容器云平台No.8~kubernetes负载均衡之ingress-nginx
Ingress 是什么?
Ingress 公开了从集群外部到集群内服务的 HTTP 和 HTTPS 路由。 流量路由由 Ingress 资源上定义的规则控制。
可以将 Ingress 配置为服务提供外部可访问的 URL、负载均衡流量、终止 SSL/TLS,以及提供基于名称的虚拟主机等能力。 Ingress 控制器 通常负责通过负载均衡器来实现 Ingress,尽管它也可以配置边缘路由器或其他前端来帮助处理流量。
本文使用host network模式,示意图如下
下载部署文件
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.35.0/deploy/static/provider/baremetal/deploy.yaml
修改images为国内仓库
k8s.gcr.io/ingress-nginx/controller:v0.35.0@sha256:fc4979d8b8443a831c9789b5155cded454cb7de737a8b727bc2ba0106d2eae8b
修改为,也可以自行使用魔法到k8s.gcr.io下载
scofield/ingress-nginx-controller:v0.35.0
修改网络模式为host network
template:spec:hostNetwork: truednsPolicy: ClusterFirstWithHostNet
执行部署
kubectl apply -f deploy.yaml
[root@k8s-master001 ingress-nginx]# kubectl get po -n ingress-nginx[root@k8s-master001 ingress-nginx]# kubectl get po,svc -n ingress-nginx -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESpod/ingress-nginx-admission-create-dfg8g 0/1 Completed 0 47m 10.244.2.155 k8s-master003 <none> <none>pod/ingress-nginx-admission-patch-cfl4r 0/1 Completed 1 47m 10.244.1.134 k8s-master002 <none> <none>pod/ingress-nginx-controller-6fdd8c7f88-5gzdv 1/1 Running 0 2m42s 10.26.25.21 k8s-master002 <none> <none>
注意:ingress-nginx-controller的IP应该是宿主机IP,这里是10.26.25.21,至此,ingress-nginx就部署好了
使用ingress-nginx暴露http服务
部署一个最常用的http服务nginx,使用ingress-nginx暴露http服务
1、编写demo.yaml
---apiVersion: apps/v1kind: StatefulSetmetadata:name: nginxlabels:app: nginxspec:serviceName: nginxreplicas: 1selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:terminationGracePeriodSeconds: 180initContainers:- name: initimage: busyboxcommand: ["chmod","777","-R","/var/www"]imagePullPolicy: AlwaysvolumeMounts:- name: volumemountPath: /var/www/htmlcontainers:- name: nginximage: nginximagePullPolicy: Alwaysports:- containerPort: 80name: portvolumeMounts:- name: volumemountPath: /var/www/htmlvolumeClaimTemplates:- metadata:name: volumespec:accessModes: ["ReadWriteOnce"]storageClassName: rook-cephresources:requests:storage: 1Gi---apiVersion: v1kind: Servicemetadata:name: nginxlabels:app: nginxspec:type: NodePortports:- port: 80targetPort: 80selector:app: nginx
2、执行部署
[root@k8s-master001 ingress-nginx]# kubectl apply -f demo.yamlstatefulset.apps/nginx configuredservice/nginx created[root@k8s-master001 ~]# kubectl get po,svcNAME READY STATUS RESTARTS AGEpod/nginx-0 1/1 Running 0 21mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d21hservice/nginx NodePort 10.106.146.193 <none> 80:31389/TCP 21m[root@k8s-master001 ~]# curl -I 10.106.146.193HTTP/1.1 200 OKServer: nginx/1.19.2Date: Wed, 16 Sep 2020 07:03:26 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Tue, 11 Aug 2020 14:50:35 GMTConnection: keep-aliveETag: "5f32b03b-264"Accept-Ranges: bytes
3、nginx已经部署好,而且访问已经OK,接下来创建Ingress
demo-ingress.yaml
---apiVersion: extensions/v1beta1kind: Ingressmetadata:name: nginxannotations:kubernetes.io/ingress.class: nginxspec:rules:- host: nginx.text.cnhttp:paths:- path: /backend:serviceName: nginxservicePort: 80
[root@k8s-master001 ~]# kubectl apply -f nginx-ingress.yamlerror: error validating "nginx-ingress.yaml": error validating data: [ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "serviceName" in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "servicePort" in io.k8s.api.networking.v1.IngressBackend]; if you choose to ignore these errors, turn validation off with --validate=false
修改apiVersion为networking.k8s.io/v1
---apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: nginxannotations:kubernetes.io/ingress.class: nginxspec:rules:- host: nginx.text.cnhttp:paths:- pathType: Prefixpath: /backend:service:name: nginxport:number: 80
[root@k8s-master001 ingress-nginx]# kubectl apply -f demo-ingress.yamlError from server (InternalError): error when applying patch:{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"Ingress\",\"metadata\":{\"annotations\":{\"kubernetes.io/ingress.class\":\"nginx\"},\"name\":\"nginx\",\"namespace\":\"default\"},\"spec\":{\"rules\":[{\"host\":\"nginx.ieasou.cn\",\"http\":{\"paths\":[{\"backend\":{\"service\":{\"name\":\"nginx\",\"port\":{\"number\":80}}},\"path\":\"/\",\"pathType\":\"Prefix\"}]}}]}}\n","kubernetes.io/ingress.class":"nginx"}},"spec":{"rules":[{"host":"nginx.ieasou.cn","http":{"paths":[{"backend":{"service":{"name":"nginx","port":{"number":80}}},"path":"/","pathType":"Prefix"}]}}]}}to:Resource: "networking.k8s.io/v1, Resource=ingresses", GroupVersionKind: "networking.k8s.io/v1, Kind=Ingress"Name: "nginx", Namespace: "default"for: "demo-ingress.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/extensions/v1beta1/ingresses?timeout=30s": x509: certificate is valid for k8s-master002, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, not ingress-nginx-controller-admission.ingress-nginx.svc
还是不行。。。
解决办法1、把Webhook删了
admission webhook 传送门
[root@k8s-master001 ingress-nginx]# kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admissionvalidatingwebhookconfiguration.admissionregistration.k8s.io "ingress-nginx-admission" deleted
再来
[root@k8s-master001 ingress-nginx]# kubectl apply -f demo-ingress.yamlingress.networking.k8s.io/nginx configured
解决办法2、降级为0.32.0(未测)
传送门了解更多
4、现在来查看创建好的ingress,已经创建好了
[root@k8s-master001 ingress-nginx]# kubectl get ingWarning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 IngressNAME CLASS HOSTS ADDRESS PORTS AGEnginx <none> nginx.ieasou.cn 10.26.25.21 80 3d19h
5、访问验证,现在在外部就可以通过域名nginx.text.cn访问到nginx了
[root@k8s-master001 ingress-nginx]# vim /etc/hosts10.26.25.21 nginx.text.cn[root@k8s-master001 ingress-nginx]# curl -I nginx.text.cnHTTP/1.1 200 OKServer: nginx/1.19.2Date: Wed, 16 Sep 2020 08:05:06 GMTContent-Type: text/htmlContent-Length: 612Connection: keep-aliveVary: Accept-EncodingLast-Modified: Tue, 11 Aug 2020 14:50:35 GMTETag: "5f32b03b-264"Accept-Ranges: bytes
使用ingress-nginx暴露TCP服务
部署一个常用的redis服务,使用ingress-nginx暴露tcp服务
1、编写redis.yaml文件
---apiVersion: apps/v1kind: StatefulSetmetadata:name: redislabels:app: redisspec:serviceName: redisreplicas: 1selector:matchLabels:app: redistemplate:metadata:labels:app: redisspec:terminationGracePeriodSeconds: 180initContainers:- name: initimage: busyboxcommand: ["chmod","777","-R","/var/www"]imagePullPolicy: AlwaysvolumeMounts:- name: volumemountPath: /datacontainers:- name: redisimage: redisimagePullPolicy: Alwaysports:- containerPort: 6379name: portvolumeMounts:- name: volumemountPath: /datavolumeClaimTemplates:- metadata:name: volumespec:accessModes: ["ReadWriteOnce"]storageClassName: rook-cephresources:requests:storage: 1Gi---apiVersion: v1kind: Servicemetadata:name: redislabels:app: redisspec:type: NodePortports:- port: 6379targetPort: 6379selector:app: redis
查看并查看结果
[root@k8s-master001 ingress-nginx]# kubectl apply -f redis.yaml[root@k8s-master001 ingress-nginx]# kubectl get po,svcNAME READY STATUS RESTARTS AGEpod/redis-0 1/1 Running 0 104sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/redis NodePort 10.98.28.146 <none> 80:32193/TCP 104s测试连接redis,能够连接[root@k8s-master001 ingress-nginx]# telnet 10.26.25.20 32193Trying 10.26.25.20...Connected to 10.26.25.20.Escape character is '^]'.info$3615# Serverredis_version:6.0.8
2、默认ingress-nginx的deploy.yaml部署文件并没有开启tcp服务支持,这里需要修改部署文件并重新部署。一般情形,如果需要支持tcp,udp等转发,提前规划并修改deploy.yaml文件
修改如下:--tcp-services-configmap,这里顺便把udp也开启了--udp-services-configmap
containers:- name: controllerimage: scofield/ingress-nginx-controller:v0.35.0imagePullPolicy: IfNotPresentlifecycle:preStop:exec:command:- /wait-shutdownargs:- /nginx-ingress-controller- --election-id=ingress-controller-leader- --ingress-class=nginx- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-service- --udp-services-configmap=$(POD_NAMESPACE)/udp-service- --validating-webhook=:8443- --validating-webhook-certificate=/usr/local/certificates/cert- --validating-webhook-key=/usr/local/certificates/key
重新部署ingress-nginx
kubectl apply -f deploy.yaml
3、创建tcp服务需要的configmap,注意namespace一定要和ingress-nginx部署的namespace一致
tcp-service.yaml
apiVersion: v1kind: ConfigMapmetadata:name: tcp-servicenamespace: ingress-nginxdata:6379: "default/redis:6379"
[root@k8s-master001 ingress-nginx]# kubectl apply -f tcp-service.yamlconfigmap/tcp-service created
4、创建redis-ingress.yaml文件
---apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: redisannotations:kubernetes.io/ingress.class: nginxspec:rules:- host: redis.test.cnhttp:paths:- pathType: Prefixpath: /backend:service:name: redisport:number: 6379
5、创建ingress
kubectl apply -f redis-ingress.yaml[root@k8s-master001 ingress-nginx]# kubectl get ingNAME CLASS HOSTS ADDRESS PORTS AGEredis <none> redis.ieasou.cn 10.26.25.20 80 13m
6、验证
[root@k8s-master001 ingress-nginx]# telnet redis.test.cn 6379Trying 10.26.25.20...Connected to redis.test.cn.Escape character is '^]'.info$3622# Serverredis_version:6.0.8redis_git_sha1:00000000
更多用法,请移步
容器云平台No.8~kubernetes负载均衡之ingress-nginx的更多相关文章
- 容器云平台No.4~kubernetes 服务暴露之Ingress
这是容器云平台第四篇,接上一篇继续, 首先kubernetes服务暴露有如下几种方式: NodePort Loadbalance ClusterIP Ingress 本文紧贴第一篇架构图,只介绍Ing ...
- 容器云平台No.9~kubernetes日志收集系统EFK
EFK介绍 EFK,全称Elasticsearch Fluentd Kibana ,是kubernetes中比较常用的日志收集方案,也是官方比较推荐的方案. 通过EFK,可以把集群的所有日志收集到El ...
- 容器云平台No.7~kubernetes监控系统prometheus-operator
简介 prometheus-operator Prometheus:一个非常优秀的监控工具或者说是监控方案.它提供了数据搜集.存储.处理.可视化和告警一套完整的解决方案.作为kubernetes官方推 ...
- 容器云平台No.3~kubernetes使用
今天是是第三篇,接着上一篇继续 首先,通过kubectl可以看到,三个节点都正常运行 [root@k8s-master001 ~]# kubectl get no NAME STATUS ROLES ...
- Kubernetes容器云平台建设实践
[51CTO.com原创稿件]Kubernetes是Google开源的一个容器编排引擎,它支持自动化部署.大规模可伸缩.应用容器化管理.伴随着云原生技术的迅速崛起,如今Kubernetes 事实上已经 ...
- 026.[转] 基于Docker及Kubernetes技术构建容器云平台 (PaaS)
[编者的话] 目前很多的容器云平台通过Docker及Kubernetes等技术提供应用运行平台,从而实现运维自动化,快速部署应用.弹性伸缩和动态调整应用环境资源,提高研发运营效率. 本文简要介绍了与容 ...
- 容器云平台No.1~基于Docker及Kubernetes构建的容器云平台
开篇 最近整理笔记,不知不觉发现关于kubernetes相关的笔记已经达99篇了,索性一起总结了.算是对这两年做容器云平台的一个总结,本文是开篇,先介绍下所有用到的组件.首先来看下架构图(实在画的太丑 ...
- 容器云平台No.10~通过gogs+drone+kubernetes实现CI/CD
什么是CI/CD 持续集成(Continous Intergration,CI)是一种软件开发实践,即团队开发成员经常集成它们的工作,通常每个成员每天至少集成一次,也就意味着每天可能会发生多次集成.每 ...
- 【原创】基于Docker的CaaS容器云平台架构设计及市场分析
基于Docker的CaaS容器云平台架构设计及市场分析 ---转载请注明出处,多谢!--- 1 项目背景---概述: “在移动互联网时代,企业需要寻找新的软件交付流程和IT架构,从而实现架构平台化,交 ...
随机推荐
- 一张图带你玩转docker
- sge的简单的应用
1.sge提交脚本qsub 1.qsub work.sh work.sh 不能以数字开头 2.qsub work.sh 默认工作路径为/home/username 3.qsub -cwd work. ...
- 如何为指定python解释器安装pip
有时候我们通常会有很多python解释器,例如python2.python3.python(Anaconda). 参考链接:https://www.cnblogs.com/michaelcjl/p/1 ...
- First-Spike-Based Visual Categorization Using Reward-Modulated STDP
郑重声明:原文参见标题,如有侵权,请联系作者,将会撤销发布! Abstract 强化学习(RL)最近以击败欧洲围棋冠军等重大成就重新受到欢迎.在这里,我们第一次表明,RL可以有效地用于训练一个脉冲神经 ...
- SPSSAU数据分析思维培养系列2:分析方法
大家好!在上篇文章中,我们一起学习了如何掌握正确的数据处理思维(文章链接:https://www.cnblogs.com/spssau/p/12523530.html).在完成数据准备和清理工作后,就 ...
- .NetCore使用Redis,StackExchange.Redis队列,发布与订阅,分布式锁的简单使用
环境:之前一直是使用serverStack.Redis的客服端,今天来使用一下StackExchange.Redis(个人感觉更加的人性化一些,也是免费的,性能也不会差太多),版本为StackExch ...
- 3d相册展示
示例代码 <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta ...
- T4m
Unity T4M 中文讲解 http://blog.csdn.net/tianmao111/article/details/46482963
- mac android 真机调试
1.已经安装好Androidstudio或者eclipse 2.下载配置好Android Sdk等 3.将android手机通过USB数据线连接Mac,打开终端输入system_profiler SP ...
- 分布式事务和分布式hash
分布式事务是什么? 分布式事务就是保证各个微服务之间数据一致,本质上就是保证不同数据库的数据一致性.一致性状态包含 强一致性,任何时刻,所有节点中数据都是一样的 弱一致性,数据更新后,只能访问到部分节 ...