Ingress概述
kubernetes提供了Ingress资源对象,Ingress只需要一个NodePort或者一个LB就可以满足暴露多个Service的需求。
两个核心概念:
ingress:kubernetes中的一个对象,作用是定义请求如何转发到service的规则
ingress controller:具体实现反向代理及负载均衡的程序,对ingress定义的规则进行解析,根据配置的规则来实现请求转发,实现方式有Nginx, Contour, Haproxy等
Ingress以Nginx实现的工作流程:
1.编写Ingress规则,描述某个域名对应集群中的某个Service
2.Ingress控制器动态感知Ingress服务规则的变化,生成一段对应的Nginx反向代理配置
3.Ingress控制器将生成的Nginx配置写入到一个运行着的Nginx服务中,并动态更新
4.到此为止,其实真正在工作的就是一个Nginx了,内部配置了用户定义的请求转发规则
搭建ingress环境
注意: 镜像地址在国外,镜像将会下载失败。方案:
1.使用代理
2.使用国内镜像地址
minikube start --vm-driver=none --image-mirror-country=cn --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
3.拉取国内镜像对应容器再修改其Tag :
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1 k8s.gcr.io/nginx-ingress-controller:v1.1.1
1.根据yaml文件创建Pod
访问:https://github.com/kubernetes/ingress-nginx/releases下载与K8S版本对应的ingress-nginx版本,修改资源清单文件中关于镜像的地址信息
2.若使用minikube,则直接使用其提供的ingress插件
minikube addons list # 插件列表
minikube addons enable ingress # 启用ingress插件
# 查看ingress-nginx
[root@administrator docker]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-6cfb67d797-ww4qc 1/1 Running 0 5m15s
# 查看service
[root@administrator docker]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.103.28.251 <none> 80:31315/TCP,443:31438/TCP 4m35s
创建Pod与Service
vim nginx-deployment-service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx-name
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
spec:
selector:
app: nginx-pod
clusterIP: None
type: ClusterIP
ports:
- port: 80
targetPort: 80
# 创建deployment
kubectl create -f nginx-deployment-service.yaml
# 查看Pod
[root@administrator k8s]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-6c568d58df-76sm4 1/1 Running 0 2m48s
nginx-deployment-6c568d58df-9845j 1/1 Running 0 2m48s
nginx-deployment-6c568d58df-bbz8c 1/1 Running 0 2m48s
# 查看Service
[root@administrator k8s]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20m
nginx-service ClusterIP None <none> 80/TCP 2m28s
创建Ingress规则-Http代理
创建vim ingress-http.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-http
namespace: default
spec:
rules:
- host: nginx.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
# 创建
[root@administrator k8s]# kubectl create -f ingress-http.yaml
ingress.networking.k8s.io/ingress-http created
# 查看
[root@administrator k8s]# kubectl get ing ingress-http
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-http nginx nginx.com 80 7s
# 查看详情
[root@administrator k8s]# kubectl describe ing ingress-http
Name: ingress-http
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
nginx.com
/ nginx-service:80 (172.17.0.6:80,172.17.0.7:80,172.17.0.8:80)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 19s nginx-ingress-controller Scheduled for sync
修改hosts文件进行域名映射
vim /etc/hosts
127.0.0.1 nginx.com
source /etc/hosts
[root@administrator ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.103.28.251 <none> 80:31315/TCP,443:31438/TCP 46m
[root@administrator ~]# curl nginx.com:31315
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
创建Ingress规则-HTTPS代理
HTTPS代理需要使用证书,使用openssl生成证书
req 产生证书签发申请命令
-newkey 生成新私钥
rsa:4096 生成秘钥位数
-nodes 表示私钥不加密
-sha256 使用SHA-2哈希算法
-keyout 将新创建的私钥写入的文件名
-x509 签发X.509格式证书命令。X.509是最通用的一种签名证书格式。
-out 指定要写入的输出文件名
-subj 指定用户信息
-days 有效期
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ./tls.key -x509 -out ./tls.crt -subj /C=CN/ST=SC/L=SC/O=nginx/CN=CJ -days 365
kubectl create secret tls tls-secret --key=tls.key --cert tls.crt
创建 vim ingress-https.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-https
namespace: default
spec:
tls:
- hosts:
- nginx.com
secretName: tls-secret # 指定秘钥
rules:
- host: nginx.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
[root@administrator k8s]# kubectl create -f ingress-https.yaml
ingress.networking.k8s.io/ingress-https created
[root@administrator k8s]# kubectl get ing ingress-https
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-https nginx nginx.com 80, 443 8s
[root@administrator k8s]# kubectl describe ing ingress-https
Name: ingress-https
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
tls-secret terminates nginx.com
Rules:
Host Path Backends
---- ---- --------
nginx.com
/ nginx-service:80 (172.17.0.6:80,172.17.0.7:80,172.17.0.8:80)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 14s nginx-ingress-controller Scheduled for sync
[root@administrator k8s]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.103.28.251 <none> 80:31315/TCP,443:31438/TCP 74m
ingress-nginx-controller-admission ClusterIP 10.99.215.96 <none> 443/TCP 74m
[root@administrator k8s]# curl -k https://nginx.com:31438
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/136975.html
