Ingress`其實就是從 kuberenets 集羣外部訪問集羣的一個入口,將外部的請求轉發到集羣內不一樣的 Service 上,其實就至關於 nginx、haproxy 等負載均衡代理服務器,Ingress controller 能夠理解爲一個監聽器,經過不斷地與 kube-apiserver 打交道,實時的感知後端 service、pod 的變化,當獲得這些變化信息後,Ingress controller 再結合 Ingress 的配置,更新反向代理負載均衡器,達到服務發現的做用.node
在Kubernetes 目前 提供瞭如下幾種方案:
NodePort
LoadBalancer
Ingressnginx
使用ingress-nginx,先建立pod服務,默認yaml文件git
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
vim mandatory.yamlgithub
apiVersion: v1 kind: Namespace metadata: name: ingress-nginx --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: default-http-backend labels: app.kubernetes.io/name: default-http-backend app.kubernetes.io/part-of: ingress-nginx namespace: ingress-nginx spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: default-http-backend app.kubernetes.io/part-of: ingress-nginx template: metadata: labels: app.kubernetes.io/name: default-http-backend app.kubernetes.io/part-of: ingress-nginx spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend # Any image is permissible as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint image: k8s.gcr.io/defaultbackend-amd64:1.5 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 8080 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi --- apiVersion: v1 kind: Service metadata: name: default-http-backend namespace: ingress-nginx labels: app.kubernetes.io/name: default-http-backend app.kubernetes.io/part-of: ingress-nginx spec: ports: - port: 80 targetPort: 8080 selector: app.kubernetes.io/name: default-http-backend app.kubernetes.io/part-of: ingress-nginx --- kind: ConfigMap apiVersion: v1 metadata: name: nginx-configuration namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- kind: ConfigMap apiVersion: v1 metadata: name: tcp-services namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- kind: ConfigMap apiVersion: v1 metadata: name: udp-services namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata: name: nginx-ingress-serviceaccount namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: nginx-ingress-clusterrole labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - "" resources: - services verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "extensions" resources: - ingresses/status verbs: - update --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: nginx-ingress-role namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx rules: - apiGroups: - "" resources: - configmaps - pods - secrets - namespaces verbs: - get - apiGroups: - "" resources: - configmaps resourceNames: # Defaults to "<election-id>-<ingress-class>" # Here: "<ingress-controller-leader>-<nginx>" # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - "ingress-controller-leader-nginx" verbs: - get - update - apiGroups: - "" resources: - configmaps verbs: - create - apiGroups: - "" resources: - endpoints verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: nginx-ingress-role-nisa-binding namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-ingress-role subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: nginx-ingress-clusterrole-nisa-binding labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-ingress-clusterrole subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-ingress-controller namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx template: metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: prometheus.io/port: "10254" prometheus.io/scrape: "true" spec: serviceAccountName: nginx-ingress-serviceaccount hostNetwork: true nodeSelector: app: ingress containers: - name: nginx-ingress-controller image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0 args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 - name: https containerPort: 443 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 ---
將ingress固定漂移到node02節點上vim
[root@master ingress-nginx]# kubectl get no NAME STATUS ROLES AGE VERSION master Ready master 9d v1.10.0 node02 Ready <none> 8d v1.10.0
給node02節點打上lable標籤,設置hostNetwork: true提升網絡訪問效率後端
kubectl label node node02 app=ingress
yaml文件配置好,lable標籤也打好開始建立ingressapi
kubectl apply -f mandatory.yaml
查看pod狀態tomcat
[root@master ingress-nginx]# kubectl get pod -n ingress-nginx NAME READY STATUS RESTARTS AGE default-http-backend-66c4fbf5b4-vkrzq 1/1 Running 4 21h nginx-ingress-controller-658cd45944-tqgvm 1/1 Running 1 21h
# default 若是外界訪問的域名不存在的話,則默認轉發到default-http-backend這個Service,其會直接返回404:
建立i一個ingress-demo測試一下,首先建立tomcat服務器
--- # deployment apiVersion: apps/v1 kind: Deployment metadata: name: tomcat-demo spec: selector: matchLabels: app: tomcat-demo replicas: 1 template: metadata: labels: app: tomcat-demo spec: containers: - name: tomcat-demo image: registry.cn-hangzhou.aliyuncs.com/liuyi01/tomcat:8.0.51-alpine ports: - containerPort: 8080 --- # service apiVersion: v1 kind: Service metadata: name: tomcat-demo spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: app: tomcat-demo --- #ingress apiVersion: extensions/v1beta1 kind: Ingress metadata: name: tomcat-demo spec: rules: - host: ingress1.com http: paths: - path: / backend: serviceName: tomcat-demo servicePort: 8080
在建立一個nginx服務測試網絡
# deployment apiVersion: apps/v1 kind: Deployment metadata: name: tomcat-demo spec: selector: matchLabels: app: tomcat-demo replicas: 1 template: metadata: labels: app: tomcat-demo spec: containers: - name: tomcat-demo image: registry.cn-hangzhou.aliyuncs.com/liuyi01/tomcat:8.0.51-alpine ports: - containerPort: 8080 --- # service apiVersion: v1 kind: Service metadata: name: tomcat-demo spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: app: tomcat-demo --- #ingress apiVersion: extensions/v1beta1 kind: Ingress metadata: name: tomcat-demo spec: rules: - host: ingress2.com http: paths: - path: / backend: serviceName: tomcat-demo servicePort: 8080
建立nginx和tomcat pod服務
[root@master nginx-ingress]# kubectl apply -f . # 查看pod狀況,服務都起來了 [root@master nginx-ingress]# kubectl get pod NAME READY STATUS RESTARTS AGE load-generator-7bbbb4fdd4-l5vmz 1/1 Running 9 8d myapp-deploy-6b9c9f847c-d6fsp 1/1 Running 0 2h mynginx-85f8f5d89c-mhhzc 1/1 Running 0 2h nginx-demo-6c5d64fd5f-xnscz 1/1 Running 0 1h testservice-796fbc64bb-bczbs 1/1 Running 8 7d tomcat-demo-686b48d96c-zxfpt 1/1 Running 0 2h
配置域名解析,當前測試環境咱們使用hosts文件進行解析
192.168.14.32 ingress1.com 192.168.14.32 ingress2.com
接下來經過不一樣域名去訪問,獲得不一樣服務