Kubernetes 暴露服務(wù)方式
1.1 ClusterIP
Clusterip是集群內(nèi)部的私有ip,在集群內(nèi)部訪問服務(wù)非常方便拢肆,也是kuberentes集群默認(rèn)的方式弥激,直接通過service的Clusterip訪問,也可以直接通過ServiceName訪問。集群外部則是無法訪問的
1.2 NodePort
NodePort 服務(wù)是引導(dǎo)外部流量到你的服務(wù)的最原始方式。NodePort属瓣,正如這個名字所示员舵,在所有節(jié)點(虛擬機(jī))上開放一個特定端口,任何發(fā)送到該端口的流量都被轉(zhuǎn)發(fā)到對應(yīng)服務(wù)捉兴。
NodePort 服務(wù)特征如下:
每個端口只能是一種服務(wù)
端口范圍只能是 30000-32767(可調(diào))
不在 YAML 配置文件中指定則會分配一個默認(rèn)端口
1.3 LoadBalancer
LoadBlancer Service 是 kubernetes 深度結(jié)合云平臺的一個組件蝎困;當(dāng)使用 LoadBlancer Service 暴露服務(wù)時录语,實際上是通過向底層云平臺申請創(chuàng)建一個負(fù)載均衡器來向外暴露服務(wù);目前 LoadBlancer Service 支持的云平臺已經(jīng)相對完善禾乘,比如國外的 GCE澎埠、DigitalOcean,國內(nèi)的 阿里云始藕,私有云 Openstack 等等蒲稳,由于 LoadBlancer Service 深度結(jié)合了云平臺,所以只能在一些云平臺上來使用.
1.4 Ingress
Ingress資源對象伍派,用于將不同URL的訪問請求轉(zhuǎn)發(fā)到后端不同的Service,以實現(xiàn)HTTP層的業(yè)務(wù)路由機(jī)制江耀。Kubernetes使用一個Ingress策略定義和一個具體的Ingress Controller,兩者結(jié)合并實現(xiàn)了一個完整的Ingress負(fù)載均衡器。
Ingress Controller將基于Ingress規(guī)則將客戶請求直接轉(zhuǎn)發(fā)到Service對應(yīng)的后端Endpoint上诉植,這樣會跳過kube-proxy的轉(zhuǎn)發(fā)功能祥国,kube-proxy 不再起作用。
Ingress 安裝部署
2.1 創(chuàng)建Ingress Controller
在定義Ingress策略之前晾腔,需要先部署Ingress Controller,以實現(xiàn)為所有后端Service提供一個統(tǒng)一的入口系宫。Ingress Controller需要實現(xiàn)基于不同HTTP URL向后轉(zhuǎn)發(fā)的負(fù)載分發(fā)機(jī)制,并可以靈活設(shè)置7層的負(fù)載分發(fā)策略建车。如果公有云服務(wù)商提供該類型的HTTP路由LoadBalancer,則可以設(shè)置其為Ingress Controller.
在Kubernetes中扩借,Ingress Controller將以Pod的形式運行,監(jiān)控apiserver的/ingress端口后的backend services, 如果service發(fā)生變化缤至,則Ingress Controller 應(yīng)用自動更新其轉(zhuǎn)發(fā)規(guī)則
Ingress 架構(gòu)圖
ingress.png
2.2 安裝backend服務(wù)
為了讓Ingress Controller 能夠正常啟動潮罪,還需要為它配置一個默認(rèn)的backend,用于在客戶端訪問的URL地址不存在時领斥,能夠返回一個正確的404應(yīng)答嫉到。這個backend服務(wù)用任何應(yīng)用實現(xiàn)都可以,只要滿足默認(rèn)對路徑的訪問返回404應(yīng)答月洛,并且提供/healthz完成對它的健康檢查何恶。
2.3 安裝ingress 服務(wù)
#wget https://github.com/kubernetes/ingress-nginx/archive/nginx-0.30.0.tar.gz
#tar -xf nginx-0.30.0.tar.gz
#cd ingress-nginx-nginx-0.30.0/deploy/static/
#調(diào)整mandatory.yaml 配置文件
188 ---
189
190 apiVersion: apps/v1
191 kind: DaemonSet # 從Deployment改為DaemonSet
192 metadata:
193 name: nginx-ingress-controller
194 namespace: ingress-nginx
195 labels:
196 app.kubernetes.io/name: ingress-nginx
197 app.kubernetes.io/part-of: ingress-nginx
198 spec:
199 #replicas: 2 #注銷replicas 副本
200 selector:
201 matchLabels:
202 app.kubernetes.io/name: ingress-nginx
203 app.kubernetes.io/part-of: ingress-nginx
204 template:
205 metadata:
206 labels:
207 app.kubernetes.io/name: ingress-nginx
208 app.kubernetes.io/part-of: ingress-nginx
209 annotations:
210 prometheus.io/port: "10254"
211 prometheus.io/scrape: "true"
212 spec:
213 hostNetwork: true # 增加 hostNetwork: true,意思是開啟主機(jī)網(wǎng)絡(luò)模式嚼黔,暴露 Nginx 服務(wù)端口 80
214 # wait up to five minutes for the drain of connections
215 terminationGracePeriodSeconds: 300
216 serviceAccountName: nginx-ingress-serviceaccount
217 nodeSelector:
218 Ingress: nginx #制定為node 節(jié)點標(biāo)簽為 Ingress:nginx 部署ingress
219 kubernetes.io/os: linux
##########################################新增端口
248 ports:
249 - name: http
250 containerPort: 80
hostPort: 80 # 添加處【可在宿主機(jī)通過該端口訪問Pod】
251 protocol: TCP
252 - name: https
253 containerPort: 443
hostPort: 443 # 添加處【可在宿主機(jī)通過該端口訪問Pod】
254 protocol: TCP
#部署創(chuàng)建ingress
#kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
# kubectl get ds -n ingress-nginx -o wide
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
nginx-ingress-controller 1 1 1 1 1 Ingress=nginx,kubernetes.io/os=linux 31d nginx-ingress-controller registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.30.0 app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/part-of=ingress-nginx
# kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-8r4ph 1/1 Running 0 31d 10.65.4.1 k8s-node-001 <none> <none>
2.4 部署服務(wù)測試實例
#cat deply_service1.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy1
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: v1
template:
metadata:
labels:
app: myapp
release: v1
env: test
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1
namespace: default
spec:
type: ClusterIP # 默認(rèn)類型
selector:
app: myapp
release: v1
ports:
- name: http
port: 80
targetPort: 80
# kubectl apply -f deply_service1.yml
2.5 部署ingress http backend 代理訪問
#cat ingress-http-backend.yml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nginx-http
namespace: default
spec:
rules:
- host: www.frank.com
http:
paths:
- path: /
backend:
serviceName: myapp-clusterip1
#kubectl apply -f ingress-http-backend.yml
2.6 驗證ingress 服務(wù)
#新增C:\WINDOWS\System32\drivers\etc\hosts
10.65.4.1 www.frank.com
ingress-001.png
