kubernetes系列09—Ingress控制器詳解
本文收錄在容器技術學習系列文章總目錄html
一、認識Ingress
1.1 什麼是Ingress?
一般狀況下,service和pod僅可在集羣內部網絡中經過IP地址訪問。全部到達邊界路由器的流量或被丟棄或被轉發到其餘地方。從概念上講,可能像下面這樣:前端
internet
|
------------
[ Services ]
Ingress是受權入站鏈接到達集羣服務的規則集合。node
internet
|
[ Ingress ]
--|-----|--
[ Services ]
你能夠給Ingress配置提供外部可訪問的URL、負載均衡、SSL、基於名稱的虛擬主機等。用戶經過POST Ingress資源到API server的方式來請求ingress。 Ingress controller負責實現Ingress,一般使用負載平衡器,它還能夠配置邊界路由和其餘前端,這有助於以HA方式處理流量。nginx
1.2 Ingress工做示意圖
1.3先決條件
在使用Ingress resource以前,有必要先了解下面幾件事情。Ingress是beta版本的resource,在kubernetes1.1以前尚未。你須要一個Ingress Controller來實現Ingress,單純的建立一個Ingress沒有任何意義。git
GCE/GKE會在master節點上部署一個ingress controller。你能夠在一個pod中部署任意個自定義的ingress controller。你必須正確地annotate每一個ingress,好比 運行多個ingress controller 和 關閉glbc.github
肯定你已經閱讀了Ingress controller的beta版本限制。在非GCE/GKE的環境中,你須要在pod中部署一個controller。vim
1.4 Ingress定義資源清單幾個字段
- apiVersion: v1 版本
- kind: Ingress 類型
- metadata 元數據
- spec 指望狀態
- backend: 默認後端,可以處理與任何規則不匹配的請求
- rules:用於配置Ingress的主機規則列表
- tls:目前Ingress僅支持單個TLS端口443
- status 當前狀態
二、部署一個Ingress
(1)在gitlab上下載yaml文件,並建立部署後端
gitlab ingress-nginx項目:https://github.com/kubernetes/ingress-nginxapi
ingress安裝指南:https://kubernetes.github.io/ingress-nginx/deploy/tomcat
由於須要拉取鏡像,因此須要等一段時間
---下載須要的yaml文件 [root@master ingress-nginx]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml ---查詢下載成功 [root@master ingress-nginx]# ls mandatory.yaml ---建立ingress [root@master ingress-nginx]# kubectl apply -f mandatory.yaml namespace/ingress-nginx created configmap/nginx-configuration created configmap/tcp-services created configmap/udp-services created serviceaccount/nginx-ingress-serviceaccount created clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created role.rbac.authorization.k8s.io/nginx-ingress-role created rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created deployment.apps/nginx-ingress-controller created
(2)若是是裸機,還須要安裝service
[root@master ingress-nginx]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml [root@master ingress-nginx]# kubectl apply -f service-nodeport.yaml service/ingress-nginx created
(3)驗證
---查詢生產的pod
[root@master ~]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-648c7bb65b-df9qz 1/1 Running 0 34m
---查詢生產的svc
[root@master ingress-nginx]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.109.244.123 <none> 80:30080/TCP,443:30443/TCP 21s
---查詢svc的詳細信息
[root@master ~]# kubectl describe svc ingress-nginx -n ingress-nginx
Name: ingress-nginx
Namespace: ingress-nginx
Labels: app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/part-of=ingress-nginx
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"ingress-nginx","app.kubernetes.io/part-of":"ingres...
Selector: app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/part-of=ingress-nginx
Type: NodePort
IP: 10.111.143.90
Port: http 80/TCP
TargetPort: 80/TCP
NodePort: http 30080/TCP
Endpoints: 10.244.1.104:80
Port: https 443/TCP
TargetPort: 443/TCP
NodePort: https 30443/TCP
Endpoints: 10.244.1.104:443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
三、建立Ingress,代理到後端nginx服務
3.1 準備後端pod和service
(1)編寫yaml文件,並建立
建立3個nginx服務的pod,並建立一個service綁定
[root@master ingress]# vim deploy-damo.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp
release: canary
ports:
- name: http
targetPort: 80
port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: http
containerPort: 80
[root@master ingress]# kubectl apply -f deploy-damo.yaml
service/myapp created
deployment.apps/myapp-deploy created
(2)查詢驗證
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 146d
myapp ClusterIP 10.103.137.126 <none> 80/TCP 6s
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myapp-deploy-67f6f6b4dc-2vzjn 1/1 Running 0 14s
myapp-deploy-67f6f6b4dc-c7f76 1/1 Running 0 14s
myapp-deploy-67f6f6b4dc-x79hc 1/1 Running 0 14s
[root@master ~]# kubectl describe svc myapp
Name: myapp
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myapp","namespace":"default"},"spec":{"ports":[{"name":"http","port":80,"targe...
Selector: app=myapp,release=canary
Type: ClusterIP
IP: 10.103.137.126
Port: http 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.102:80,10.244.1.103:80,10.244.2.109:80
Session Affinity: None
Events: <none>
3.2 建立ingress,綁定後端nginx服務
(1)編寫yaml文件,並建立
[root@master ingress]# vim ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
spec:
rules:
- host: myapp.along.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80
[root@master ingress]# kubectl apply -f ingress-myapp.yaml
ingress.extensions/ingress-myapp created
(2)查詢驗證
[root@master ~]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
ingress-myapp myapp.along.com 80 140d
[root@master ~]# kubectl describe ingress ingress-myapp
Name: ingress-myapp
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
myapp.along.com
myapp:80 (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"ingress-myapp","namespace":"default"},"spec":{"rules":[{"host":"myapp.along.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":null}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 37s nginx-ingress-controller Ingress default/ingress-myapp
(3)在集羣外,查詢服務驗證
① 能夠先修改一下主機的hosts,由於不是公網域名
192.168.130.103 myapp.along.com
② 訪問業務成功
四、建立Ingress,代理到後端tomcat服務
4.1 準備後端pod和service
(1)編寫yaml文件,並建立
建立3個tomcat服務的pod,並建立一個service綁定
[root@master ingress]# vim tomcat-deploy.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
targetPort: 8080
port: 8080
- name: ajp
targetPort: 8009
port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: tomcat:8.5.37-jre8-alpine
ports:
- name: http
containerPort: 8080
- name: ajp
containerPort: 8009
[root@master ingress]# kubectl apply -f tomcat-deploy.yaml
service/tomcat created
deployment.apps/tomcat-deploy created
(2)查詢驗證
[root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE tomcat-deploy-97d6458c5-hrmrw 1/1 Running 0 1m tomcat-deploy-97d6458c5-ngxxx 1/1 Running 0 1m tomcat-deploy-97d6458c5-xchgn 1/1 Running 0 1m [root@master ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 146d tomcat ClusterIP 10.98.193.252 <none> 8080/TCP,8009/TCP 1m
4.2 建立ingress,綁定後端tomcat服務
(1)編寫yaml文件,並建立
[root@master ingress]# vim ingress-tomcat.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
spec:
rules:
- host: tomcat.along.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
[root@master ingress]# kubectl apply -f ingress-tomcat.yaml
ingress.extensions/ingress-tomcat created
(2)查詢驗證
[root@master ~]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
ingress-myapp myapp.along.com 80 17m
ingress-tomcat tomcat.along.com 80 6s
[root@master ~]# kubectl describe ingress ingress-tomcat
Name: ingress-tomcat
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
tomcat.along.com
tomcat:8080 (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"ingress-tomcat","namespace":"default"},"spec":{"rules":[{"host":"tomcat.along.com","http":{"paths":[{"backend":{"serviceName":"tomcat","servicePort":8080},"path":null}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 17s nginx-ingress-controller Ingress default/ingress-tomcat
(3)在集羣外,查詢服務驗證
① 能夠先修改一下主機的hosts,由於不是公網域名
192.168.130.103 tomcat.along.com
② 訪問業務成功
4.3 使用https協議訪問服務
4.3.1 建立證書、私鑰和secret
(1)建立私鑰
[root@master ingress]# openssl genrsa -out tls.key 2048 Generating RSA private key, 2048 bit long modulus .............................................+++ ...............+++ e is 65537 (0x10001) [root@master ingress]# ls *key tls.key
(2)建立證書
[root@master ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.along.com [root@master ingress]# ls tls.* tls.crt tls.key
(3)建立secret
[root@master ingress]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key secret/tomcat-ingress-secret created [root@master ingress]# kubectl get secret NAME TYPE DATA AGE tomcat-ingress-secret kubernetes.io/tls 2 8s [root@master ingress]# kubectl describe secret tomcat-ingress-secret Name: tomcat-ingress-secret Namespace: default Labels: <none> Annotations: <none> Type: kubernetes.io/tls Data ==== tls.key: 1675 bytes tls.crt: 1294 bytes
4.3.2 從新建立ingress,使用https協議綁定後端tomcat服務
(1)編寫yaml文件,並建立
[root@master ingress]# vim ingress-tomcat-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
spec:
tls:
- hosts:
- tomcat.along.com
secretName: tomcat-ingress-secret
rules:
- host: tomcat.along.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
(2)查詢驗證
[root@master ~]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
ingress-myapp myapp.along.com 80 34m
ingress-tomcat tomcat.along.com 80 16m
ingress-tomcat-tls tomcat.along.com 80, 443 8s
[root@master ~]# kubectl describe ingress ingress-tomcat-tls
Name: ingress-tomcat-tls
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
TLS:
tomcat-ingress-secret terminates tomcat.along.com
Rules:
Host Path Backends
---- ---- --------
tomcat.along.com
tomcat:8080 (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"ingress-tomcat-tls","namespace":"default"},"spec":{"rules":[{"host":"tomcat.along.com","http":{"paths":[{"backend":{"serviceName":"tomcat","servicePort":8080},"path":null}]}}],"tls":[{"hosts":["tomcat.along.com"],"secretName":"tomcat-ingress-secret"}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 14s nginx-ingress-controller Ingress default/ingress-tomcat-tls
(3)在集羣外,查詢服務驗證
使用https協議,訪問業務成功
相關文章
- 1. kubernetes系列09—Ingress控制器詳解
- 2. kubernetes系列07—Pod控制器詳解
- 3. kubernetes系列之《Ingress》
- 4. k8s Ingress和ingress控制器
- 5. Kubernetes Ingress 與 AWS ALB Ingress 控制器的配合使用
- 6. Kubernetes-Ingress資源詳解
- 7. kubernetes Traefik ingress配置詳解
- 8. K8S Ingress控制器兩個實現版本(kubernetes-ingress 和 ingress-nginx)的區別
- 9. Jmeter系列(50)- 詳解 If 控制器
- 10. Jmeter系列(37)- 詳解 ForEach控制器
- 更多相關文章...
- • Spring體系結構詳解 - Spring教程
- • ASP.NET MVC - 控制器 - ASP.NET 教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. kubernetes系列09—Ingress控制器詳解
- 2. kubernetes系列07—Pod控制器詳解
- 3. kubernetes系列之《Ingress》
- 4. k8s Ingress和ingress控制器
- 5. Kubernetes Ingress 與 AWS ALB Ingress 控制器的配合使用
- 6. Kubernetes-Ingress資源詳解
- 7. kubernetes Traefik ingress配置詳解
- 8. K8S Ingress控制器兩個實現版本(kubernetes-ingress 和 ingress-nginx)的區別
- 9. Jmeter系列(50)- 詳解 If 控制器
- 10. Jmeter系列(37)- 詳解 ForEach控制器