Deploying and ScalingKubernetes with Rancher
...................45 4.5 Ingress Support ..........................................................................................................48 4.5.1 Ingress Use cases ................... abstraction called a “service,” or with an ingress-type resource. A service masks underlying pods/containers and instead represents them as a single entity. The ingress ©Rancher Labs 2017. All rights Reserved Kubernetes cluster • Rancher-ingress-controller will leverage the existing Kubernetes load balancing functionality within Rancher and convert what’s in the Kubernetes ingress to a load balancer in Rancher0 码力 | 66 页 | 6.10 MB | 1 年前3- Hardening Guide - Rancher v2.3.3+|grep cattle • Ve r i f y t h at t h e r ol e s e x i s t : kubectl get role default-psp-role -n ingress-nginx kubectl get role default-psp-role -n cattle-system kubectl get clusterrole restricted-clusterrole le • Ve r i f y t h e b i n d i n gs ar e s e t c or r e c t l y : kubectl get rolebinding -n ingress-nginx default-psp-rolebinding kubectl get rolebinding -n cattle-system default-psp-rolebinding kubectl apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: default-psp-role namespace: ingress-nginx rules: - apiGroups: - extensions resourceNames: - default-psp resources: - podsecuritypolicies0 码力 | 44 页 | 279.78 KB | 1 年前3
- Rancher Kubernetes Engine 2, VMWare vSAN
.crt Deploy an nginx-ingress controller: For more information, see https://kubernetes.github.io/ingress-nginx/deploy/#bare- metal . Create the nginx-ingress controller as a nodePort service service according to the Ingress nginx documentation: $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/ controller-v0.46.0/deploy/static/provider/baremetal/deploy.yaml Determine redirecting HTTPS to: $ kubectl -n ingress-nginx get svc ingress-nginx-controller The output should be similar to the below: kubectl -n ingress-nginx get svc ingress-nginx-controller NAME 0 码力 | 29 页 | 213.09 KB | 1 年前3 - Rancher Hardening Guide v2.4NetworkPolicy metadata: name: default-allow-all spec: podSelector: {} ingress: - {} egress: - {} policyTypes: - Ingress - Egress Create a bash script file called apply_networkPolicy_to_all_ns Namespace metadata: name: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: default-psp-role namespace: ingress-nginx rules: - apiGroups: authorization.k8s.io/v1 kind: RoleBinding metadata: name: default-psp-rolebinding namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: default-psp-role0 码力 | 22 页 | 197.27 KB | 1 年前3
- Rancher Hardening Guide v2.3.5NetworkPolicy metadata: name: default-allow-all spec: podSelector: {} policyTypes: - Ingress - Egress Create a bash script file called apply_networkPolicy_to_all_ns.sh. Be sure to chmod Namespace metadata: name: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: default-psp-role namespace: ingress-nginx rules: - apiGroups: authorization.k8s.io/v1 kind: RoleBinding metadata: name: default-psp-rolebinding namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: default-psp-role0 码力 | 21 页 | 191.56 KB | 1 年前3
- 企业云原生的探索与落地深圳沙龙-RacherLabs-20-11-14/应用容器化最佳实践Dockerfile编写 • Docker Build构建 • …… • Deployment • DaemonSet • ConfigMap • Secret • Service • Ingress • …… • 功能测试 • 性能测试 • 升级回滚 • …… © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential Confidential 通过Ingress对外发布应用 通常情况下,Service和Pod仅可在集群内部网络中通过IP地址访问。 Ingress是对集群中服务的外部访问进行管理的API对 象,典型的访问方式是HTTP和HTTPS。Ingress功能实现依赖于Ingress Controller控制器,社区有非常多不同的Ingress Controller实现,比较常用的有Ingress Nginx Controller。 Controller。 注:除了通过Ingress方式进行服务对外发布以外,Service还提供了NodePort、LoadBalance两种服务类型,针对不同的 应用场景可以选择最适合的方案。 © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 应用发布策略 • 滚动发布:逐个替换,直到所有实例都被替换完成 •0 码力 | 28 页 | 3.47 MB | 1 年前3
- Cloud Native Contrail Networking
Installation and Life Cycle ManagementGuide for Rancher RKE2
17h 172.16.0.11 rke2-s1
kube-system helm-install-rke2-ingress-nginx-jghfq 0/1 Completed 11 17h 10.42.0.6 rke2-s1 kube-system rke2-ingress-nginx-controller-6sk9w 1/1 Running 0 11h 10.42.0.9 rke2-s1 kube-system rke2-ingress-nginx-controller-ng4hg 0 11h 10.42.2.3 rke2-a2 kube-system rke2-ingress-nginx-controller-rrrts 1/1 Running 0 11h 10.42.1.0 0 码力 | 72 页 | 1.01 MB | 1 年前3 - Rancher Hardening Guide Rancher v2.1.xdefault-psp-role -n ingress-nginx kubectl get role default-psp-role -n cattle-system kubectl get clusterrole psp:restricted Verify the bindings are set correctly: kubectl get rolebinding -n ingress-nginx de rbac.authorization.k8s.io/v1 kind: Role metadata: name: default-psp-role namespace: ingress-nginx rules: - apiGroups: - extensions resourceNames: - default-psp resources: authorization.k8s.io/v1 kind: RoleBinding metadata: name: default-psp-rolebinding namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: default-psp-role0 码力 | 24 页 | 336.27 KB | 1 年前3
- Rancher CIS Kubernetes v.1.4.0 Benchmark Self
Assessmentcan interact poorly with certain Pod Security Policies Several system services (such as nginx-ingress ) utilize SecurityContext to switch users and assign capabilities. These exceptions to the general default-psp : assigned to namespaces that require additional privileged access: kube- system , ingress-nginx and cattle-system . restricted : This is the cluster default PSP and follows the best practices0 码力 | 47 页 | 302.56 KB | 1 年前3
- Rancher 用户手册 v1.0可选择已有的命名空间或者填写并创建新的命名空间 Page 17 端口映射 设置容器访问方式: 该步骤用于设置应用对外部暴露的访问方式,对于 HTTP 这类 L7 的应用建议使用 Ingress 方式,对于需要直接暴露端口的应用如 Database 等这类 L4 的应用,建议使用 HostPort 模 式。填写容器端口并选择传输协议,如果需要固定对应的宿主机端口,则手动配置主机监听 端口。0 码力 | 35 页 | 6.47 MB | 1 年前3
共 11 条
- 1
- 2