k8s学习笔记-Ingress

k8s学习笔记-Ingress

Service对集群之外暴露服务的主要方式有两种：NotePort和LoadBalancer，但是这两种方式，都有一定的缺点：

NodePort方式的缺点是会占用很多集群机器的端口，那么当集群服务变多的时候，这个缺点就愈发明显LB方式的缺点是每个service需要一个LB，浪费、麻烦，并且需要kubernetes之外设备的支持

基于这种现状，kubernetes提供了Ingress资源对象，Ingress只需要一个NodePort或者一个LB就可以满足暴露多个Service的需求。工作机制大致如下图表示：

ingress：k8s中的一个对象，作用是定义请求如何转发到service规则ingress controller,具体实现反向代理以及负载均衡的程序，对ingress的定义规则进行解析，根据配置的规则来实现请求转发，实现方式有很多，比如nginx,contour,Haproxy等等。

Ingress（以Nginx为例）的工作原理如下：

用户编写Ingress规则，说明哪个域名对应kubernetes集群中的哪个ServiceIngress控制器动态感知Ingress服务规则的变化，然后生成一段对应的Nginx反向代理配置Ingress控制器会将生成的Nginx配置写入到一个运行着的Nginx服务中，并动态更新到此为止，其实真正在工作的就是一个Nginx了，内部配置了用户定义的请求转发规则

Ingress使用

搭建ingress环境

# 创建文件夹[root@master ~]# mkdir ingress-controller[root@master ~]# cd ingress-controller/# 获取ingress-nginx，本次案例使用的是0.30版本[root@master ingress-controller]# wget ingress-controller]# wget 修改mandatory.yaml文件中的仓库# 修改quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0# 为suisrc/ingress-nginx:0.30.0# 创建ingress-nginx[root@master ingress-controller]# kubectl apply -f ./# 查看ingress-nginx[root@master ingress-controller]# kubectl get pod -n ingress-nginxNAME READY STATUS RESTARTS AGEpod/nginx-ingress-controller-fbf967dd5-4qpbp 1/1 Running 0 12h# 查看service[root@master ingress-controller]# kubectl get svc -n ingress-nginxNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEingress-nginx NodePort 10.98.75.163 80:32240/TCP,443:31335/TCP 11h

准备service和pod

模型如下

创建tomcat-nginx.yaml

apiVersion: apps/v1kind: Deploymentmetadata: name: nginx-deployment namespace: devspec: replicas: 3 selector: matchLabels: app: nginx-pod template: metadata: labels: app: nginx-pod spec: containers: - name: nginx image: nginx:1.17.1 ports: - containerPort: 80---apiVersion: apps/v1kind: Deploymentmetadata: name: tomcat-deployment namespace: devspec: replicas: 3 selector: matchLabels: app: tomcat-pod template: metadata: labels: app: tomcat-pod spec: containers: - name: tomcat image: tomcat:8.5-jre10-slim ports: - containerPort: 8080---apiVersion: v1kind: Servicemetadata: name: nginx-service namespace: devspec: selector: app: nginx-pod clusterIP: None type: ClusterIP ports: - port: 80 targetPort: 80---apiVersion: v1kind: Servicemetadata: name: tomcat-service namespace: devspec: selector: app: tomcat-pod clusterIP: None type: ClusterIP ports: - port: 8080 targetPort: 8080

# 创建[root@master ~]#kubectl create ns dev[root@master ~]# kubectl create -f tomcat-nginx.yaml# 查看[root@master ~]# kubectl get svc -n devNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEnginx-service ClusterIP None 80/TCP 48stomcat-service ClusterIP None 8080/TCP 48s

HTTP代理

创建ingress-extensions/v1beta1kind: Ingressmetadata: name: ingress- namespace: devspec: rules: - host: nginx.yuanke.com paths: - path: / backend: serviceName: nginx-service servicePort: 80 - host: tomcat.yuanke.com paths: - path: / backend: serviceName: tomcat-service servicePort: 8080

# 创建[root@master ~]# kubectl create -f ingress-created# 查看[root@master ~]# kubectl get ing ingress--n devNAME HOSTS ADDRESS PORTS AGEingress- nginx.yuanke.com,tomcat.yuanke.com 80 22s# 查看详情[root@master ~]# kubectl describe ing ingress- -n devWarning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 IngressName: ingress- devAddress:Default backend: default-()Rules: Host Path Backends ---- ---- -------- nginx.yuanke.com / nginx-service:80 10.100.104.48:80,10.100.166.182:80,10.100.166.188:80) tomcat.yuanke.com / tomcat-service:8080 10.100.104.49:8080,10.100.166.184:8080,10.100.166.189:8080)Annotations: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CREATE 37s nginx-ingress-controller Ingress dev/ingress-生成证书openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=yuanke.com"# 创建密钥kubectl create secret tls tls-secret --key tls.key --cert tls.crt

创建ingress-extensions/v1beta1kind: Ingressmetadata: name: ingress- namespace: devspec: tls: - hosts: - nginx.yuanke.com - tomcat.yuanke.com secretName: tls-secret # 指定秘钥 rules: - host: nginx.yuanke.com paths: - path: / backend: serviceName: nginx-service servicePort: 80 - host: tomcat.yuanke.com paths: - path: / backend: serviceName: tomcat-service servicePort: 8080

# 创建[root@master ~]# kubectl create -f ingress-created# 查看[root@master ~]# kubectl get ing ingress--n devNAME HOSTS ADDRESS PORTS AGEingress- nginx.yuanke.com,tomcat.yuanke.com 10.104.184.38 80, 443 2m42s# 查看详情[root@master ~]# kubectl describe ing ingress--n dev...TLS: tls-secret terminates nginx.yuanke.com,tomcat.yuanke.comRules:Host Path Backends---- ---- --------nginx.yuanke.com / nginx-service:80 (10.244.1.97:80,10.244.1.98:80,10.244.2.119:80)tomcat.yuanke.com / tomcat-service:8080(10.244.1.99:8080,10.244.2.117:8080,10.244.2.120:8080)...# 下面可以通过浏览器访问和 域名尽量配置masterip

验证

https://nginx.yuanke.com:30793/

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。