欢迎光临
我的个人博客网站

k8s之Service详解-Ingress使用


环境准备

搭建ingress环境

#创建文件夹 [root@master ~]# mkdir ingress-controller [root@master ~]# cd ingress-controller/ [root@master ingress-controller]#   #获取ingress-nginx,本次案例使用的是0.30版本(不挂代理可能无法访问,这里我把yaml文件内容复制上来,需要的可以自行复制粘贴) [root@master ingress-controller]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml [root@master ingress-controller]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml [root@master ingress-controller]# ls mandatory.yaml service-nodeport.yaml

mandatory.yaml

k8s之Service详解-Ingress使用k8s之Service详解-Ingress使用

apiVersion: v1 kind: Namespace metadata:   name: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx  ---  kind: ConfigMap apiVersion: v1 metadata:   name: nginx-configuration   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx  --- kind: ConfigMap apiVersion: v1 metadata:   name: tcp-services   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx  --- kind: ConfigMap apiVersion: v1 metadata:   name: udp-services   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx  --- apiVersion: v1 kind: ServiceAccount metadata:   name: nginx-ingress-serviceaccount   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx  --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata:   name: nginx-ingress-clusterrole   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx rules:   - apiGroups:       - ""     resources:       - configmaps       - endpoints       - nodes       - pods       - secrets     verbs:       - list       - watch   - apiGroups:       - ""     resources:       - nodes     verbs:       - get   - apiGroups:       - ""     resources:       - services     verbs:       - get       - list       - watch   - apiGroups:       - ""     resources:       - events     verbs:       - create       - patch   - apiGroups:       - "extensions"       - "networking.k8s.io"     resources:       - ingresses     verbs:       - get       - list       - watch   - apiGroups:       - "extensions"       - "networking.k8s.io"     resources:       - ingresses/status     verbs:       - update  --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata:   name: nginx-ingress-role   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx rules:   - apiGroups:       - ""     resources:       - configmaps       - pods       - secrets       - namespaces     verbs:       - get   - apiGroups:       - ""     resources:       - configmaps     resourceNames:       # Defaults to "<election-id>-<ingress-class>"       # Here: "<ingress-controller-leader>-<nginx>"       # This has to be adapted if you change either parameter       # when launching the nginx-ingress-controller.       - "ingress-controller-leader-nginx"     verbs:       - get       - update   - apiGroups:       - ""     resources:       - configmaps     verbs:       - create   - apiGroups:       - ""     resources:       - endpoints     verbs:       - get  --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata:   name: nginx-ingress-role-nisa-binding   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: nginx-ingress-role subjects:   - kind: ServiceAccount     name: nginx-ingress-serviceaccount     namespace: ingress-nginx  --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata:   name: nginx-ingress-clusterrole-nisa-binding   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: nginx-ingress-clusterrole subjects:   - kind: ServiceAccount     name: nginx-ingress-serviceaccount     namespace: ingress-nginx  ---  apiVersion: apps/v1 kind: Deployment metadata:   name: nginx-ingress-controller   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx spec:   replicas: 1   selector:     matchLabels:       app.kubernetes.io/name: ingress-nginx       app.kubernetes.io/part-of: ingress-nginx   template:     metadata:       labels:         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/part-of: ingress-nginx       annotations:         prometheus.io/port: "10254"         prometheus.io/scrape: "true"     spec:       # wait up to five minutes for the drain of connections       terminationGracePeriodSeconds: 300       serviceAccountName: nginx-ingress-serviceaccount       nodeSelector:         kubernetes.io/os: linux       containers:         - name: nginx-ingress-controller           image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0           args:             - /nginx-ingress-controller             - --configmap=$(POD_NAMESPACE)/nginx-configuration             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services             - --udp-services-configmap=$(POD_NAMESPACE)/udp-services             - --publish-service=$(POD_NAMESPACE)/ingress-nginx             - --annotations-prefix=nginx.ingress.kubernetes.io           securityContext:             allowPrivilegeEscalation: true             capabilities:               drop:                 - ALL               add:                 - NET_BIND_SERVICE             # www-data -> 101             runAsUser: 101           env:             - name: POD_NAME               valueFrom:                 fieldRef:                   fieldPath: metadata.name             - name: POD_NAMESPACE               valueFrom:                 fieldRef:                   fieldPath: metadata.namespace           ports:             - name: http               containerPort: 80               protocol: TCP             - name: https               containerPort: 443               protocol: TCP           livenessProbe:             failureThreshold: 3             httpGet:               path: /healthz               port: 10254               scheme: HTTP             initialDelaySeconds: 10             periodSeconds: 10             successThreshold: 1             timeoutSeconds: 10           readinessProbe:             failureThreshold: 3             httpGet:               path: /healthz               port: 10254               scheme: HTTP             periodSeconds: 10             successThreshold: 1             timeoutSeconds: 10           lifecycle:             preStop:               exec:                 command:                   - /wait-shutdown  ---  apiVersion: v1 kind: LimitRange metadata:   name: ingress-nginx   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx spec:   limits:   - min:       memory: 90Mi       cpu: 100m     type: Container

View Code

 service-nodeport.yaml

k8s之Service详解-Ingress使用k8s之Service详解-Ingress使用

apiVersion: v1 kind: Service metadata:   name: ingress-nginx   namespace: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx spec:   type: NodePort   ports:     - name: http       port: 80       targetPort: 80       protocol: TCP     - name: https       port: 443       targetPort: 443       protocol: TCP   selector:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx  ---

View Code

#创建ingress-nginx [root@master ingress-controller]# kubectl apply -f ./ namespace/ingress-nginx created configmap/nginx-configuration created configmap/tcp-services created configmap/udp-services created serviceaccount/nginx-ingress-serviceaccount created clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created role.rbac.authorization.k8s.io/nginx-ingress-role created rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created deployment.apps/nginx-ingress-controller created limitrange/ingress-nginx created service/ingress-nginx created  #查看ingress-nginx [root@master ingress-controller]# kubectl get pod -n ingress-nginx NAME                                        READY   STATUS    RESTARTS   AGE nginx-ingress-controller-7f74f657bd-kzvrq   1/1     Running   0          2m7s  #查看service [root@master ingress-controller]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx NodePort 10.106.160.9 <none> 80:32000/TCP,443:32421/TCP 5m48s

准备service和pod

为了方便后续的实验,创建下图所示的模型

k8s之Service详解-Ingress使用

 

创建tomcat-nginx.yaml

k8s之Service详解-Ingress使用k8s之Service详解-Ingress使用

apiVersion: apps/v1 kind: Deployment metadata:    name: nginx-deployment   namespace: dev spec:   replicas: 3   selector:     matchLabels:       app: nginx-pod   template:     metadata:       labels:         app: nginx-pod     spec:       containers:       - name: nginx         image: nginx:1.17.1         ports:          - containerPort: 80  ---  apiVersion: apps/v1 kind: Deployment metadata:    name: tomcat-deployment   namespace: dev spec:   replicas: 3   selector:     matchLabels:       app: tomcat-pod   template:     metadata:       labels:         app: tomcat-pod     spec:       containers:       - name: tomcat         image: tomcat:8.5-jre10-slim         ports:          - containerPort: 8080  ---  apiVersion: v1 kind: Service metadata:    name: nginx-service   namespace: dev spec:   selector:     app: nginx-pod   clusterIP: None   type: ClusterIP   ports:   - port: 80     targetPort: 80  ---  apiVersion: v1 kind: Service metadata:    name: tomcat-service   namespace: dev spec:   selector:     app: tomcat-pod   clusterIP: None   type: ClusterIP   ports:   - port: 8080     targetPort: 8080

View Code

使用配置文件

[root@master ingress-controller]# cd .. [root@master ~]# vim tomcat-nginx.yaml [root@master ~]# kubectl create -f tomcat-nginx.yaml  deployment.apps/nginx-deployment created deployment.apps/tomcat-deployment created service/nginx-service created service/tomcat-service created [root@master ~]# kubectl get svc -n dev NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE nginx-service    ClusterIP   None         <none>        80/TCP     20s tomcat-service   ClusterIP   None         <none>        8080/TCP   20s

Http代理

创建ingress-http.yaml

apiVersion: extensions/v1beta1 kind: Ingress metadata:   name: ingress-http   namespace: dev spec:   rules:   - host: nginx.test.com     http:       paths:       - path: /         backend:           serviceName: nginx-service           servicePort: 80   - host: tomcat.test.com     http:       paths:       - path: /         backend:           serviceName: tomcat-service           servicePort: 8080

使用配置文件

[root@master ~]# vim ingress-http.yaml  [root@master ~]# kubectl create -f ingress-http.yaml  ingress.extensions/ingress-http created  [root@master ~]# kubectl get ing ingress-http -n dev NAME           HOSTS                            ADDRESS   PORTS   AGE ingress-http   nginx.test.com,tomcat.test.com             80      13s  [root@master ~]# kubectl describe ing ingress-http -n dev Name:             ingress-http Namespace:        dev Address:          10.106.160.9 Default backend:  default-http-backend:80 (<none>) Rules:   Host             Path  Backends   ----             ----  --------   nginx.test.com                       /   nginx-service:80 (10.244.1.33:80,10.244.2.13:80,10.244.2.16:80)   tomcat.test.com                      /   tomcat-service:8080 (10.244.2.14:8080,10.244.2.17:8080,10.244.2.18:8080) Annotations:   kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"ingress-http","namespace":"dev"},"spec":{"rules":[{"host":"nginx.test.com","http":{"paths":[{"backend":{"serviceName":"nginx-service","servicePort":80},"path":"/"}]}},{"host":"tomcat.test.com","http":{"paths":[{"backend":{"serviceName":"tomcat-service","servicePort":8080},"path":"/"}]}}]}}  Events:   Type    Reason  Age                From                      Message   ----    ------  ----               ----                      -------   Normal  CREATE  18m                nginx-ingress-controller  Ingress dev/ingress-http   Normal  UPDATE  38s (x2 over 18m)  nginx-ingress-controller  Ingress dev/ingress-http

 

修改本机的hosts文件(位置:C:WindowsSystem32driversetc),添加如下内容

master虚拟机的IP地址    nginx.test.com masete虚拟机的IP地址    tomcat.test.com

查看ingress为service提供的端口号

[root@master ~]# kubectl get svc -n ingress-nginx NAME            TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE ingress-nginx   NodePort   10.106.160.9   <none>        80:32000/TCP,443:32421/TCP   95m

在浏览器中测试访问,发现能够访问通

nginx:

k8s之Service详解-Ingress使用

 

 tomcat:

k8s之Service详解-Ingress使用

 

Https代理

创建证书

[root@master ~]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=test.com" Generating a 2048 bit RSA private key ............................+++ ..............................+++ writing new private key to 'tls.key' -----

创建密钥

[root@master ~]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt secret/tls-secret created

创建ingress-https.yaml

apiVersion: extensions/v1beta1 kind: Ingress metadata:   name: ingress-https   namespace: dev spec:   tls:     - hosts:       - nginx.test.com       - tomcat.test.com       secretName: tls-secret  #指定密钥   rules:   - host: nginx.test.com     http:       paths:       - path: /         backend:           serviceName: nginx-service           servicePort: 80   - host: tomcat.test.com     http:       paths:       - path: /         backend:           serviceName: tomcat-service           servicePort: 8080

使用配置文件

[root@master ~]# vim ingress-https.yaml [root@master ~]# kubectl create -f ingress-https.yaml  ingress.extensions/ingress-https created  [root@master ~]# kubectl get ing ingress-https -n dev NAME            HOSTS                            ADDRESS        PORTS     AGE ingress-https   nginx.test.com,tomcat.test.com   10.106.160.9   80, 443   52s  [root@master ~]# kubectl describe ing ingress-https -n dev Name:             ingress-https Namespace:        dev Address:          10.106.160.9 Default backend:  default-http-backend:80 (<none>) TLS:   tls-secret terminates nginx.test.com,tomcat.test.com Rules:   Host             Path  Backends   ----             ----  --------   nginx.test.com                       /   nginx-service:80 (10.244.1.33:80,10.244.2.13:80,10.244.2.16:80)   tomcat.test.com                      /   tomcat-service:8080 (10.244.2.14:8080,10.244.2.17:8080,10.244.2.18:8080) Annotations: Events:   Type    Reason  Age   From                      Message   ----    ------  ----  ----                      -------   Normal  CREATE  79s   nginx-ingress-controller  Ingress dev/ingress-https   Normal  UPDATE  38s   nginx-ingress-controller  Ingress dev/ingress-https

获取端口,左边的是http使用的端口,右边是https使用的端口,因此要使用的端口是32421

[root@master ~]# kubectl get svc -n ingress-nginx NAME            TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE ingress-nginx   NodePort   10.106.160.9   <none>        80:32000/TCP,443:32421/TCP   129m

使用浏览器访问

nginx:

 k8s之Service详解-Ingress使用

tomcat:

k8s之Service详解-Ingress使用

 

赞(0) 打赏
未经允许不得转载:张拓的天空 » k8s之Service详解-Ingress使用
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

专业的IT技术经验分享 更专业 更方便

联系我们本站主机

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏