Ingress是什么帖努?請參考:https://jimmysong.io/kubernetes-handbook/concepts/ingress.html
https://mritd.me/2017/03/04/how-to-use-nginx-ingress/
Service不管是工作在iptables模式荞怒,還是工作在ipvs模式,它都是四層調(diào)度器察纯,都是工作在TCP/IP協(xié)議棧帕棉。如果用戶訪問的是HTTPS協(xié)議(屬于七層協(xié)議)的服務(wù),再通過Service來進(jìn)行請求調(diào)度的話饼记,顯然它是不能完成的香伴。這時我們就需要使用七層的負(fù)載均衡機(jī)制。
Ingress可用的調(diào)度器種類:
- Nginx
- Traefik
-
Envoy
image.png
- 外部訪問請求經(jīng)過K8S集群外部的負(fù)載均衡器(externalLB) 將請求調(diào)度到K8S集群中的ingress-nginx Service具则;
ingress-nginx Service這一步聚也可以通過下面這個方案替換:就是將ingress的Pod共享節(jié)點(diǎn)主機(jī)的網(wǎng)絡(luò)名稱空間(通過DaemonSet來管理這些Pod)即纲,這樣就外部負(fù)載均衡器就可以直接將請求調(diào)度到ingress Pod上了。
- Ingress Controller 負(fù)載管理Ingress Pod博肋;
- 根據(jù)Ingress中的配置低斋,選擇將請求轉(zhuǎn)發(fā)至對應(yīng)的后端Pod;
- 通過無頭Service(Headless Service)把后端Pod進(jìn)行分組匪凡,一旦有Pod掛了膊畴,Ingress會將無頭Service匹配到的Pod的ip或名稱載入Ingress配置中,以這樣的方式對新創(chuàng)建的Pod進(jìn)行調(diào)度病游。
Ingress Controller是K8S核心附件之一唇跨。接下來我們來部署Ingress-nginx。
https://github.com/kubernetes/ingress-nginx/
git clone https://github.com/kubernetes/ingress-nginx.git
cd ingress-nginx/deploy
kubectl apply -f mandatory.yaml
# 如果嫌克隆太慢衬衬,也可以直接執(zhí)行如下命令:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
上述命令執(zhí)行完后买猖,會拉取nginx-ingress-controller鏡像,需要一點(diǎn)時間
等待nginx-ingress-controller Pod運(yùn)行起來滋尉。
給nginx-ingress-controller Pod創(chuàng)建一個類型為NodePort的Service用以接入外部流量:
# 下載
[root@k8s-master deploy]# wget wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
# 修改service-nodeport.yaml玉控,給此service指定nodePort。
[root@k8s-master deploy]# vim service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
protocol: TCP
- name: https
port: 443
targetPort: 443
nodePort: 30443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
# 創(chuàng)建Service
[root@k8s-master deploy]# kubectl apply -f service-nodeport.yaml
# 查看
[root@k8s-master deploy]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.106.59.175 <none> 80:30080/TCP,443:30443/TCP 5s
由于此時還未定義后端Pod兼砖,所以訪問http://192.168.100.135:30080/還是404
接下來奸远,我們創(chuàng)建一組后端Pod,以及為它們創(chuàng)建一個Serivce
vim myapp-deploy-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc-ingress
namespace: default
spec:
selector:
app: myapp
release: canary
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: http
containerPort: 80
kubectl apply -f myapp-deploy-svc.yaml
Service名為myapp-svc-ingress讽挟,這個Service需要在ingress的后端配置中使用懒叛。創(chuàng)建了3個后端Pod
定義一個Ingress,名為ingress-myapp
[root@k8s-master ingress]# cat ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingrepp-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.magedu.com
http:
paths:
- path: # urI路徑為空耽梅,默認(rèn)為/
backend:
serviceName: myapp-svc-ingress
servicePort: 80
創(chuàng)建Ingress:
kubectl apply -f ingress-myapp.yaml
查看Ingress:
[root@k8s-master ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
ingrepp-myapp myapp.magedu.com
驗(yàn)證:
必須使用域名訪問:http://myapp.magedu.com:30080薛窥,這時需要在hosts文件中,把節(jié)點(diǎn)IP與myapp.magedu.com做映射。
刷新如果一直顯示一個Pod 主機(jī)名诅迷,則需要按Ctrl+F5強(qiáng)刷佩番,這時會看到三個Pod輪流處理請求。
