8. kubernetes ingress和ingerss Controller
[TOC]
本文基于馬哥的docker和k8s視頻總結(jié), 在此致謝馬哥.
- 卸載四層以上會話, 例如SSL
-
Ingress controller=> 入口控制器, 擁有七層代理和調(diào)度能力的應(yīng)用程序(其實是一個pod)- Nginx
- Traefik
- Envoy
-
Ingress資源
如何在kubernetes上實現(xiàn)七層調(diào)度?
- 先部署一個
Ingress Controller - 根據(jù)自己的需要配置(虛擬主機或url代理)前端
- 根據(jù)
service收集到的后端pod的IP定義成upstream server并反映在Ingress中 - 由
Ingress動態(tài)注入到Ingress Controller中
ingress controller.png
如何部署一個Ingress?
kubernetes ingress-nginx-controller-架構(gòu).png
kubectl explain ing.spec
# backend <object> 定義后端有哪些主機
# rules <[]object> 定義規(guī)則
# tls <[]object> 定義https時才使用此參數(shù), 用于卸載7層會話
kubectl explain ing.spec.rules
# host <string> 定義虛擬主機
# http.paths <[]Object> -required- 定義url
kubectl explain ing.spec.backend
# serviceName <string> -required- 定義后端pod的名稱
# servicePort <string> -required- 定義后端pod的端口
nginx ingress controller
使用github上關(guān)于ingress的項目: https://github.com/kubernetes/ingress-nginx
# 1.創(chuàng)建文件放置目錄
mkdir ~/ingress-nginx ; cd ~/ingress-nginx
# 2. 下載需要使用的yaml文件, 注意使用raw格式的url
for file in namespace.yaml configmap.yaml rbac.yaml with-rbac.yaml;do wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/$file; done
# 3. 分別創(chuàng)建
kubectl apply -f namespace.yaml # 注意必須要首先創(chuàng)建名稱空間
kubectl apply -f ./ # apply可以針對目錄進行, 它會自動引用目錄下所有文件
# 注: 第2, 3步可以替換為引用mantadory.yaml文件
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
# 4. 查看ingress-nginx的pod是否被創(chuàng)建, 注意指明名稱空間
kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-79f6884cf6-g8x5h 0/1 ContainerCreating 0 77s
# 注: 這一步下載的nginx-ingress-controller非常慢, 我第一次下載鏡像, 創(chuàng)建pod花了40分鐘
# 記錄下載的鏡像名與版本:
# quay.io/kubernetes-ingress-controller/nginx-ingress-controller 0.25.1 0439eb3e11f1 3 weeks ago 511MB
# 用以下命令查看pod情況, 注意指明名稱空間!
kubectl describe pods nginx-ingress-controller-79f6884cf6-g8x5h -n ingress-nginx
# 直接連入ingress-controller中查看配置情況
kubectl exec -it -n ingress-nginx nginx-ingress-controller-79f6884cf6-g8x5h -- /bin/sh
# 5. 創(chuàng)建后端被代理的服務(wù)service并使用
vi deploy-demo.yml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: nginx
release: canary
ports:
- name: http
port: 80
targetPort: 80
--- # 注意一定要使用三個橫線來分割
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deploy
namespace: default
spec:
replicas: 2
selecotr:
matchLabels:
app: nginx
release: canary
template:
metadata:
labels:
app: nginx
release: canary
spec:
containers:
- name: nginx-container
image: nginx:1.14-alpine
ports:
- name: http
containerPort: 80
kubectl apply -f deploy-demo.yml
# 6. 創(chuàng)建Service接入集群外部流量
# 也可以直接共享node的網(wǎng)絡(luò)名稱空間, 但需要手動改造配置文件with-rbac.yaml,
# 將Deployment改為daemonSet, 去掉replicas并修改一些對應(yīng)配置, 最重要的是
# 在template.spec中添加一項配置: hostNetwork
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
vi service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080 # 可自定義節(jié)點對外暴露的端口
protocol: TCP
- name: https
port: 443
targetPort: 443
nodePort: 30443 # 可自定義節(jié)點對外暴露的端口
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kubectl apply -f service-nodeport.yaml
# 7. 創(chuàng)建Ingress
vi ingress-demo.yaml
可以使用虛擬主機(主機名)的方式進行定義:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-test
namespace: default # 與Deployment和Service應(yīng)屬于同一個名稱空間
annotations:
kubernetes.io/ingress.class: "nginx" # 寫明使用nginx類型的ingress-controller
spec:
rules:
- host: myapp.test.com # 定義外部能夠通過DNS解析到的主機名
http:
paths:
- path: # 前端使用url進行映射, 可以為空(此時會使用根"/")
backend: # 映射到的后端, 會根據(jù)后面哪些pod來生成upstream
serviceName: myapp
servicePort: 80
也可以使用url的方式進行定義, 以下為示例
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-test
annotations: # 此項非常重要, 指明使用的ingress-controller類型
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /testpath
backend:
serviceName: myapp
servicePort: 80
kubectl apply -f ingress-demo.yml
# 8. 外部訪問測試
https://192.168.200.201:30080
記錄一個實操成功的案例配置
mkdir ~/ingress-nginx ; cd ~/ingress-nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
vi service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kubectl apply -f service-nodeport.yaml
vi tomcat-deploy.yml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: tomcat
release: test
ports:
- name: http
port: 8080
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: test
template:
metadata:
labels:
app: tomcat
release: test
spec:
containers:
- name: tomcat-container
image: tomcat:8-alpine
ports:
- name: http
containerPort: 8080
kubectl apply -f tomcat-deploy.yml
vi tomcat-ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tomcat-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: node2
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 8080
kubectl apply -f tomcat-ingress.yml
# 測試: 在宿主機上先做好DNS解析, 然后使用瀏覽器訪問http://虛擬機ip:8080, 可查看到在容器中運行的tomcat服務(wù)
