热门标签
当前位置: article > 正文
Ingress原理及配置_ingresses
作者:算法研究专家 | 2024-01-17 09:20:26
赞
踩
ingresses
Ingress:
1)创建一个web服务,用deployment资源, 用httpd镜像,然后创建一个service资源与之关联。
[root@master ingress]# vim deploy_1.yaml apiVersion: v1 kind: Namespace metadata: name: bdqn-ns labels: name: bdqn-ns --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: httpd-de namespace: bdqn-ns spec: replicas: 2 template: metadata: labels: app: bdqn-ns spec: containers: - name: httpd image: httpd --- apiVersion: v1 kind: Service metadata: name: httpd-svc namespace: bdqn-ns spec: type: NodePort selector: app: bdqn-ns ports: - name: http-port port: 80 targetPort: 80 nodePort: 31033 [root@master ingress]# kubectl apply -f deploy_1.yaml
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
查看一下:
[root@master ingress]# kubectl get svc -n bdqn-ns
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd-svc NodePort 10.111.146.139 <none> 80:31033/TCP 23m
- 1
- 2
- 3
- 4
[root@master ingress]# kubectl get pod -n bdqn-ns
NAME READY STATUS RESTARTS AGE
httpd-deploy-966699d76-8j54b 1/1 Running 0 23m
httpd-deploy-966699d76-kqb5k 1/1 Running 0 23m
- 1
- 2
- 3
- 4
[root@master ingress]# kubectl get ns
NAME STATUS AGE
bdqn-ns Active 27m
- 1
- 2
- 3
浏览器访问:http://192.168.2.10:31033/
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EQgLdk4V-1582969468499)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222160344695.png)]](https://img-blog.csdnimg.cn/20200229174522793.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2FfZ3VhaV8=,size_16,color_FFFFFF,t_70)
2)创建一个web服务,用deployment资源,用tomcat镜像,然后创建一个service资源与之关联。
镜像用: tomcat:8.5.45
[root@master ingress]# vim deploy_2.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: tomcat-deploy namespace: bdqn-ns spec: replicas: 2 template: metadata: labels: app: bdqn-tomcat spec: containers: - name: tomcat image: tomcat:8.5.45 --- apiVersion: v1 kind: Service metadata: name: tomcat-svc namespace: bdqn-ns spec: type: NodePort selector: app: bdqn-tomcat ports: - name: tomcat-port port: 8080 targetPort: 8080 nodePort: 32033 [root@master ingress]# kubectl apply -f deploy_2.yaml
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
查看一下:
[root@master ingress]# kubectl get svc -n bdqn-ns
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd-svc NodePort 10.111.146.139 <none> 80:31033/TCP 36m
tomcat-svc NodePort 10.102.30.132 <none> 8080:32033/TCP 88s
- 1
- 2
- 3
- 4
[root@master ingress]# kubectl get pod -n bdqn-ns
NAME READY STATUS RESTARTS AGE
httpd-deploy-966699d76-8j54b 1/1 Running 0 37m
httpd-deploy-966699d76-kqb5k 1/1 Running 0 37m
tomcat-deploy-d4996b787-tkcf9 1/1 Running 0 112s
tomcat-deploy-d4996b787-x9grr 1/1 Running 0 112s
- 1
- 2
- 3
- 4
- 5
- 6
浏览器访问:http://192.168.2.10:32033/
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-WKeFQIor-1582969468500)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222161557696.png)]](https://img-blog.csdnimg.cn/20200229174546842.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2FfZ3VhaV8=,size_16,color_FFFFFF,t_70)
在k8s集群前边部署一个反向代理服务器,这个服务器代理k8s集群内部的service资源
Ingress:
Ingress controller: 将新加入的Ingress转化为反向代理服务器的配置文件,并使之生效。(动态的感知k8s集群内Ingress资源的变话)
Ingress: 将反向代理服务器的配置抽象成一个Ingress对象,每添加一个新的服务,只需要写一个新的Ingress的yaml文件即可。
HA-proxy,Nginx.
Nginx:反向代理服务器。
需要解决的两个问题:
1.动态的配置服务。
2.减少不必要的端口暴露
基于nginx的ingress controller根据不同的开发公司,又分为两种:
1.k8s社区版:Ingress-nginx.
2.nginx公司自己开发的:nginx-ingress.
k8s社区版:Ingress-nginx
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3VYLYLtf-1582969468500)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162019188.png)]](https://img-blog.csdnimg.cn/20200229174600991.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2FfZ3VhaV8=,size_16,color_FFFFFF,t_70)
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iObxMTmh-1582969468501)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162049216.png)]](https://img-blog.csdnimg.cn/20200229174612830.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2FfZ3VhaV8=,size_16,color_FFFFFF,t_70)
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-LV1UKloa-1582969468501)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162109485.png)]](https://img-blog.csdnimg.cn/20200229174623793.png)
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-BVa6I98T-1582969468502)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222162345771.png)]](https://img-blog.csdnimg.cn/20200229174635455.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2FfZ3VhaV8=,size_16,color_FFFFFF,t_70)
[root@master ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.29.0/deploy/static/mandatory.yaml
- 1
[root@master ingress]# vim mandatory.yaml //213行添加
spec: //下面添加
hostNetwork: true
- 1
- 2
- 3
hostNetwork: true
在deployment资源中,如果添加了此字段,意味着Pod中运行的应用可以直接使用node节点的端口,这样node节点主机所在网络的其他主机,就可以通过访问该端口访问此应用。(类似于docker映射到宿主机的端口。)
[root@master ingress]# docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
- 1
[root@master ingress]# kubectl apply -f mandatory.yaml
- 1
查看一下:
[root@master ingress]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 14s
- 1
- 2
- 3
创建svc:
[root@master ingress]# vim mandatory-svc.yaml apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 443 selector: app: ingress-nginx [root@master ingress]# kubectl apply -f mandatory-svc.yaml
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
简单的理解:原先暴露的service,现在给定一个统一的访问入口。
[root@master ingress]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 4m40s
- 1
- 2
- 3
[root@master ingress]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-5954d475b6-72kz5 /bin/sh
- 1
/etc/nginx $ ls
fastcgi.conf mime.types scgi_params
fastcgi.conf.default mime.types.default scgi_params.default
fastcgi_params modsecurity template
fastcgi_params.default modules uwsgi_params
geoip nginx.conf uwsgi_params.default
koi-utf nginx.conf.default win-utf
koi-win opentracing.json
lua owasp-modsecurity-crs
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
创建Ingress资源
[root@master ingress]# vim ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: bdqn-ingress namespace: bdqn-ns annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: ingress.bdqn.com http: paths: - path: / backend: serviceName: httpd-svc servicePort: 80 - path: /tomcat backend: serviceName: tomcat-svc servicePort: 8080 [root@master ingress]# kubectl apply -f ingress.yaml
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
查看一下:
[root@master ingress]# kubectl get ingresses. -n bdqn-ns
NAME HOSTS ADDRESS PORTS AGE
bdqn-ingress ingress.bdqn.com 10.97.160.233 80 52s
[root@master ingress]# kubectl describe -n bdqn-ns ingresses. bdqn-ingress
//出现这个就显示成功了
Rules:
Host Path Backends
---- ---- --------
ingress.bdqn.com
/ httpd-svc:80 (10.244.1.12:80,10.244.2.15:80)
/tomcat tomcat-svc:8080 (10.244.1.13:8080,10.244.2.16:8080)
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
[root@master ingress]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 12m
- 1
- 2
- 3
[root@master ingress]# kubectl exec -it -n ingress-nginx nginx-ingress-controller-5954d475b6-72kz5 sh
/etc/nginx $ cat nginx.conf
location ~* "^/" {
set $namespace "bdqn-ns";
set $ingress_name "bdqn-ingress";
set $service_name "httpd-svc";
set $service_port "80";
set $location_path "/";
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
查看pod所在node节点:
[root@master ingress]# kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-5954d475b6-72kz5 1/1 Running 0 16m 192.168.2.30 node02 <none> <none>
- 1
- 2
- 3
去windows主机内hosts添加域名解析:
将192.168.2.30 ingress.bdqn.com添加到C:\Windows\System32\drivers\etc\hosts
浏览器访问http://ingress.bdqn.com/
http://ingress.bdqn.com/tomcat
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-8dDjWoE3-1582969468502)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222171318692.png)]](https://img-blog.csdnimg.cn/20200229174720714.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2FfZ3VhaV8=,size_16,color_FFFFFF,t_70)
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-0BhmvKhr-1582969468503)(C:\Users\zrz19\AppData\Roaming\Typora\typora-user-images\image-20200222171407564.png)]](https://img-blog.csdnimg.cn/20200229174730677.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2FfZ3VhaV8=,size_16,color_FFFFFF,t_70)
[root@master ingress]# kubectl apply -f service-nodeport.yaml
service/ingress-nginx configured
- 1
- 2
Service-NodePort:因为ingress-nginx-controller运行在了集群内的其中一个节点,为了保证即使这个
节点宕机,我们对应的域名任然能够正常访问服务,所以我们将ingress-nginx-controller也暴露为一个
图片转存中…(img-8dDjWoE3-1582969468502)]
[外链图片转存中…(img-0BhmvKhr-1582969468503)]
[root@master ingress]# kubectl apply -f service-nodeport.yaml
service/ingress-nginx configured
- 1
- 2
Service-NodePort:因为ingress-nginx-controller运行在了集群内的其中一个节点,为了保证即使这个
节点宕机,我们对应的域名任然能够正常访问服务,所以我们将ingress-nginx-controller也暴露为一个
service资源。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/article/detail/40826
推荐阅读
相关标签
