      name: ingress-nginx-admission-patch
    spec:
      containers:
      - args:
        - patch
        - --webhook-name=ingress-nginx-admission
        - --namespace=$(POD_NAMESPACE)
        - --patch-mutating=false
        - --secret-name=ingress-nginx-admission
        - --patch-failure-policy=Fail
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: dyrnq/kube-webhook-certgen:v20230407
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: nginx
spec:
  controller: k8s.io/ingress-nginx
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission
  namespace: ingress-nginx
spec:
  egress:
  - {}
  podSelector:
    matchLabels:
      app.kubernetes.io/component: admission-webhook
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.9.1
  name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: ingress-nginx-controller-admission
      namespace: ingress-nginx
      path: /networking/v1/ingresses
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: validate.nginx.ingress.kubernetes.io
  rules:
  - apiGroups:
    - networking.k8s.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ingresses
  sideEffects: None
```

**注意**：按照上述部署完毕后其实有个问题，我们需要保证`ingress-nginx-controller`部署在 `Master` 节点上，否则无法进行正确的访问，所以还需要修改`Ingress部署配置文件`的一处位置，让其部署在主节点上：

![image.png](http://www.hxy.bj.cn/usr/uploads/2025/05/3746885970.png)

##### 5.2 验证Ingress-Nginx

> 等待一会儿，通过 `kubectl get pods -A` 查看，发现 Ingress-Nginx 成功部署完毕！

```shell
[root@k8s-master01 k8s-demo]# kubectl get pods -A 
NAMESPACE           NAME                                        READY   STATUS      RESTARTS        AGE
ingress-nginx       ingress-nginx-admission-create-rf2f6        0/1     Completed   0               6h6m
ingress-nginx       ingress-nginx-admission-patch-k5nqw         0/1     Completed   1               6h6m
ingress-nginx       ingress-nginx-controller-647479f4f9-jzrjg   1/1     Running     0               6h6m

```

最后修改：2025 年 05 月 10 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱

地址

清鹤烟
出BUG第一时间不应该是甩锅嘛（╯‵□′）╯︵┴─┴
xinyu
是的，刷kpi
挺胸的大黄
大多HR都是来凑数的，哈哈
清鹤烟
我就遇到过好多水货面试官OωO
潜心学习的道士
打商了吗

Ingress-Nginx部署

xinyu_he • 2025 年 05 月 10 日

### Ingress-Nginx 基本概念与核心功能

#### **1. 基本概念**

##### **1.1 Ingress vs Ingress Controller**

##### **1.2 Ingress-Nginx 的角色**

#### **2. 流程逻辑**

##### **2.1 组件交互流程**

```plaintext
客户端请求 → 负载均衡器（如云厂商 LB 或 NodePort） → Ingress-Nginx Pod → 根据 Ingress 规则 → 后端 Service → Pod
```

##### **2.2 关键步骤详解**

1. **部署 Ingress-Nginx**：

* Ingress-Nginx 监控 Ingress 资源的变化，动态更新 Nginx 配置。
   * 当请求到达时，根据 host 和 path 匹配规则，转发到对应 Service。

#### **3. 使用场景**

##### **3.1 域名路由**

* 将不同域名的请求路由到不同服务：
  yaml

```yaml
  spec:
    rules:
      - host: api.example.com
        http: ...  # 路由到 API 服务
      - host: www.example.com
        http: ...  # 路由到前端服务
  ```

##### **3.2 路径前缀路由**

* 根据 URL 路径将请求分发到不同服务：
  yaml

##### **3.3 SSL/TLS 终止**

* 在 Ingress 层处理 HTTPS 请求，卸载 SSL 证书管理：
  yaml

```yaml
  spec:
    tls:
      - hosts:
          - example.com
        secretName: tls-secret  # 包含证书和私钥的 Secret
  ```

##### **3.4 负载均衡与流量控制**

* 通过 Ingress-Nginx 实现请求限流、重试策略、加权负载均衡等。

##### **3.5 微服务网关**

* 作为微服务架构的统一入口，处理认证、授权、API 聚合等功能。

#### **4. 优势与最佳实践**

##### **4.1 优势**

#### 5.Ingress-Nginx部署

##### 5.1部署Ingress-Nginx

![image.png](http://www.hxy.bj.cn/usr/uploads/2025/05/3746885970.png)

##### 5.2 验证Ingress-Nginx

> 等待一会儿，通过 `kubectl get pods -A` 查看，发现 Ingress-Nginx 成功部署完毕！

```

Ingress-Nginx部署

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Kubernetes + Harbor + Ingress 部署 SpringBoot + Vue 前后端分离项目

微服务架构闲聊

如果运维面试遇到水货面试官，怎么办？

k8s pod 不断重启 java OutOfMemoryError

kubernetes-组件架构

MySQL8.0.31集群网络抖动导致PRIMARY节点被T出集群

OpenVPN

兼职记录

Nacos二进制集群部署2.4.0

Jenkins-webhooks自动化CI

Ingress-Nginx部署

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Ingress-Nginx部署

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款