k8s之ingress及ingress controller
1.ingress概述html
圖解:第一個service起到的做用是:引入外部流量,也能夠不用此方式,以DaemonSet控制器的方式讓Pod共享節點網絡,第二個service的做用是:對後端pod分組,不被調度時使用,若是後端pod發生變更,則ingress就會將變更信息注入到,ingress controller管理的7層負載nginx的配置文件中.node
2.部署nginx
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
kubectl apply -f mandatory.yaml
# 以前還有個default-http-backend,如今只運行一個pod
kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-689498bc7c-sm972 1/1 Running 0 45s
# nginx-ingress-controller部署在node1上,一個deployment控制器,一個replicaset,一個pod.
# 接下來還須要部署一個service-nodeport服務,才能實現把集羣外部流量接入到集羣中來.
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
# 爲了避免讓service nodeport自動分配端口,須要手動指定nodeport
cat service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
kubectl apply -f service-nodeport.yaml
kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.102.228.59 <none> 80:30080/TCP,443:30443/TCP 31s
3.定義後端分組service:myapp-svcgit
cat myapp-svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: "None"
ports:
- port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
# 建立pod時,用nodeSelector可實現精準分佈
kubectl apply -f myapp-svc-headless.yaml
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13d
myapp-svc ClusterIP None <none> 80/TCP 29m
# 經過Ingress把myapp-svc發佈出去
cat ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.lixiang.com
http:
paths:
- path:
backend:
serviceName: myapp-svc
servicePort: 80
namespace要和deployment和要發佈的service處於同一個名稱空間
annotations:說明咱們要用到的ingress-controller是nginx,而不是Traefik、Envoy
host:表示訪問這個域名,就會轉發到後端myapp-deploy管理的pod上
kubectl apply -f ingress-myapp.yaml
kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
ingress-myapp myapp.lixiang.com 80 5m34s
# 進入交互式命令行
kubectl exec -n ingress-nginx -it nginx-ingress-controller-689498bc7c-sm972 -- /bin/sh
$ cat nginx.conf
## start server myapp.lixiang.com
server {
server_name myapp.lixiang.com ;
listen 80;
location / {
set $namespace "default";
set $ingress_name "ingress-myapp";
set $service_name "myapp-svc";
set $service_port "80";
set $location_path "/";
# ingress一經建立,就將信息注入到nginx-ingress-controller這個pod中,
# 我的感受ingress像一個監視者、搬運工,nginx-ingress-controller起到反向代理的做用
# 添加一條hosts解析
curl myapp.lixiang.com:30080
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
4.使用https訪問github
# 自簽證書
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/O=DevOps/CN=myapp.lixiang.com
# 經過secret把證書注入到pod中
kubectl create secret tls myapp-infress-secret --cert=tls.crt --key=tls.key
cat ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- myapp.lixiang.com
secretName: myapp-infress-secret
rules:
- host: myapp.lixiang.com
http:
paths:
- path: /
backend:
serviceName: myapp-svc
servicePort: 80
# 進入容器查看配置文件
cat nginx.conf
server {
server_name myapp.lixiang.com ;
listen 80;
listen 443 ssl http2;
curl -k https://myapp.lixiang.com:30443
參考博客:http://blog.itpub.net/28916011/viewspace-2214747/後端
相關文章
- 1. kubernetes之ingress及ingress controller
- 2. 淺談 k8s ingress controller 選型
- 3. k8s ingress
- 4. k8s Ingress和ingress控制器
- 5. ingress-controller
- 6. 見異思遷:K8s 部署 Nginx Ingress Controller 之 kubernetes/ingress-nginx
- 7. Kubernetes 學習11 kubernetes ingress及ingress controller
- 8. Kubernetes 部署 Nginx Ingress Controller 之 nginxinc/kubernetes-ingress
- 9. Kubernetes之服務發現ingress & ingress controller
- 10. k8s-ingress安裝
- 更多相關文章...
- • MySQL的版本以及版本號 - MySQL教程
- • 數據庫涉及到哪些技術? - MySQL教程
- • Flink 數據傳輸及反壓詳解
- • 互聯網組織的未來:剖析GitHub員工的任性之源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 跳槽面試的幾個實用小技巧,不妨看看!
- 2. Mac實用技巧 |如何使用Mac系統中自帶的預覽工具將圖片變成黑白色?
- 3. Mac實用技巧 |如何使用Mac系統中自帶的預覽工具將圖片變成黑白色?
- 4. 如何使用Mac系統中自帶的預覽工具將圖片變成黑白色?
- 5. Mac OS非兼容Windows軟件運行解決方案——「以VMware & Microsoft Access爲例「
- 6. 封裝 pyinstaller -F -i b.ico excel.py
- 7. 數據庫作業三ER圖待完善
- 8. nvm安裝使用低版本node.js(非命令安裝)
- 9. 如何快速轉換圖片格式
- 10. 將表格內容分條轉換爲若干文檔
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. kubernetes之ingress及ingress controller
- 2. 淺談 k8s ingress controller 選型
- 3. k8s ingress
- 4. k8s Ingress和ingress控制器
- 5. ingress-controller
- 6. 見異思遷:K8s 部署 Nginx Ingress Controller 之 kubernetes/ingress-nginx
- 7. Kubernetes 學習11 kubernetes ingress及ingress controller
- 8. Kubernetes 部署 Nginx Ingress Controller 之 nginxinc/kubernetes-ingress
- 9. Kubernetes之服務發現ingress & ingress controller
- 10. k8s-ingress安裝