二进制部署K8s集群第22节addons之安装部署Ingress

二进制部署K8s集群第22节addons之安装部署Ingress

1、说明

对于Kubernetes的service，无论是cluster-ip和nodeport均是四层的负载，集群内的服务如何实现七层的负载均衡，这就需要借助于ingress，ingress控制器实现的方式有很多，比如nginx,contour,haproxy,trafik,lstio。几种常用的ingress功能对比和选型可以参考这里kubernetes.org.cn/5948.html

ingress-nginx是七层的负载均衡器，负责统一管理外部对k8s cluster中的service的请求。主要包含

ingress-nginx-controller：要据用户编写的ingress规则（创建的Ingress的yaml文件），动态的去更改服务的配置文件，并且reload重载使其生效（是自动化的，通过Lua脚本来实现）； ingress资源对像：将Nginx的配置抽像成一个Ingress对像 Ingress是K8S的标准资源类型之一，也是一种核心资源，它其实就是一种基于域名和URL路径，把用户的请求转发至指定Service资源的规则 可以将集群外部的请求流量，转发至集群内部，从而实现“服务暴露” Ingre控制器是能够为Ingress资源监听某套接字，然后根扰Ingress规则匹配机制路由调度流量的一个组件 参考链接：准备traefik镜像

hdss7-200机主机上操作

docker pull traefik:v1.7-alpine docker tag c36f69007d98 harbor.od.com/k8s/traefik:v1.7 docker push harbor.od.com/k8s/traefik:v1.7

5.2 准备traefik资源配置清单目录

清单下载地址：-p /data/k8s-yaml/traefik && cd /data/k8s-yaml/traefik

5.3 准备rbac.yaml文件

cat > /data/k8s-yaml/traefik/rbac.yaml <<'eof' apiVersion: v1 kind: ServiceAccount metadata: name: traefik-ingress-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: traefik-ingress-controller rules: - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount name: traefik-ingress-controller namespace: kube-system eof

5.4 准备daemonset.yaml文件

cat > /data/k8s-yaml/traefik/daemonset.yaml <<'eof' apiVersion: apps/v1 kind: DaemonSet metadata: name: traefik-ingress-controller namespace: kube-system labels: k8s-app: traefik-ingress-lb spec: selector: matchLabels: k8s-app: traefik-ingress-lb template: metadata: labels: k8s-app: traefik-ingress-lb name: traefik-ingress-lb spec: serviceAccountName: traefik-ingress-controller terminationGracePeriodSeconds: 60 containers: - image: harbor.od.com/k8s/traefik:v1.7 name: traefik-ingress-lb ports: - name: http containerPort: 80 hostPort: 81 - name: web-admin containerPort: 8080 hostPort: 8081 securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE args: - --api - --kubernetes - --logLevel=INFO - --insecureskipverify=true - --kubernetes.endpoint=https://10.4.7.10:7443 - --accesslog - --accesslog.filepath=/var/log/traefik_access.log - --traefiklog - --traefiklog.filepath=/var/log/traefik.log - --metrics.prometheus imagePullSecrets: - name: harbor eof

hostPort: 81 为ingress的程序80端口映射到宿主机供提供访问的端口

5.5 安装ingress

kubectl apply -f kubectl apply -f 创建nginx资源清单目录

mkdir /data/k8s-yaml/nginxtest

7 创建ingress.yml

cat > /data/k8s-yaml/nginxtest/ingress.yml <<'eof' apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-web namespace: default annotations: kubernetes.io/ingress.class: traefik spec: rules: - host: nginxtest.od.com http: paths: - path: / backend: serviceName: nginx-test servicePort: 80 eof

主机名为nginxtest.od.com，反代到svc的name为nginx-test，路径为/，端口80

8 创建svc.yml

cat > /data/k8s-yaml/nginxtest/svc.yml <<'eof' apiVersion: v1 kind: Service metadata: labels: k8s-app: nginx-test name: nginx-test namespace: default spec: ports: - port: 80 protocol: TCP selector: app: nginx-test sessionAffinity: None eof

svc标签选择器app: nginx-test，反代pod为app：nginx-test

9 创建deploy.yml

cat > /data/k8s-yaml/nginxtest/deploy.yml <<'eof' apiVersion: apps/v1 kind: Deployment metadata: name: nginx-test labels: app: nginx-test spec: replicas: 2 selector: matchLabels: app: nginx-test template: metadata: labels: app: nginx-test spec: containers: - name: nginx-test image: harbor.od.com/public/nginx:v1.7.9 ports: - name: web containerPort: 80

10 添加dns解析

hdss7-11.host.com上操作

cat >> /var/named/od.com.zone <<'eof' nginxtest A 10.4.7.10 eof vi /var/named/od.com.zone 2020100504 ; serial # 日期加1 systemctl restart named

11 配置7层负载

在hdss7-11.host.com和hdss7-12.host.com上操作

cat >/etc/nginx/conf.d/nginxtest.com.conf <<'eof' upstream default_backend_traefik { server 10.4.7.21:81 max_fails=3 fail_timeout=10s; server 10.4.7.22:81 max_fails=3 fail_timeout=10s; } server { server_name nginxtest.od.com; location / { proxy_pass http://default_backend_traefik; proxy_set_header Host $http_host; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; } } eof nginx -s reload

12 应用资源配置清单

以下都在hdss7-21.host.com或hdss7-22上操作

[root@hdss7-22 ~]# kubectl apply -f http://k8s-yaml.od.com/nginxtest/deploy.yml [root@hdss7-22 ~]# kubectl apply -f http://k8s-yaml.od.com/nginxtest/svc.yml [root@hdss7-22 ~]# kubectl apply -f http://k8s-yaml.od.com/nginxtest/ingress.yml [root@hdss7-22 ~]# kubectl get ing Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress NAME CLASS HOSTS ADDRESS PORTS AGE nginx-web nginxtest.od.com 80 18h [root@hdss7-22 ~]# kubectl get pods -n kube-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES coredns-57c78bdbcd-lsf5z 1/1 Running 4 30h 172.7.21.3 hdss7-21.host.com traefik-ingress-controller-9n8zb 1/1 Running 0 11h 172.7.21.5 hdss7-21.host.com traefik-ingress-controller-wxnqw 1/1 Running 0 11h 172.7.22.4 hdss7-22.host.com

13 修改html

[root@hdss7-22 ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-test-558df79dc9-d95rp 1/1 Running 0 9h 172.7.21.2 hdss7-21.host.com nginx-test-558df79dc9-qw2fj 1/1 Running 0 9h 172.7.22.2 hdss7-22.host.com [root@hdss7-22 ~]# kubectl exec -it nginx-test-558df79dc9-d95rp -- /bin/bash root@nginx-test-558df79dc9-d95rp:/# echo WEB1 > /usr/share/nginx/html/index.html root@nginx-test-558df79dc9-d95rp:/# exit exit [root@hdss7-22 ~]# kubectl exec -it nginx-test-558df79dc9-qw2fj -- /bin/bash root@nginx-test-558df79dc9-qw2fj:/# echo WEB2 > /usr/share/nginx/html/index.html

14 WEB访问

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。