ingress通过daemonSet,nodeSelector,hostNetwork方式部署
ingress通过daemonSet,nodeSelector,hostNetwork方式部署
首先我们需要在k8s集群中准备边缘节点,用来部署ingress(需要对边缘节点打污点或者使用亲和性/反亲和性),如果是私有化部署,需要对ingress做高可用,如果资源充足,还可以再做一次负载均衡,这里在本地测试的话,直接在其中一个node上启动一个就可以了
这个就是大概的流量流转图,首先经过DNS域名解析,然后到达LB,然后流量经过ingress做一次负载分发到service,最后再由service做一次负载分发到对应的pod中
安装ingress
给边缘节点打标签
给边缘节点打一个标签,用于在部署ingress时,可以将ingress通过nodeSelecor调度到该边缘节点上
1 |
# kubectl label nodes k8s-node01 isIngress=true |
---|
修改yaml文件
部署ingress的yaml文件可以在官网获取,我们只需要修改其中某及部分就可以了,不需要全都要修改
官方的yaml文件地址:https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/cloud/deploy.yaml
service部分
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# Source: ingress-nginx/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: labels: helm.sh/chart: ingress-nginx-2.11.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 0.34.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx spec: type: LoadBalancer externalTrafficPolicy: Local ports: - name: http port: 80 protocol: TCP targetPort: http - name: https port: 443 protocol: TCP targetPort: https selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller |
---|
把Deployment需改成DaemonSet
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# Source: ingress-nginx/templates/controller-deployment.yaml apiVersion: apps/v1 kind: DaemonSet metadata: labels: helm.sh/chart: ingress-nginx-2.11.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 0.34.1 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx spec: selector: matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller revisionHistoryLimit: 10 minReadySeconds: 0 template: metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller annotations: prometheus.io/port: "10254" prometheus.io/scrape: "true" spec: dnsPolicy: ClusterFirst containers: - name: controller #image: us.gcr.io/k8s-artifacts-prod/ingress-nginx/controller:v0.34.1@sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 image: alpha-harbor.yunshicloud.com/base/ingress-controller:v0.34.1 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - /wait-shutdown args: - /nginx-ingress-controller - --publish-service=ingress-nginx/ingress-nginx-controller - --election-id=ingress-controller-leader - --ingress-class=nginx - --configmap=ingress-nginx/ingress-nginx-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE runAsUser: 101 allowPrivilegeEscalation: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace livenessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP - name: webhook containerPort: 8443 protocol: TCP volumeMounts: - name: webhook-cert mountPath: /usr/local/certificates/ readOnly: true resources: requests: cpu: 100m memory: 90Mi serviceAccountName: ingress-nginx terminationGracePeriodSeconds: 300 nodeSelector: isIngress: "true" hostNetwork: true volumes: - name: webhook-cert secret: secretName: ingress-nginx-admission |
---|
修改完后,直接启动就可以了
1 |
kubectl apply -f ingress.yaml |
---|
验证
1 2 3 4 5 |
# kubectl get pod -n ingress-nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES ingress-nginx-admission-create-vgnzb 0/1 Completed 0 14m 172.17.135.146 k8s-node03 <none> <none> ingress-nginx-admission-patch-vp6bs 0/1 Completed 1 14m 172.17.58.223 k8s-node02 <none> <none> ingress-nginx-controller-hvgfv 1/1 Running 0 14m 192.168.0.225 k8s-node01 <none> <none> |
---|
可以看到,我们的ingress-controller已经部署到了指定的节点上了。
示例
以部署Jenkins为例,来看下如何使用ingress来对外提供服务
创建一个Jenkins
这里不再贴了
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# kubectl get all -n jenkins-system NAME READY STATUS RESTARTS AGE pod/jenkins-server-848b685bfd-2rmmc 1/1 Running 1 138m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/jenkins-server ClusterIP 10.99.112.45 <none> 8080/TCP,50000/TCP 5d NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/jenkins-server 1/1 1 1 5d NAME DESIRED CURRENT READY AGE replicaset.apps/jenkins-server-848b685bfd 1 1 1 5d |
---|
这里要记住service的名称:jenkins-server
,后面会用到
ingress路由示例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# cat jenkins-ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: jenkins-server namespace: jenkins-system annotations: kubernetes.io/ingress.class: "nginx" spec: rules: - host: jenkins.ysmty.com http: paths: - backend: serviceName: jenkins-server #指定service的名称 servicePort: 8080 path: / |
---|
启动即可kubectl apply -f jenkins-ingress.yaml
1 2 3 |
# kubectl get ingress -n jenkins-system NAME HOSTS ADDRESS PORTS AGE jenkins-server jenkins.ysmty.com 80 15m |
---|
- 由一条create语句的问题对比mysql和oracle中的date差别 (r7笔记第26天)
- Java设计模式-命令模式
- 关于执行计划中的%CPU的含义 (r7笔记第25天)
- Java设计模式-享元模式
- 简单易学的机器学习算法——线性可分支持向量机
- 基于gensim的Doc2Vec简析,以及用python 实现简要代码
- 关于db link权限分配的苦旅(一) (r7笔记第42天)
- Java设计模式-责任链模式
- Java设计模式-策略模式
- CPU 100%负载的性能优化分析(r7笔记第40天)
- Sklearn-train_test_split随机划分训练集和测试集
- 使用shell来定制dbms_sqltune(r7笔记第39天)
- 简单易学的机器学习算法——分类回归树CART
- Java设计模式-状态模式
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- 【Java】06 面向对象基本特征
- PAT (Basic Level) Practice (中文)1054 求平均值 (20 分)
- zookeeper集群的搭建
- 【Java】07 常见 API
- 【Java】04 数组
- hadoop分布式格式化时出现异常java.net.unknownhostexception
- 【Java】05 面向对象
- 【Java】08 集合
- PAT (Advanced Level) Practice 1001 A B Format (20 分)
- 【Java】09 List 集合与 Collections 工具类
- PAT (Advanced Level) Practice 1003 Emergency (25 分)
- 数据结构严书习题6.65已知前中序,求二叉链表
- 【Java】10 Deque 接口
- 12.深入k8s:kubelet创建pod流程源码分析
- (较为详细)树的遍历方式一览(附完整源码可在VScode与cb运行)