Ingress原理及配置
作者:互联网
Ingress:
1)创建一个web服务,用deployment资源, 用httpd镜像,然后创建一个service资源与之关联。
[root@master ingress]# vim deploy_1.yaml
apiVersion: v1
kind: Namespace
metadata:
name: bdqn-ns
labels:
name: bdqn-ns
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: httpd-de
namespace: bdqn-ns
spec:
replicas: 2
template:
metadata:
labels:
app: bdqn-ns
spec:
containers:
- name: httpd
image: httpd
---
apiVersion: v1
kind: Service
metadata:
name: httpd-svc
namespace: bdqn-ns
spec:
type: NodePort
selector:
app: bdqn-ns
ports:
- name: http-port
port: 80
targetPort: 80
nodePort: 31033
[root@master ingress]# kubectl apply -f deploy_1.yaml
查看一下:
[root@master ingress]# kubectl get svc -n bdqn-ns
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd-svc NodePort 10.111.146.139 <none> 80:31033/TCP 23m
[root@master ingress]# kubectl get pod -n bdqn-ns
NAME READY STATUS RESTARTS AGE
httpd-deploy-966699d76-8j54b 1/1 Running 0 23m
httpd-deploy-966699d76-kqb5k 1/1 Running 0 23m
[root@master ingress]# kubectl get ns
NAME STATUS AGE
bdqn-ns Active 27m
浏览器访问:http://192.168.2.10:31033/
2)创建一个web服务,用deployment资源,用tomcat镜像,然后创建一个service资源与之关联。
镜像用: tomcat:8.5.45
[root@master ingress]# vim deploy_2.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tomcat-deploy
namespace: bdqn-ns
spec:
replicas: 2
template:
metadata:
labels:
app: bdqn-tomcat
spec:
containers:
- name: tomcat
image: tomcat:8.5.45
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: bdqn-ns
spec:
type: NodePort
selector:
app: bdqn-tomcat
ports:
- name: tomcat-port
port: 8080
targetPort: 8080
nodePort: 32033
[root@master ingress]# kubectl apply -f deploy_2.yaml
查看一下:
[root@master ingress]# kubectl get svc -n bdqn-ns
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd-svc NodePort 10.111.146.139 <none> 80:31033/TCP 36m
tomcat-svc NodePort 10.102.30.132 <none> 8080:32033/TCP 88s
[root@master ingress]# kubectl get pod -n bdqn-ns
NAME READY STATUS RESTARTS AGE
httpd-deploy-966699d76-8j54b 1/1 Running 0 37m
httpd-deploy-966699d76-kqb5k 1/1 Running 0 37m
tomcat-deploy-d4996b787-tkcf9 1/1 Running 0 112s
tomcat-deploy-d4996b787-x9grr 1/1 Running 0 112s
浏览器访问:http://192.168.2.10:32033/
在k8s集群前边部署一个反向代理服务器,这个服务器代理k8s集群内部的service资源
Ingress:
Ingress controller: 将新加入的Ingress转化为反向代理服务器的配置文件,并使之生效。(动态的感知k8s集群内Ingress资源的变话)
Ingress: 将反向代理服务器的配置抽象成一个Ingress对象,每添加一个新的服务,只需要写一个新的Ingress的yaml文件即可。
HA-proxy,Nginx.
Nginx:反向代理服务器。
需要解决的两个问题:
1.动态的配置服务。
2.减少不必要的端口暴露
基于nginx的ingress controller根据不同的开发公司,又分为两种:
1.k8s社区版:Ingress-nginx.
2.nginx公司自己开发的:nginx-ingress.
k8s社区版:Ingress-nginx
[root@master ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/mandatory.yaml
[root@master ingress]# vim mandatory.yaml //213行添加
spec: //下面添加
hostNetwork: true
hostNetwork: true
在deployment资源中,如果添加了此字段,意味着Pod中运行的应用可以直接使用node节点的端口,这样node节点主机所在网络的其他主机,就可以通过访问该端口访问此应用。(类似于docker映射到宿主机的端口。)
[root@master ingress]# docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
[root@master ingress]# kubectl apply -f mandatory.yaml
查看一下:
[root@master ingress]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 14s
创建svc:
[root@master ingress]# vim mandatory-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
app: ingress-nginx
[root@master ingress]# kubectl apply -f mandatory-svc.yaml
简单的理解:原先暴露的service,现在给定一个统一的访问入口。
[root@master ingress]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 4m40s
[root@master ingress]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-5954d475b6-72kz5 /bin/sh
/etc/nginx $ ls
fastcgi.conf mime.types scgi_params
fastcgi.conf.default mime.types.default scgi_params.default
fastcgi_params modsecurity template
fastcgi_params.default modules uwsgi_params
geoip nginx.conf uwsgi_params.default
koi-utf nginx.conf.default win-utf
koi-win opentracing.json
lua owasp-modsecurity-crs
创建Ingress资源
[root@master ingress]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: bdqn-ingress
namespace: bdqn-ns
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: ingress.bdqn.com
http:
paths:
- path: /
backend:
serviceName: httpd-svc
servicePort: 80
- path: /tomcat
backend:
serviceName: tomcat-svc
servicePort: 8080
[root@master ingress]# kubectl apply -f ingress.yaml
查看一下:
[root@master ingress]# kubectl get ingresses. -n bdqn-ns
NAME HOSTS ADDRESS PORTS AGE
bdqn-ingress ingress.bdqn.com 10.97.160.233 80 52s
[root@master ingress]# kubectl describe -n bdqn-ns ingresses. bdqn-ingress
//出现这个就显示成功了
Rules:
Host Path Backends
---- ---- --------
ingress.bdqn.com
/ httpd-svc:80 (10.244.1.12:80,10.244.2.15:80)
/tomcat tomcat-svc:8080 (10.244.1.13:8080,10.244.2.16:8080)
[root@master ingress]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 12m
[root@master ingress]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-5954d475b6-72kz5 sh
/etc/nginx $ cat nginx.conf
location ~* "^/" {
set $namespace "bdqn-ns";
set $ingress_name "bdqn-ingress";
set $service_name "httpd-svc";
set $service_port "80";
set $location_path "/";
查看pod所在node节点:
[root@master ingress]# kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 16m 192.168.2.30 node02 <none> <none>
去windows主机内hosts添加域名解析:
将192.168.2.30 ingress.bdqn.com添加到C:\Windows\System32\drivers\etc\hosts
浏览器访问http://ingress.bdqn.com/
http://ingress.bdqn.com/tomcat
[root@master ingress]# kubectl apply -f service-nodeport.yaml
service/ingress-nginx configured
Service-NodePort:因为ingress-nginx-controller运行在了集群内的其中一个节点,为了保证即使这个
节点宕机,我们对应的域名任然能够正常访问服务,所以我们将ingress-nginx-controller也暴露为一个
图片转存中…(img-8dDjWoE3-1582969468502)]
[外链图片转存中…(img-0BhmvKhr-1582969468503)]
[root@master ingress]# kubectl apply -f service-nodeport.yaml
service/ingress-nginx configured
Service-NodePort:因为ingress-nginx-controller运行在了集群内的其中一个节点,为了保证即使这个
节点宕机,我们对应的域名任然能够正常访问服务,所以我们将ingress-nginx-controller也暴露为一个
service资源。
标签:kubectl,Ingress,配置,ingress,bdqn,nginx,master,原理,root 来源: https://blog.csdn.net/a_guai_/article/details/104578344