目錄
-
- 1、安裝Ingress-nginx(nodePort模式)
- 2、安裝Ingress-nginx(hostNetwork模式)
- 3、學習交流QQ群【883210148】
- 4、關注微信公衆号,免費擷取文檔及資源
我們的目的就是将入口統一,不在通過LoadBalance等方式将端口暴露出來,而是使用Ingress提供的反向代理、負載均衡功能作為我們的唯一入口。Ingress Controller有很多種,我們選擇最熟悉的Nginx來處理請求。Ingress-nginx安裝文檔,本文中主要選擇nodePort和hostNetwork兩種部署方式進行介紹。
-
-
nodePort部署模式中需要部署的ingress-controller容器較少,一個叢集可以部署幾個就可以了。
而hostNetwork模式需要在每個節點部署一個ingress-controller容器,是以總起來消耗資源較多。
- nodePort模式主要占用的是svc的nodePort端口。而hostNetwork則需要占用實體機的80和443端口。
-
通過nodePort通路時,nginx接收到的http請求中的source ip将會被轉換為接受該請求的node節點的ip,而非真正的client端ip。
而使用hostNetwork的方式,ingress-controller将會使用的是實體機的DNS域名解析(即實體機的/etc/resolv.conf)。而無法使用内部的比如coredns的域名解析。
1、安裝Ingress-nginx(nodePort模式)
下載下傳Nginx Controller配置檔案。
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.1/deploy/static/mandatory.yaml
#github位址
https://github.com/kubernetes/ingress-nginx/tree/nginx-0.26.1/deploy/static/mandatory.yaml 通過資源檔案部署
[root@yn101-22 ingress]# kubectl apply -f mandatory.yaml
#輸出如下
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created 通過指令檢視ingress-nginx安裝情況
#NodePort方式對外提供服務
[root@yn101-22 ingress]# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-69969b98db-tjl84 1/1 Running 0 2m3s 10.244.1.2 yn101-31.host.com <none> <none> 通過ingress-controller對外提供服務,還需手動部署一個servcie,接收叢集外部流量。
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.1/deploy/static/provider/baremetal/service-nodeport.yaml
#github位址
https://github.com/kubernetes/ingress-nginx/blob/nginx-0.26.1/deploy/static/provider/baremetal/service-nodeport.yaml
#執行yaml
kubectl apply -f service-nodeport.yaml 2、安裝Ingress-nginx(hostNetwork模式)
下載下傳Nginx Controller配置檔案,本教程選擇的版本為v0.26.1,配置檔案中檢視所需的鏡像image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1,
國内下載下傳鏡像由于網絡的原因,提前拉取鏡像到本地。
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.1/deploy/static/mandatory.yaml
#github位址
https://github.com/kubernetes/ingress-nginx/tree/nginx-0.26.1/deploy/static/mandatory.yaml 修改配置檔案,找到如下位置(搜尋serviceAccountName)在下面增加hostNetwork:true
,目的是開啟主機網絡模式,暴露nginx服務端口80
通過資源檔案部署
[root@yn101-22 ingress]# kubectl apply -f mandatory.yaml
#輸出如下
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created 通過指令檢視ingress-nginx安裝情況
#NodePort方式對外提供服務
[root@yn101-22 ingress]# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-69969b98db-tjl84 1/1 Running 0 2m3s 10.244.1.2 yn101-31.host.com <none> <none>
#hostNetwork方式對外提供服務
[root@yn101-22 ingress]# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-6f7bc978b-tzzrj 1/1 Running 0 27m 192.168.101.32 yn101-32.host.com <none> <none> 安裝過程中READY狀态為0/1,或者STATUS狀态不是Running,可用如下指令檢視具體錯誤資訊,如果為鏡像拉取失敗,下載下傳鏡像包手動加載。
kubectl describe pod <myapp-pod> -n ingress-nginx ingress示例:在k8s裡面部署一個tomcat,在内網裡面不能通路,通過nginx反向代理到tomcat
通過tomcat.yaml資源配置檔案部署tomcat,模式更改為ClusterIP,表示隻在内網提供服務
apiVersion: apps/v1
kind: Deployment
#中繼資料
metadata:
name: tomcat-app
spec:
selector:
matchLabels:
app: tomcat
replicas: 2
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: tomcat:8.5.43
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-http
spec:
ports:
- port: 8080
targetPort: 8080
# ClusterIP NodePort LoadBalancer
type: ClusterIP
selector:
app: tomcat 檢視服務啟動,可以看到服務暴露模式為ClusterIP,對内服務的端口為8080,沒有對外暴露端口,是以在内網是通路不到的
[root@yn101-22 service]# kubectl apply -f tomcat.yml
deployment.apps/tomcat-app created
[root@yn101-22 service]# kubectl get pods
NAME READY STATUS RESTARTS AGE
tomcat-app-54ccd97f96-9d6x4 1/1 Running 0 2m5s
tomcat-app-54ccd97f96-kr5ds 1/1 Running 0 2m5s
[root@yn101-22 service]# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
tomcat-app 2/2 2 2 2m19s
[root@yn101-22 service]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d7h
tomcat-http ClusterIP 10.104.129.49 <none> 8080/TCP 3m4s 部署ingress-nginx,建立一個ingress.yaml的配置檔案
apiVersion: extensions/v1beta1 #networking.k8s.io/v1betal
kind: Ingress
metadata:
name: nginx-web
#namespace: default
annotations:
#指定ingress controller的類型
kubernetes.io/ingress.class: "nginx"
#指定我們的roles的path可以使用正規表達式
nginx.ingress.kubernetes.io/use-regex: "true"
#連接配接逾時時間,預設為5s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
#後端伺服器回轉資料逾時時間,預設60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
#用戶端上傳檔案最大大小,預設20m
nginx.ingress.kubernetes.io/proxy-body-timeout: "100m"
#URL重寫
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
#路由規則
rules:
#主機名,隻能是域名
- host: ingress.yn.com #生産中該域名應當可以被公網解析
http:
paths:
- path:
backend:
#背景部署的service name
serviceName: tomcat-http
#背景部署的service port
servicePort: 8080 部署ingress入口路由規則,通過ingress.yn.com域名進行通路tomcat
[root@yn101-22 ingress]# kubectl apply -f ingress.yml
ingress.extensions/nginx-web created
[root@yn101-22 ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
nginx-web ingress.yn.com 80 8s 是以,通過Ingress通路的邏輯為:Client Request -> Ingress-service(通過NodePort暴露端口) -> Ingress -> Service -> Deployment
![Java String.format方法的簡單使用[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)