加大网站和微信号建设发挥宣传平台实效性,专门做品牌折扣的网站,济南网站建设咨询小七,网站建设的标签指的是Ingress
Service对集群外暴露端口两种方式#xff0c;这两种方式都有一定的缺点#xff1a;
NodePort #xff1a;会占用集群集群端口#xff0c;当集群服务变多时#xff0c;缺点明显LoadBalancer#xff1a;每个Service都需要一个LB#xff0c;并且需要k8s之外设备支…Ingress
Service对集群外暴露端口两种方式这两种方式都有一定的缺点
NodePort 会占用集群集群端口当集群服务变多时缺点明显LoadBalancer每个Service都需要一个LB并且需要k8s之外设备支持
基于现状k8s提供了Ingress资源对象,Ingresss只需要一个NodePort或一个LB就能满足多个Service的需求。 可以在Ingress建立规则Ingress Controller通过监听这些配置规则并转化成Nignx反向代理配置对外提供服务。
核心概念
ingressk8s对象作用定义请求如何转发service规则ingress controller具体实现反向代理及负载均衡的程序,对ingress汇总进行解析根据规则实现请求转发
工作原理
编写Ingress规则说明域名对应k8s集群中那个ServiceIngress控制器动态感知Ingress服务规则变化然后生成一段对应Nginx反向代理配置Ingress控制器将生成Nginx配置写入运行的Nginx服务中并动态更新 环境准备
搭建Ingress环境
#创建文件夹
[rootmaster ~]# mkdir ingress-controller
[rootmaster ~]# cd ingress-controller/
#获取资源 需要科学上网也可以github直接下载再上传上去
[rootmaster ingress-controller]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
[rootmaster ingress-controller]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml[rootmaster ingress-controller]# ls
mandatory.yaml service-nodeport.yaml
# 修改mandatory.yaml文件中的仓库
# 修改quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
# 为quay-mirror.qiniu.com/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0#创建ingress-nginx
[rootmaster ingress-controller]# kubectl apply -f ./
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
service/ingress-nginx created#查看Pod
[rootmaster ingress-controller]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-7f74f657bd-rjpgn 1/1 Running 0 81s
#查看Service
[rootmaster ingress-controller]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.109.45.51 none 80:30291/TCP,443:30946/TCP 2m15s准备Service和Pod
创建tomcat-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-deploymentnamespace: dev
spec:replicas: 3selector:matchLabels:app: nginx-podtemplate:metadata:labels:app: nginx-podspec:containers:- name: nginximage: nginx:1.17.1ports:- containerPort: 80---apiVersion: apps/v1
kind: Deployment
metadata:name: tomcat-deploymentnamespace: dev
spec:replicas: 3selector:matchLabels:app: tomcat-podtemplate:metadata:labels:app: tomcat-podspec:containers:- name: tomcatimage: tomcat:8.5-jre10-slimports:- containerPort: 8080---apiVersion: v1
kind: Service
metadata:name: nginx-servicenamespace: dev
spec:selector:app: nginx-podclusterIP: Nonetype: ClusterIPports:- port: 80targetPort: 80---apiVersion: v1
kind: Service
metadata:name: tomcat-servicenamespace: dev
spec:selector:app: tomcat-podclusterIP: Nonetype: ClusterIPports:- port: 8080targetPort: 8080#创建名称空间
[rootmaster tmp]# kubectl create ns dev
namespace/dev created
[rootmaster tmp]# vim tomcat-nginx.yaml
#创建svc和pod
[rootmaster tmp]# kubectl create -f tomcat-nginx.yaml
deployment.apps/nginx-deployment created
deployment.apps/tomcat-deployment created
service/nginx-service created
service/tomcat-service created
[rootmaster tmp]# kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service ClusterIP None none 80/TCP 8s
tomcat-service ClusterIP None none 8080/TCP 8s
HTTP代理
创建ingress-http.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: ingress-httpnamespace: dev
spec:rules:- host: nginx.rkun18.comhttp:paths:- path: /backend:serviceName: nginx-serviceservicePort: 80 - host: tomcat.rkun18.comhttp:paths:- path: /backend:serviceName: tomcat-serviceservicePort: 8080配置两个对应的规则
[rootmaster tmp]# vim ingress-http.yaml
[rootmaster tmp]# kubectl create -f ingress-http.yaml
ingress.extensions/ingress-http created
[rootmaster tmp]# kubectl get ing -n dev
NAME HOSTS ADDRESS PORTS AGE
ingress-http nginx.rkun18.com,tomcat.rkun18.com 80 9s[rootmaster tmp]# kubectl describe ing ingress-http -n dev
Name: ingress-http
Namespace: dev
Address: 10.109.45.51
Default backend: default-http-backend:80 (none)
Rules:Host Path Backends---- ---- --------nginx.rkun18.com/ nginx-service:80 (10.244.1.10:80,10.244.1.9:80,10.244.2.6:80)tomcat.rkun18.com/ tomcat-service:8080 (10.244.1.11:8080,10.244.2.7:8080,10.244.2.8:8080)
Annotations:
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal CREATE 59s nginx-ingress-controller Ingress dev/ingress-httpNormal UPDATE 0s nginx-ingress-controller Ingress dev/ingress-http
由于无法解析地址仅作测试使用我们需要更改主机hosts文件 将你的master主机IP和你设置的域名进行绑定
你的master节点IP nginx.rkun18.com
你的master节点IP tomcat.rkun18.com#查看ingress对外暴露的端口
[rootmaster tmp]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.109.45.51 none 80:30291/TCP,443:30946/TCP 28m
HTTPS代理
创建证书
[rootmaster ~]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj /CCN/STBJ/LBJ/Onginx/CNrkun18.com
Generating a 2048 bit RSA private key
.............
.............................................................................
writing new private key to tls.key
-----
#创建密钥
[rootmaster ~]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt
secret/tls-secret created
[rootmaster ~]#
创建ingress-https.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: ingress-httpsnamespace: dev
spec:tls:- hosts:- nginx.rkun18.com- tomcat.rkun18.comsecretName: tls-secret # 指定秘钥rules:- host: nginx.rkun18.comhttp:paths:- path: /backend:serviceName: nginx-serviceservicePort: 80- host: tomcat.rkun18.comhttp:paths:- path: /backend:serviceName: tomcat-serviceservicePort: 8080[rootmaster tmp]# kubectl create -f ingress-https.yaml
ingress.extensions/ingress-https created
[rootmaster tmp]# kubectl get ing ingress-https -n dev
NAME HOSTS ADDRESS PORTS AGE
ingress-https nginx.rkun18.com,tomcat.rkun18.com 10.109.45.51 80, 443 23s
访问第二个端口30946
[rootmaster tmp]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.109.45.51 none 80:30291/TCP,443:30946/TCP 110m
