网站部署归档

Ingress

理解 ingressController、ingressClass 和 ingressResource 之间的关系

`api.pingcx.cn` 域

yaml

 kind: Ingress
  metadata:
    annotations:
      nginx.ingress.kubernetes.io/rewrite-target: /$2
  spec:
    ingressClassName: nginx
    rules:
    - host: api.pingcx.cn
      http:
        paths:
        - backend:
            service:
              name: todo-api-service
              port:
                number: 80
          path: /v1/t(/|$)(.*)
          pathType: ImplementationSpecific
        - backend:
            service:
              name: website-api-service
              port:
                number: 80
          path: /v1/m(/|$)(.*)
          pathType: ImplementationSpecific

`pingcx.cn` 域

yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-nginx-ingress
spec:
  ingressClassName: nginx
  rules:
    - host: pingcx.cn
      http:
        paths:
          - backend:
              service:
                name: my-nginx
                port:
                  number: 80
            path: /
            pathType: Prefix
          - backend:
              service:
                name: my-nginx
                port:
                  number: 80
            path: /ai
            pathType: Prefix

获取 Ingress Address

=> kubectl get ing
NAME                  CLASS   HOSTS           ADDRESS         PORTS   AGE
my-nginx-ingress      nginx   pingcx.cn       10.254.66.199   80      124d
website-api-ingress   nginx   api.pingcx.cn   10.254.66.199   80      67d

Nginx

`api.pingcx.cn` 域

conf

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name api.pingcx.cn;

        ssl_certificate     /etc/nginx/conf.d/cert/api.pingcx.cn/api.pingcx.cn_bundle.crt;
        ssl_certificate_key /etc/nginx/conf.d/cert/api.pingcx.cn/api.pingcx.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
                proxy_pass http://10.254.66.199:80;  # ingress-nginx
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port 443;
        }
}

server {
        listen 80;
        listen [::]:80;
        server_name api.pingcx.cn;

        return 301 https://$host$request_uri;
}

`www.pingcx.cn` 域

conf

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name pingcx.cn www.pingcx.cn;

        root /var/www/html;
        index index.html;

        ssl_certificate     /etc/nginx/conf.d/cert/pingcx.cn/pingcx.cn_bundle.crt;
        ssl_certificate_key /etc/nginx/conf.d/cert/pingcx.cn/pingcx.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
                proxy_pass http://10.254.66.199:80;  # ingress-nginx
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port 443;
        }
}

server {
        listen 80;
        listen [::]:80;
        server_name pingcx.cn www.pingcx.cn;

        return 301 https://$host$request_uri;
}

Service

页面服务

yaml

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
spec:
  type: ClusterIP
  ports:
    - port: 80
      protocol: TCP
      targetPort: 80
  selector:
    run: my-nginx

todo 服务

yaml

apiVersion: v1
kind: Service
metadata:
  name: todo-api-service
spec:
  ports:
    - port: 80
      protocol: TCP
      targetPort: 8080
  selector:
    app: todo-api
  type: ClusterIP

moment 服务

yaml

apiVersion: v1
kind: Service
metadata:
  name: website-api-service
spec:
  ports:
    - port: 80
      protocol: TCP
      targetPort: 8081
  selector:
    app: website-api
  type: ClusterIP

预览

=> kubectl get svc
NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
...
my-nginx              ClusterIP   10.254.234.8     <none>        80/TCP    124d # 页面服务
todo-api-service      ClusterIP   10.254.116.185   <none>        80/TCP    122d # todo 服务
website-api-service   ClusterIP   10.254.202.203   <none>        80/TCP    67d # moment 服务

Deployments

页面服务

yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      run: my-nginx
  template:
    metadata:
      labels:
        run: my-nginx
    spec:
      containers:
        - image: ccr.ccs.tencentyun.com/lucahimself/vitepress-site-amd64:20250930102944
          imagePullPolicy: IfNotPresent
          name: my-nginx
          ports:
            - containerPort: 80
              protocol: TCP
      imagePullSecrets:
        - name: tencent-registry-secret

todo 服务

yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: todo-api
  name: todo-api-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: todo-api
  template:
    metadata:
      labels:
        app: todo-api
    spec:
      containers:
        - image: ccr.ccs.tencentyun.com/k8sdemo1/todo-api:latest
          imagePullPolicy: Always
          name: todo-api-container
          ports:
            - containerPort: 8080
              protocol: TCP
      imagePullSecrets:
        - name: tencent-registry-secret-2

moment 服务

yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: website-api
  name: website-api-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: website-api
  template:
    metadata:
      labels:
        app: website-api
    spec:
      containers:
        - image: ccr.ccs.tencentyun.com/k8sdemo1/website-api:latest
          imagePullPolicy: Always
          name: website-api-container
          ports:
            - containerPort: 8081
              protocol: TCP
          volumeMounts:
            - mountPath: /app/data
              name: data-volume
      imagePullSecrets:
        - name: tencent-registry-secret-2
      nodeSelector:
        nodetype: leader
      volumes:
        - hostPath:
            path: /root/dev/website-api/data
            type: DirectoryOrCreate
          name: data-volume

预览

=> kubectl get deploy
NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
my-nginx                 1/1     1            1           124d
todo-api-deployment      1/1     1            1           122d
website-api-deployment   1/1     1            1           67d

语言特性比对

_posts

CloudNative

sakila

网站部署归档

Ingress

`api.pingcx.cn` 域

`pingcx.cn` 域

Nginx

`api.pingcx.cn` 域

`www.pingcx.cn` 域

Service

Deployments

网站部署归档 ​

Ingress ​

api.pingcx.cn 域 ​

pingcx.cn 域 ​

Nginx ​

api.pingcx.cn 域 ​

www.pingcx.cn 域 ​

Service ​

Deployments ​

网站部署归档

Ingress

`api.pingcx.cn` 域

`pingcx.cn` 域

Nginx

`api.pingcx.cn` 域

`www.pingcx.cn` 域

Service

Deployments