kubernetes-ingress(十)
ingress
https://kubernetes.io/docs/concepts/services-networking/ingress/
pod与ingress的关系
•通过label-selector相关联
•通过Ingress Controller实现Pod的负载均衡
-支持TCP/UDP 4层和HTTP 7层
Ingress 组成?
ingress controller:将新加入的Ingress转化成Nginx的配置文件并使之生效
ingress服务:将Nginx的配置抽象成一个Ingress对象,每添加一个新的服务只需写一个新的Ingress的yaml文件即可
Ingress 工作原理?
ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化,
然后读取它,按照自定义的规则,规则就是写明了哪个域名对应哪个service,生成一段nginx配置,
再写到nginx-ingress-control的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器会把生成的nginx配置写入/etc/nginx.conf文件中,
然后reload一下使配置生效。
以此达到域名分配置和动态更新的问题。
ingress部署文档
https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md
下载yaml文件,修改使用宿主机网络 hostNetwork: true
- [root@k8s-master1 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
- [root@k8s-master1 ingress]# kubectl apply -f mandatory.yaml
- namespace/ingress-nginx created
- configmap/nginx-configuration created
- configmap/tcp-services created
- configmap/udp-services created
- serviceaccount/nginx-ingress-serviceaccount created
- clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
- role.rbac.authorization.k8s.io/nginx-ingress-role created
- rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
- clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
- deployment.extensions/nginx-ingress-controller created
查看ingress部署的node节点,使用宿主机网络会在node监听80和443端口
- [root@k8s-master1 ingress]# kubectl get ns
- NAME STATUS AGE
- default Active 6d20h
- ingress-nginx Active 27m
- kube-public Active 6d20h
- kube-system Active 6d20h
- [root@k8s-master1 ingress]# kubectl get pods -n ingress-nginx -o wide
- NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
- nginx-ingress-controller-5c98c674b8-l9ft2 / Running 28m 192.168.0.125 192.168.0.125 <none> <none>
- [root@k8s-node01 ~]# netstat -tnlp |egrep "80|443"
- tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2358/nginx: master
- tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2358/nginx: master
- tcp 0 0 0.0.0.0:18080 0.0.0.0:* LISTEN 2358/nginx: master
- tcp6 0 0 :::80 :::* LISTEN 2358/nginx: master
- tcp6 0 0 :::443 :::* LISTEN 2358/nginx: master
- tcp6 0 0 :::18080 :::* LISTEN 2358/nginx: master
准备后端服务
- [root@k8s-master1 ingress]# cat deploy-demo.yaml
- #创建service为myapp
- apiVersion: v1
- kind: Service
- metadata:
- name: myapp
- namespace: default
- spec:
- selector:
- app: myapp
- release: canary
- ports:
- - name: http
- targetPort:
- port:
- ---
- #创建后端服务的deployment
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: myapp-backend-pod
- namespace: default
- spec:
- replicas:
- selector:
- matchLabels:
- app: myapp
- release: canary
- template:
- metadata:
- labels:
- app: myapp
- release: canary
- spec:
- containers:
- - name: myapp
- image: ikubernetes/myapp:v2
- ports:
- - name: http
- containerPort:
- [root@k8s-master1 ingress]# kubectl apply -f deploy-demo.yaml
- service/myapp created
- deployment.apps/myapp-backend-pod created
- [root@k8s-master1 ingress]# kubectl get pod,svc
- NAME READY STATUS RESTARTS AGE
- pod/myapp-backend-pod-6b56d98b6b-27vvs / Running 12s
- pod/myapp-backend-pod-6b56d98b6b-6rq8w / Running 12s
- pod/myapp-backend-pod-6b56d98b6b-ndbm6 / Running 12s
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/kubernetes ClusterIP 10.0.0.1 <none> /TCP 6d21h
- service/myapp ClusterIP 10.0.0.79 <none> /TCP 12s
- [root@k8s-node01 ~]# curl 10.0.0.79
- Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
配置ingress规则
- [root@k8s-master1 ingress]# vim ingress-myapp.yaml
- apiVersion: extensions/v1beta1
- kind: Ingress
- metadata:
- name: simple-fanout-example
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: /
- spec:
- rules:
- - host: foo.bar.com
- http:
- paths:
- - path: /
- backend:
- serviceName: myapp
- servicePort:
- [root@k8s-master1 ingress]# kubectl apply -f ingress-myapp.yaml
- ingress.extensions/simple-fanout-example created
- [root@k8s-master1 ingress]# kubectl get ingress
- NAME HOSTS ADDRESS PORTS AGE
- simple-fanout-example foo.bar.com 10s
设置域名解析到ip,即可访问域名
- [root@k8s-master1 ingress]# curl foo.bar.com
- Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
查看详细信息
- [root@k8s-master1 ingress]# kubectl describe ingress simple-fanout-example
- Name: simple-fanout-example
- Namespace: default
- Address:
- Default backend: default-http-backend: (<none>)
- Rules:
- Host Path Backends
- ---- ---- --------
- foo.bar.com
- / myapp: (<none>)
- Annotations:
- kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"simple-fanout-example","namespace":"default"},"spec":{"rules":[{"host":"foo.bar.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}]}}
- nginx.ingress.kubernetes.io/rewrite-target: /
- Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Normal CREATE 3m58s nginx-ingress-controller Ingress default/simple-fanout-example
进入nginx-ingress-controller进行查看是否注入了nginx的配置
- [root@k8s-master1 ingress]# kubectl get pod -n ingress-nginx
- NAME READY STATUS RESTARTS AGE
- nginx-ingress-controller-5c98c674b8-l9ft2 / Running 67m
- [root@k8s-master1 ingress]# kubectl exec -n ingress-nginx -it nginx-ingress-controller-5c98c674b8-l9ft2 bash
- www-data@k8s-node01:/etc/nginx$ cat nginx.conf
- ........
- ## start server foo.bar.com
- server {
- server_name foo.bar.com ;
- listen ;
- listen [::]:;
- set $proxy_upstream_name "-";
- location / {
- set $namespace "default";
- set $ingress_name "simple-fanout-example";
- set $service_name "myapp";
- set $service_port "";
- set $location_path "/";
- rewrite_by_lua_block {
- balancer.rewrite()
- }
- access_by_lua_block {
- }
- header_filter_by_lua_block {
- }
构建TLS站点
准备证书
- [root@k8s-master1 ingress]# openssl genrsa -out tls.key
- Generating RSA private key, bit long modulus
- ..................................................................................+++
- ........................+++
- e is (0x10001)
- [root@k8s-master1 ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=sslexample.foo.com
创建secret
- [root@k8s-master1 ingress]# kubectl create secret tls sslexample-foo-com --cert=tls.crt --key=tls.key
- secret/sslexample-foo-com created
- [root@k8s-master1 ingress]# kubectl get secret
- NAME TYPE DATA AGE
- default-token-7vs6s kubernetes.io/service-account-token 6d22h
- registry-pull-secret kubernetes.io/dockerconfigjson 5d1h
- sslexample-foo-com kubernetes.io/tls 28s
- [root@k8s-master1 ingress]# kubectl describe secret sslexample-foo-com
- Name: sslexample-foo-com
- Namespace: default
- Labels: <none>
- Annotations: <none>
- Type: kubernetes.io/tls
- Data
- ====
- tls.crt: 1298 bytes
- tls.key: 1675 bytes
创建ingress
- [root@k8s-master1 ingress]# vim ingress-https.yaml
- apiVersion: extensions/v1beta1
- kind: Ingress
- metadata:
- name: tls-example-ingress
- spec:
- tls:
- - hosts:
- - sslexample.foo.com
- secretName: sslexample-foo-com
- rules:
- - host: sslexample.foo.com
- http:
- paths:
- - path: /
- backend:
- serviceName: myapp
- servicePort:
- [root@k8s-master1 ingress]# kubectl apply -f ingress-https.yaml
- ingress.extensions/tls-example-ingress created
- [root@k8s-master1 ingress]# kubectl get ingress
- NAME HOSTS ADDRESS PORTS AGE
- simple-fanout-example foo.bar.com 59m
- tls-example-ingress sslexample.foo.com , 29s
- [root@k8s-master1 ingress]# kubectl describe ingress tls-example-ingress
- Name: tls-example-ingress
- Namespace: default
- Address:
- Default backend: default-http-backend: (<none>)
- TLS:
- sslexample-foo-com terminates sslexample.foo.com
- Rules:
- Host Path Backends
- ---- ---- --------
- sslexample.foo.com
- / myapp: (<none>)
- Annotations:
- kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"tls-example-ingress","namespace":"default"},"spec":{"rules":[{"host":"sslexample.foo.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}],"tls":[{"hosts":["sslexample.foo.com"],"secretName":"sslexample-foo-com"}]}}
- Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Normal CREATE 72s nginx-ingress-controller Ingress default/tls-example-ingress
访问测试
kubernetes-ingress(十)的更多相关文章
- Kubernetes Ingress Controller的使用及高可用落地
Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...
- Kubernetes Ingress 学习
Kubernetes 中暴露服务的方式有三种 Loadbalancer 这种方式往往需要云供应商支持,或者本地F5等设备支持 NodePort 这种方式调用方通过NodeIP:NodePort 的方式 ...
- Kubernetes Ingress管理
目录 Ingress介绍 1.Pod漂移问题 2.端口管理问题 3.域名分配及动态更新问题 Nginx Ingress配置 1.部署默认后端 2.部署Ingress Controller 3.部署In ...
- Kubernetes Ingress 部署
Kubernetes Ingress 部署 Pod与Ingress的关系• 通过service相关联• 通过Ingress Controller实现Pod的负载均衡- 支持TCP/UDP 4层和HTT ...
- [转帖]kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较
kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较 https://www.cnblogs.com/xuxinkun/p/11052646 ...
- Kubernetes Ingress日志分析入门
本文主要介绍如何基于日志服务构建Kubernetes Ingress日志分析平台,并提供一些简单的动手实验方便大家快速了解日志服务相关功能. 部署Ingress日志方案 登录容器服务管理控制台. 将上 ...
- Kubernetes Ingress简单入门
作者:Nick Ramirez 原文链接:https://thenewstack.io/kubernetes-ingress-for-beginners/ 本文转载自Rancher Labs 不知道你 ...
- 在 Kubernetes Ingress 中支持 Websocket/Socket 服务
Kubernetes Ingress 可将集群内部的 Service 通过 HTTP/HTTPS 的方式暴露供外部访问,并通过路径匹配规则定义服务的路由.但是 Ingress 对 TCP/UDP 的服 ...
- CORS跨源资源共享概念及配置(Kubernetes Ingress和Spring Cloud Gateway)
我最新最全的文章都在南瓜慢说 www.pkslow.com,欢迎大家来喝茶! 1 跨源资源共享CORS 跨源资源共享 (CORS) (或通俗地译为跨域资源共享)是一种基于HTTP 头的机制,该机制通过 ...
- 几张图解释明白 Kubernetes Ingress
来源:K8s技术圈 作者:阳明 Kubernetes Ingress 只是 Kubernetes 中的一个普通资源对象,需要一个对应的 Ingress 控制器来解析 Ingress 的规则,暴露服务到 ...
随机推荐
- Hadoop中解除 "Name node is in safe mode"的方法
运行hadoop程序时,有时候会报以下错误,说明Hadoop的NameNode处在安全模式下. 原因分析: 在分布式文件系统启动的时候,开始的时候会有安全模式,当分布式文件系统处于安全模式的情况下,文 ...
- vue2格式化时间戳
注意:时间戳分为10位和13位的,10位的是秒,13位的是毫秒 这里给出的是格式化13位的方法,10位的时间戳可以加上3个0 <div id="app">{{time ...
- Vue-multiselect详解(Vue.js选择框解决方案)
github地址:https://github.com/shentao/vue-multiselect 官网链接:https://vue-multiselect.js.org/#sub-getting ...
- Luogu P2480 [SDOI2010]古代猪文 卢卡斯+组合+CRT
好吧刚开始以为扩展卢卡斯然后就往上套..结果奇奇怪怪又WA又T...后来才意识到它的因子都是质数...qwq怕不是这就是学知识学傻了.. 题意:$ G^{\Sigma_{d|n} \space C_n ...
- Oracle 11g安装报错Environment variable: "PATH"
Environment variable: "PATH" - This test checks whether the length of the environment vari ...
- linux目录权限
linux中,有三种不同类型的用户可以对文件或目录进行访问:文件所有者,同组用户,其他用户.所有者一般是文件的创建者,文件所有者自动拥有对该文件的读.写和可执行权限.所有者能允许同组用户有权访问文件, ...
- HDU 5775 L - Bubble Sort 树状数组
给定一段冒泡排序的代码,要求输出每个数字能到达的最右边的位置和最左边的位置的差 因为那段冒泡排序的代码是每次选取一个最小的数,放在左边的,所以,每个数最多能到达右边的位置应该是起始位置i+右边有多少个 ...
- JavaScript 获取 Url 上的参数(QueryString)值
获取URL里面传的参数,在Js中不能像后台一样使用Request.QueryString来获取URL里面参数,下面介绍两种方式用来获取参数 方式一:使用split分隔来获取,这种方法考试了地址中包含了 ...
- c/c++ socket发送http请求访问网站
这几天课比较少,校园网上网要认证才能上网,每次必须输入学号密码,为了方便,写了一个自动登录以及如果在线,登录自服务系统强制下线的小工具. 强制下线思路:获取sessionID----------> ...
- SpringBoot | 第三章:springboot配置详解
基于springboot的约定优于配置的原则,在多数情况下,启动一个应用时,基本上无需做太多的配置,应用就能正常启动.但在大部分开发环境下,添加额外配置是无所避免的,比如自定义应用端口号(比较在机器比 ...