Kubernetes - 配置Nginx-Ingress 做爲服務發現

時間 2019-11-18

標籤 kubernetes 配置 nginx ingress 做爲服務發現欄目 Nginx 简体版

原文原文鏈接

添加 Kubernetes ConfigMap配置來自定義端口與服務的映射關係
- 配置文件，有二個在默認空間下web服務和api服務分別映射到自定義端口 9001， 9002
```
1 apiVersion: v1
2 kind: ConfigMap
3 metadata:
4   name: mysite-configmap
5 data:
6   9000: "default/web:8080"
7   9001: "default/api:8080"
```
- 在kubernetes Master服務器應用 ConfigMap 配置
```
kubectl apply -f mysite-configmap.yml
```

配置 Default Backend

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: default-http-backend
spec:
  revisionHistoryLimit: 10
  replicas: 1
  template:
    metadata:
      labels:
        app: default-http-backend
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: default-http-backend
        # Any image is permissable as long as:
        # 1. It serves a 404 page at /
        # 2. It serves 200 on a /healthz endpoint
        image: defaultbackend:1.0
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        ports:
        - containerPort: 8080
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
          requests:
            cpu: 10m
            memory: 20Mi

kubectl apply -f default-backend-deployment.yml

---

apiVersion: v1
kind: Service
metadata:
  name: default-http-backend
  labels:
    app: default-http-backend
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: default-http-backend

kubectl apply -f default-backend-service.yml

配置Ingress

配置 Ingress Deployment, 暴露自定義的端口, 並指定 tcp-services-configmap 來導入咱們在上一步配置的端口映射

配置文件,

 1 apiVersion: extensions/v1beta1
 2 kind: Deployment
 3 metadata:
 4   name: nginx-ingress-deployment
 5   labels:
 6     k8s-app: nginx-ingress-lb
 7 spec:
 8   revisionHistoryLimit: 10
 9   replicas: 1
10   template:
11     metadata:
12       labels:
13         k8s-app: nginx-ingress-lb
14         name: nginx-ingress-lb
15     spec:
16       terminationGracePeriodSeconds: 60
17       containers:
18       - image: nginx-ingress-controller:0.8.3
19         name: nginx-ingress-lb
20         imagePullPolicy: Always
21         readinessProbe:
22           httpGet:
23             path: /healthz
24             port: 10254
25             scheme: HTTP
26         livenessProbe:
27           httpGet:
28             path: /healthz
29             port: 10254
30             scheme: HTTP
31           initialDelaySeconds: 10
32           timeoutSeconds: 1
33         # use downward API
34         env:
35           - name: POD_NAME
36             valueFrom:
37               fieldRef:
38                 fieldPath: metadata.name
39           - name: POD_NAMESPACE
40             valueFrom:
41               fieldRef:
42                 fieldPath: metadata.namespace
43         ports:
44         - containerPort: 9000
45           protocol: TCP
46         - containerPort: 9001
47           protocol: TCP
48 
49         args:
50         - /nginx-ingress-controller
           - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
51         - --tcp-services-configmap=$(POD_NAMESPACE)/mysite-configmap

應用配置

kubectl apply -f nginx-ingress-deployment.yml

配置 Ingress Service, 配置自定義端口與ConfigMap的端口映射關係及服務名稱

配置文件

 1 ---
 2 
 3 apiVersion: v1
 4 kind: Service
 5 metadata:
 6   name: nginx-ingress-lb
 7   labels:
 8     k8s-app: nginx-ingress-lb
 9 spec:
10   type: NodePort
11   ports:
12   - port: 9000
13     protocol: TCP
14     targetPort: 9000
15     nodePort: 30005
16     name: web
17   - port: 9001
18     protocol: TCP
19     targetPort: 9001
20     nodePort: 30006
21     name: api
22 
23   selector:
24     k8s-app: nginx-ingress-lb

應用配置

kubectl apply -f nginx-ingress-service.yml

配置Nginx 反向代理

添加 Upstream 配置

 1 upstream web {  2  server my-server-1:3005 max_fails=1 fail_timeout=10s;  3  server my-server-2:3005 max_fails=1 fail_timeout=10s;  4 }  5 
 6 upstream api {  7  server my-server-1:3006 max_fails=1 fail_timeout=10s;  8  server my-server-2:3006 max_fails=1 fail_timeout=10s;  9 } 10 
11 server { 12  listen 80; 13  listen 443 ssl; 14   
15  ssl_certificate /etc/nginx/conf.d/cert/wildcard.mysite.pem; 16  ssl_certificate_key /etc/nginx/conf.d/cert/wildcard.mysite.key; 17  location / { 18  proxy_pass http://web; 19  proxy_set_header X-Forwarded-Host $host; 20  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 21  } 22 
23  location ~^/(api) { 24  proxy_pass http://api; 25  proxy_set_header X-Forwarded-Host $host; 26  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 27 
28  if ($http_origin ~* (^(https?://(?:.+\.)?mysite\.com)$)) { 29  set $cors "CORS"; 30  set $cors_method "${cors}_${request_method}"; 31  } 32 
33  if ($cors_method = "CORS_OPTIONS") { 34  add_header 'Access-Control-Allow-Origin' '$http_origin'; 35  add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; 36  # 37  # Custom headers and headers various browsers *should* be OK with but aren't 38  # 39  add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; 40  # 41  # Tell client that this pre-flight info is valid for 20 days 42  # 43  add_header 'Access-Control-Max-Age' 1728000; 44  add_header 'Content-Type' 'text/plain charset=UTF-8'; 45  add_header 'Content-Length' 0; 46  return 204; 47  } 48 
49  if ($cors = "CORS") { 50  add_header 'Access-Control-Allow-Origin' '$http_origin'; 51  add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; 52  add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; 53  } 54  } 55 }