其他分享
首页 > 其他分享> > Ingress原理及配置

Ingress原理及配置

作者:互联网

Ingress:
1)创建一个web服务,用deployment资源, 用httpd镜像,然后创建一个service资源与之关联。

[root@master ingress]# vim deploy_1.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: bdqn-ns
  labels:
    name: bdqn-ns

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: httpd-de 
  namespace: bdqn-ns
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: bdqn-ns
    spec:
      containers:
      - name: httpd
        image: httpd

---
apiVersion: v1
kind: Service
metadata:
  name: httpd-svc
  namespace: bdqn-ns
spec:
  type: NodePort
  selector:
    app: bdqn-ns
  ports:
  - name: http-port
    port: 80
    targetPort: 80
    nodePort: 31033
[root@master ingress]# kubectl apply -f deploy_1.yaml

查看一下:

[root@master ingress]# kubectl get svc -n bdqn-ns 
NAME        TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
httpd-svc   NodePort   10.111.146.139   <none>        80:31033/TCP   23m

[root@master ingress]# kubectl get pod -n bdqn-ns
NAME                           READY   STATUS    RESTARTS   AGE
httpd-deploy-966699d76-8j54b   1/1     Running   0          23m
httpd-deploy-966699d76-kqb5k   1/1     Running   0          23m
[root@master ingress]# kubectl get ns
NAME              STATUS   AGE
bdqn-ns           Active   27m

浏览器访问:http://192.168.2.10:31033/

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EQgLdk4V-1582969468499)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222160344695.png)]

2)创建一个web服务,用deployment资源,用tomcat镜像,然后创建一个service资源与之关联。
镜像用: tomcat:8.5.45

[root@master ingress]# vim deploy_2.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: tomcat-deploy
  namespace: bdqn-ns
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: bdqn-tomcat
    spec:
      containers:
      - name: tomcat
        image: tomcat:8.5.45

---
apiVersion: v1
kind: Service
metadata:
  name: tomcat-svc
  namespace: bdqn-ns
spec:
  type: NodePort
  selector:
    app: bdqn-tomcat
  ports:
  - name: tomcat-port
    port: 8080
    targetPort: 8080
    nodePort: 32033
[root@master ingress]# kubectl apply -f deploy_2.yaml

查看一下:

[root@master ingress]# kubectl get svc -n bdqn-ns 
NAME         TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
httpd-svc    NodePort   10.111.146.139   <none>        80:31033/TCP     36m
tomcat-svc   NodePort   10.102.30.132    <none>        8080:32033/TCP   88s
[root@master ingress]# kubectl get pod -n bdqn-ns
NAME                            READY   STATUS    RESTARTS   AGE
httpd-deploy-966699d76-8j54b    1/1     Running   0          37m
httpd-deploy-966699d76-kqb5k    1/1     Running   0          37m
tomcat-deploy-d4996b787-tkcf9   1/1     Running   0          112s
tomcat-deploy-d4996b787-x9grr   1/1     Running   0          112s

浏览器访问:http://192.168.2.10:32033/

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-WKeFQIor-1582969468500)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222161557696.png)]

在k8s集群前边部署一个反向代理服务器,这个服务器代理k8s集群内部的service资源
Ingress:
Ingress controller: 将新加入的Ingress转化为反向代理服务器的配置文件,并使之生效。(动态的感知k8s集群内Ingress资源的变话)
Ingress: 将反向代理服务器的配置抽象成一个Ingress对象,每添加一个新的服务,只需要写一个新的Ingress的yaml文件即可。
HA-proxy,Nginx.

Nginx:反向代理服务器。
需要解决的两个问题:
1.动态的配置服务。
2.减少不必要的端口暴露
基于nginx的ingress controller根据不同的开发公司,又分为两种:
1.k8s社区版:Ingress-nginx.
2.nginx公司自己开发的:nginx-ingress.

k8s社区版:Ingress-nginx

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3VYLYLtf-1582969468500)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162019188.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iObxMTmh-1582969468501)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162049216.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-LV1UKloa-1582969468501)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162109485.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-BVa6I98T-1582969468502)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162345771.png)]

[root@master ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/mandatory.yaml
[root@master ingress]# vim mandatory.yaml		//213行添加
spec:		//下面添加
hostNetwork: true

hostNetwork: true
在deployment资源中,如果添加了此字段,意味着Pod中运行的应用可以直接使用node节点的端口,这样node节点主机所在网络的其他主机,就可以通过访问该端口访问此应用。(类似于docker映射到宿主机的端口。)

[root@master ingress]# docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
[root@master ingress]# kubectl apply -f mandatory.yaml

查看一下:

[root@master ingress]# kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS    RESTARTS   AGE
nginx-ingress-controller-5954d475b6-72kz5   1/1     Running   0          14s

创建svc:

[root@master ingress]# vim mandatory-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    targetPort: 80
  - name: https
    port: 443
    targetPort: 443
  selector:
    app: ingress-nginx
[root@master ingress]# kubectl apply -f mandatory-svc.yaml

简单的理解:原先暴露的service,现在给定一个统一的访问入口。

[root@master ingress]# kubectl get pod -n ingress-nginx 
NAME                                        READY   STATUS    RESTARTS   AGE
nginx-ingress-controller-5954d475b6-72kz5   1/1     Running   0          4m40s
[root@master ingress]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-5954d475b6-72kz5 /bin/sh
/etc/nginx $ ls
fastcgi.conf            mime.types              scgi_params
fastcgi.conf.default    mime.types.default      scgi_params.default
fastcgi_params          modsecurity             template
fastcgi_params.default  modules                 uwsgi_params
geoip                   nginx.conf              uwsgi_params.default
koi-utf                 nginx.conf.default      win-utf
koi-win                 opentracing.json
lua                     owasp-modsecurity-crs

创建Ingress资源

[root@master ingress]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: bdqn-ingress
  namespace: bdqn-ns
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: ingress.bdqn.com
    http:
      paths:
      - path: /
        backend:
          serviceName:  httpd-svc
          servicePort:  80
      - path: /tomcat
        backend:
          serviceName: tomcat-svc
          servicePort: 8080
[root@master ingress]# kubectl apply -f ingress.yaml

查看一下:

[root@master ingress]# kubectl get ingresses. -n bdqn-ns
NAME           HOSTS              ADDRESS         PORTS   AGE
bdqn-ingress   ingress.bdqn.com   10.97.160.233   80      52s
[root@master ingress]# kubectl describe -n bdqn-ns ingresses. bdqn-ingress
//出现这个就显示成功了
Rules:
  Host              Path  Backends
  ----              ----  --------
  ingress.bdqn.com  
                    /         httpd-svc:80 (10.244.1.12:80,10.244.2.15:80)
                    /tomcat   tomcat-svc:8080 (10.244.1.13:8080,10.244.2.16:8080)
[root@master ingress]# kubectl get pod -n ingress-nginx 
NAME                                        READY   STATUS    RESTARTS   AGE
nginx-ingress-controller-5954d475b6-72kz5   1/1     Running   0          12m
[root@master ingress]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-5954d475b6-72kz5 sh
/etc/nginx $ cat nginx.conf
		location ~* "^/" {
			
			set $namespace      "bdqn-ns";
			set $ingress_name   "bdqn-ingress";
			set $service_name   "httpd-svc";
			set $service_port   "80";
			set $location_path  "/";

查看pod所在node节点:

[root@master ingress]# kubectl get pod -n ingress-nginx -o wide
NAME                                        READY   STATUS    RESTARTS   AGE   IP             NODE     NOMINATED NODE   READINESS GATES
nginx-ingress-controller-5954d475b6-72kz5   1/1     Running   0          16m   192.168.2.30   node02   <none>           <none>

去windows主机内hosts添加域名解析:

将192.168.2.30 ingress.bdqn.com添加到C:\Windows\System32\drivers\etc\hosts

浏览器访问http://ingress.bdqn.com/

​ http://ingress.bdqn.com/tomcat

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-8dDjWoE3-1582969468502)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222171318692.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-0BhmvKhr-1582969468503)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222171407564.png)]

[root@master ingress]# kubectl apply -f service-nodeport.yaml 
service/ingress-nginx configured

Service-NodePort:因为ingress-nginx-controller运行在了集群内的其中一个节点,为了保证即使这个
节点宕机,我们对应的域名任然能够正常访问服务,所以我们将ingress-nginx-controller也暴露为一个
图片转存中…(img-8dDjWoE3-1582969468502)]

[外链图片转存中…(img-0BhmvKhr-1582969468503)]

[root@master ingress]# kubectl apply -f service-nodeport.yaml 
service/ingress-nginx configured

Service-NodePort:因为ingress-nginx-controller运行在了集群内的其中一个节点,为了保证即使这个
节点宕机,我们对应的域名任然能够正常访问服务,所以我们将ingress-nginx-controller也暴露为一个
service资源。

a_guai_ 发布了2 篇原创文章 · 获赞 0 · 访问量 21 私信 关注

标签:kubectl,Ingress,配置,ingress,bdqn,nginx,master,原理,root
来源: https://blog.csdn.net/a_guai_/article/details/104578344