kubernetes-ingress(十)
ingress
https://kubernetes.io/docs/concepts/services-networking/ingress/
pod与ingress的关系
•通过label-selector相关联 •通过Ingress Controller实现Pod的负载均衡 -支持TCP/UDP 4层和HTTP 7层
Ingress 组成?
ingress controller:将新加入的Ingress转化成Nginx的配置文件并使之生效 ingress服务:将Nginx的配置抽象成一个Ingress对象,每添加一个新的服务只需写一个新的Ingress的yaml文件即可
Ingress 工作原理?
ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化, 然后读取它,按照自定义的规则,规则就是写明了哪个域名对应哪个service,生成一段nginx配置, 再写到nginx-ingress-control的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器会把生成的nginx配置写入/etc/nginx.conf文件中, 然后reload一下使配置生效。 以此达到域名分配置和动态更新的问题。
ingress部署文档
https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md
下载yaml文件,修改使用宿主机网络 hostNetwork: true
[root@k8s-master1 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
[root@k8s-master1 ingress]# kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.extensions/nginx-ingress-controller created
查看ingress部署的node节点,使用宿主机网络会在node监听80和443端口
[root@k8s-master1 ingress]# kubectl get ns
NAME STATUS AGE
default Active 6d20h
ingress-nginx Active 27m
kube-public Active 6d20h
kube-system Active 6d20h
[root@k8s-master1 ingress]# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-5c98c674b8-l9ft2 1/1 Running 0 28m 192.168.0.125 192.168.0.125 <none> <none>
准备后端服务
[root@k8s-master1 ingress]# cat deploy-demo.yaml
#创建service为myapp
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp
release: canary
ports:
- name: http
targetPort: 80
port: 80
---
#创建后端服务的deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-backend-pod
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: http
containerPort: 80
[root@k8s-master1 ingress]# kubectl apply -f deploy-demo.yaml
service/myapp created
deployment.apps/myapp-backend-pod created
[root@k8s-master1 ingress]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/myapp-backend-pod-6b56d98b6b-27vvs 1/1 Running 0 12s
pod/myapp-backend-pod-6b56d98b6b-6rq8w 1/1 Running 0 12s
pod/myapp-backend-pod-6b56d98b6b-ndbm6 1/1 Running 0 12s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 6d21h
service/myapp ClusterIP 10.0.0.79 <none> 80/TCP 12s
[root@k8s-node01 ~]# curl 10.0.0.79
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
配置ingress规则
[root@k8s-master1 ingress]# vim ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: simple-fanout-example
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: myapp
servicePort: 80
[root@k8s-master1 ingress]# kubectl apply -f ingress-myapp.yaml
ingress.extensions/simple-fanout-example created
[root@k8s-master1 ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
simple-fanout-example foo.bar.com 80 10s
设置域名解析到ip,即可访问域名
[root@k8s-master1 ingress]# curl foo.bar.com
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
查看详细信息
[root@k8s-master1 ingress]# kubectl describe ingress simple-fanout-example
Name: simple-fanout-example
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
foo.bar.com
/ myapp:80 (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"simple-fanout-example","namespace":"default"},"spec":{"rules":[{"host":"foo.bar.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":"/"}]}}]}}
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 3m58s nginx-ingress-controller Ingress default/simple-fanout-example
进入nginx-ingress-controller进行查看是否注入了nginx的配置
[root@k8s-master1 ingress]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-5c98c674b8-l9ft2 1/1 Running 0 67m
[root@k8s-master1 ingress]# kubectl exec -n ingress-nginx -it nginx-ingress-controller-5c98c674b8-l9ft2 bash
www-data@k8s-node01:/etc/nginx$ cat nginx.conf
........
## start server foo.bar.com
server {
server_name foo.bar.com ;
listen 80;
listen [::]:80;
set $proxy_upstream_name "-";
location / {
set $namespace "default";
set $ingress_name "simple-fanout-example";
set $service_name "myapp";
set $service_port "80";
set $location_path "/";
rewrite_by_lua_block {
balancer.rewrite()
}
access_by_lua_block {
}
header_filter_by_lua_block {
}
构建TLS站点
准备证书
[root@k8s-master1 ingress]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
..................................................................................+++
........................+++
e is 65537 (0x10001)
[root@k8s-master1 ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=sslexample.foo.com
创建secret
[root@k8s-master1 ingress]# kubectl create secret tls sslexample-foo-com --cert=tls.crt --key=tls.key
secret/sslexample-foo-com created
[root@k8s-master1 ingress]# kubectl get secret
NAME TYPE DATA AGE
default-token-7vs6s kubernetes.io/service-account-token 3 6d22h
registry-pull-secret kubernetes.io/dockerconfigjson 1 5d1h
sslexample-foo-com kubernetes.io/tls 2 28s
创建ingress
[root@k8s-master1 ingress]# vim ingress-https.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tls-example-ingress
spec:
tls:
- hosts:
- sslexample.foo.com
secretName: sslexample-foo-com
rules:
- host: sslexample.foo.com
http:
paths:
- path: /
backend:
serviceName: myapp
servicePort: 80
[root@k8s-master1 ingress]# kubectl apply -f ingress-https.yaml
ingress.extensions/tls-example-ingress created
[root@k8s-master1 ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
simple-fanout-example foo.bar.com 80 59m
tls-example-ingress sslexample.foo.com 80, 443 29s
[root@k8s-master1 ingress]# kubectl describe ingress tls-example-ingress
Name: tls-example-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
TLS:
sslexample-foo-com terminates sslexample.foo.com
Rules:
Host Path Backends
---- ---- --------
sslexample.foo.com
/ myapp:80 (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"tls-example-ingress","namespace":"default"},"spec":{"rules":[{"host":"sslexample.foo.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["sslexample.foo.com"],"secretName":"sslexample-foo-com"}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 72s nginx-ingress-controller Ingress default/tls-example-ingress
访问测试
- Java案例-数组求余问题
- GO语言实现的端口扫描器分享
- Java案例-数组随机数
- Go语言图片处理和生成缩略图的方法
- Python3 怎么将Unicode转中文,以及GBK乱码ÖйúÉÙÊýÃñ×åÌØÉ«´åÕ¯
- 数据结构和算法——旋转打印链表
- C/C++——set的基本操作总结
- PHP基础——字符串的常用操作
- NLP之tfidf与textrank算法细节对比基于结巴分词
- 【Go 语言社区】算法课程 第一季 第4节-汉诺塔
- C/C++——map的基本操作总结
- Python生成词云图,TIIDF方法文本挖掘: 词频统计,词云图
- C/C++——vector的基本操作总结
- 数据库负载急剧提高的应急处理(二) (r9笔记第55天)
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- Mysql Sql 语句练习题 (50道)
- 【每日一具16】来了!扫描图片批量漂白修正软件
- 实现一个 webpack loader 和 webpack plugin
- 万字长文带你走进 JavaScript 的世界
- windows中常见后门持久化方法总结
- Python3爬虫实战【点触验证码】 — 模拟登陆bilibili
- BOM 是个什么玩意!
- Educational Codeforces Round 81 (Rated for Div. 2) B - Infinite Prefixes
- python-利用python写一个购物小程序
- Java技巧收录一 那些你相见恨晚的快捷键和代码注释模板
- Educational Codeforces Round 81 (Rated for Div. 2) C.Obtain The String
- 深入了解 webpack 模块加载原理
- Java中的数字类解析(包括格式化数字、大数运算等等)
- 数据挖掘领域十大经典算法之—K-邻近算法/kNN(超详细附代码)
- 洛谷 P1019 单词接龙