k8s之ingress及ingress controller-云搜网

本站教程收集整理的这篇文章主要介绍了k8s之ingress及ingress controller，本站教程本站觉得挺不错的，现在分享给大家，也给大家做个参考。

原文链接：https://www.cnblogs.com/fawaikuangtu123/p/11030993.html

1.ingress概述

图解:第一个service起到的作用是:引入外部流量,也可以不用此方式,以DaemonSet控制器的方式让Pod共享节点网络,第二个service的作用是:对后端pod分组,不被调度时使用,如果后端pod发生变动,则ingress就会将变动信息注入到,ingress controller管理的7层负载Nginx的配置文件中.

2.部署

wget https://raw.githubusercontent.com/kubernetes/ingress-Nginx/master/deploy/mandatory.yaml

kubectl apply -f mandatory.yaml

# 之前还有个default-http-BACkend,现在只运行一个pod

kubectl get pods -n ingress-Nginx

NAME??????????????????????????????????????? READY?? STATUS??? RESTARTS?? AGE

nginx-ingress-controller-689498bc7c-sm972?? 1/1?????Running?? 0????????? 45s

# nginx-ingress-controller部署在Node1上,一个deployment控制器,一个replicaset,一个pod.

# 接下来还需要部署一个service-nodeport服务,才能实现把集群外部流量接入到集群中来.

wget https://raw.githubusercontent.com/kubernetes/ingress-Nginx/master/deploy/provider/bareMetal/service-nodeport.yaml

# 为了不让service nodeport自动分配端口,需要手动指定nodeport

cat?service-nodeport.yaml

apiVersion: v1

kind: service

@H_760_102@metadata:

??name: ingress-Nginx

??namespace: ingress-Nginx

??labels:

????app.kubernetes.io/name: ingress-Nginx

????app.kubernetes.io/part-of: ingress-Nginx

spec:

??type: NodePort

??ports:

????- name: http

??????port: 80

??????targetPort: 80

??????nodePort: 30080

??????protocol: TCP

????- name: https

??????port: 443

??????targetPort: 443

??????protocol: TCP

??????nodePort: 30443

??SELEctor:

????app.kubernetes.io/name: ingress-Nginx

????app.kubernetes.io/part-of: ingress-Nginx

kubectl apply -f service-nodeport.yaml

kubectl get svc -n ingress-Nginx

NAME??????????? TYPE?????? CLUSTER-IP????? EXTERNAL-IP?? PORT(S)????????????????????? AGE

ingress-Nginx?? nodePort?? 10.102.228.59?? <none>??????? 80:30080/TCP,443:30443/TCP???31s

3.定义后端分组service:myapp-svc

cat?@H_760_102@myapp-svc-headless.yaml

apiVersion: v1

kind: service

@H_760_102@metadata:

??name: myapp-svc

??namespace: default

spec:

??SELEctor:

????app: myapp

????release: canary

??clusterIP:?"None"

??ports:

??- port: 80

????targetPort: 80

---

apiVersion: apps/v1

kind: Deployment

@H_760_102@metadata:

??name: myapp-deploy

??namespace: default

spec:

??replicas: 2

??SELEctor:

????@H_760_102@matchLabels:

??????app: myapp

??????release: canary

??template:

????@H_760_102@metadata:

??????labels:

????????app: myapp

????????release: canary

????spec:

??????containers:

??????- name: myapp

????????image: ikubernetes/myapp:v1

????????ports:

????????- name: http

??????????containerPort: 80

# 创建pod时,用nodeSELEctor可实现精准分布

kubectl apply -f myapp-svc-headless.yaml

kubectl get svc

NAME???????? 便宜美国vps TYPE??????? CLUSTER-IP?? EXTERNAL-IP?? PORT(S)?? AGE

kubernetes?? ClusterIP?? 10.96.0.1??? <none>??????? 443/TCP???13d

@H_760_102@myapp-svc??? ClusterIP?? none???????? <none>??????? 80/TCP????29m

# 通过Ingress把myapp-svc发布出去

cat?ingress-my@R_404_3976@

apiVersion: extensions/v1beta1

kind: Ingress

@H_760_102@metadata:

??name: ingress-myapp

??namespace: default

??Annotations:

????kubernetes.io/ingress.class:?"Nginx"

spec:

??rules:

??- host: myapp.lixiang.com

????http:

??????paths:

??????- path:

????????BACkend:

??????????servicename: myapp-svc

??????????servicePort: 80

namespace要和deployment和要发布的service处于同一个名称空间

Annotations:说明我们要用到的ingress-controller是Nginx,而不是Traefik、Envoy

host:表示访问这个域名,就会转发到后端myapp-deploy管理的pod上

kubectl apply -f ingress-my@R_404_3976@

kubectl get ingress

NAME??????????? HOSTS?????????????? ADDRESS?? PORTS?? AGE

ingress-myapp?? myapp.lixiang.com???????????? 80????? 5m34s

#? 进入交互式命令行

kubectl?exec?-n ingress-Nginx -it nginx-ingress-controller-689498bc7c-sm972 --?/bin/sh

$?cat?Nginx.conf

????## start server myapp.lixiang.com

????server {

????????server_name myapp.lixiang.com ;

????????listen 80;

????????LOCATIOn / {

????????????set?$namespace??????"default";

????????????set?$ingress_name???"ingress-myapp";

????????????set?$service_name???"myapp-svc";

????????????set?$service_port???"80";

????????????set?$LOCATIOn_path??"/";

# ingress一经创建,就将信息注入到nginx-ingress-controller这个pod中,

# 个人感觉ingress像一个监视者、搬运工,nginx-ingress-controller起到反向代理的作用

# 添加一条hosts解析

curl myapp.lixiang.com:30080

Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

4.使用https访问

# 自签证书

openssl genrsa -out tls.key 2048

openssl req -new -x509 -key tls.key? -out tls.crt -subj?/C=CN/ST=Beijing/O=DevOps/CN=myapp.lixiang.com

# 通过secret把证书注入到pod中

kubectl create secret tls myapp-infress-secret --cert=tls.crt --key=tls.key

cat?ingress-my@R_404_3976@

apiVersion: extensions/v1beta1

kind: Ingress

@H_760_102@metadata:

??name: ingress-myapp-tls

??namespace: default

??Annotations:

????kubernetes.io/ingress.class:?"Nginx"

spec:

??tls:

??- hosts:

????- myapp.lixiang.com

????secretName: myapp-infress-secret

??rules:

??- host: myapp.lixiang.com

????http:

??????paths:

??????- path: /

????????BACkend:

??????????servicename: myapp-svc

??????????servicePort: 80

# 进入容器查看配置文件

cat?Nginx.conf

server {

????server_name myapp.lixiang.com ;

????listen 80;?

????listen 443? ssl http2;

curl -k https://myapp.lixiang.com:30443

本站总结

以上是本站教程为你收集整理的k8s之ingress及ingress controller全部内容，希望文章能够帮你解决k8s之ingress及ingress controller所遇到的程序开发问题。

如果觉得本站教程网站内容还不错，欢迎将本站教程推荐给好友。

本图文内容来源于网友网络收集整理提供，作为学习参考使用，版权属于原作者。
如您有任何意见或建议可联系处理。

k8s之ingress及ingress controller

本站总结

相关推荐

热门推荐

分类目录