ingress

https://kubernetes.io/docs/concepts/services-networking/ingress/

pod与ingress的关系

•通过label-selector相关联
•通过Ingress Controller实现Pod的负载均衡
-支持TCP/UDP 4层和HTTP 7层

Ingress 组成?

ingress controller:将新加入的Ingress转化成Nginx的配置文件并使之生效
ingress服务:将Nginx的配置抽象成一个Ingress对象,每添加一个新的服务只需写一个新的Ingress的yaml文件即可

Ingress 工作原理?

ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化,
然后读取它,按照自定义的规则,规则就是写明了哪个域名对应哪个service,生成一段nginx配置,
再写到nginx-ingress-control的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器会把生成的nginx配置写入/etc/nginx.conf文件中,
然后reload一下使配置生效。
以此达到域名分配置和动态更新的问题。

ingress部署文档

https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md

下载yaml文件,修改使用宿主机网络   hostNetwork: true

[root@k8s-master1 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

[root@k8s-master1 ingress]# kubectl apply -f mandatory.yaml

namespace/ingress-nginx created

configmap/nginx-configuration created

configmap/tcp-services created

configmap/udp-services created

serviceaccount/nginx-ingress-serviceaccount created

clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created

role.rbac.authorization.k8s.io/nginx-ingress-role created

rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created

clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created

deployment.extensions/nginx-ingress-controller created

查看ingress部署的node节点,使用宿主机网络会在node监听80和443端口

[root@k8s-master1 ingress]# kubectl get ns

NAME            STATUS   AGE

default         Active   6d20h

ingress-nginx   Active   27m

kube-public     Active   6d20h

kube-system     Active   6d20h

[root@k8s-master1 ingress]# kubectl get pods -n ingress-nginx -o wide

NAME                                        READY   STATUS    RESTARTS   AGE   IP              NODE            NOMINATED NODE   READINESS GATES

nginx-ingress-controller-5c98c674b8-l9ft2   /     Running             28m   192.168.0.125   192.168.0.125   <none>           <none>
[root@k8s-node01 ~]# netstat -tnlp |egrep "80|443"

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2358/nginx: master

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2358/nginx: master

tcp        0      0 0.0.0.0:18080           0.0.0.0:*               LISTEN      2358/nginx: master

tcp6       0      0 :::80                   :::*                    LISTEN      2358/nginx: master

tcp6       0      0 :::443                  :::*                    LISTEN      2358/nginx: master

tcp6       0      0 :::18080                :::*                    LISTEN      2358/nginx: master

准备后端服务

[root@k8s-master1 ingress]# cat deploy-demo.yaml

#创建service为myapp

apiVersion: v1

kind: Service

metadata:

  name: myapp

  namespace: default

spec:

  selector:

    app: myapp

    release: canary

  ports:

  - name: http

    targetPort:

    port: 

---

#创建后端服务的deployment

apiVersion: apps/v1

kind: Deployment

metadata:

  name: myapp-backend-pod

  namespace: default

spec:

  replicas:

  selector:

    matchLabels:

      app: myapp

      release: canary

  template:

    metadata:

      labels:

        app: myapp

        release: canary

    spec:

      containers:

      - name: myapp

        image: ikubernetes/myapp:v2

        ports:

        - name: http

          containerPort: 

[root@k8s-master1 ingress]# kubectl apply -f deploy-demo.yaml

service/myapp created

deployment.apps/myapp-backend-pod created

[root@k8s-master1 ingress]# kubectl get pod,svc

NAME                                     READY   STATUS    RESTARTS   AGE

pod/myapp-backend-pod-6b56d98b6b-27vvs   /     Running             12s

pod/myapp-backend-pod-6b56d98b6b-6rq8w   /     Running             12s

pod/myapp-backend-pod-6b56d98b6b-ndbm6   /     Running             12s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE

service/kubernetes   ClusterIP   10.0.0.1     <none>        /TCP   6d21h

service/myapp        ClusterIP   10.0.0.79    <none>        /TCP    12s

[root@k8s-node01 ~]# curl 10.0.0.79

Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

配置ingress规则

[root@k8s-master1 ingress]# vim ingress-myapp.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: simple-fanout-example

  annotations:

    nginx.ingress.kubernetes.io/rewrite-target: /

spec:

  rules:

  - host: foo.bar.com

    http:

      paths:

      - path: /

        backend:

          serviceName: myapp

          servicePort: 

[root@k8s-master1 ingress]# kubectl apply -f ingress-myapp.yaml

ingress.extensions/simple-fanout-example created

[root@k8s-master1 ingress]# kubectl get ingress

NAME                    HOSTS         ADDRESS   PORTS   AGE

simple-fanout-example   foo.bar.com                   10s

设置域名解析到ip,即可访问域名

[root@k8s-master1 ingress]# curl foo.bar.com

Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

查看详细信息

[root@k8s-master1 ingress]# kubectl describe ingress simple-fanout-example

Name:             simple-fanout-example

Namespace:        default

Address:

Default backend:  default-http-backend: (<none>)

Rules:

  Host         Path  Backends

  ----         ----  --------

  foo.bar.com

               /   myapp: (<none>)

Annotations:

  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"simple-fanout-example","namespace":"default"},"spec":{"rules":[{"host":"foo.bar.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}]}}

  nginx.ingress.kubernetes.io/rewrite-target:  /

Events:

  Type    Reason  Age    From                      Message

  ----    ------  ----   ----                      -------

  Normal  CREATE  3m58s  nginx-ingress-controller  Ingress default/simple-fanout-example

进入nginx-ingress-controller进行查看是否注入了nginx的配置

[root@k8s-master1 ingress]# kubectl get pod -n ingress-nginx

NAME                                        READY   STATUS    RESTARTS   AGE

nginx-ingress-controller-5c98c674b8-l9ft2   /     Running             67m

[root@k8s-master1 ingress]# kubectl exec -n ingress-nginx -it nginx-ingress-controller-5c98c674b8-l9ft2 bash

www-data@k8s-node01:/etc/nginx$ cat nginx.conf

........

    ## start server foo.bar.com

    server {

        server_name foo.bar.com ;

        listen ;

        listen [::]:;

        set $proxy_upstream_name "-";

        location / {

            set $namespace      "default";

            set $ingress_name   "simple-fanout-example";

            set $service_name   "myapp";

            set $service_port   "";

            set $location_path  "/";

            rewrite_by_lua_block {

                balancer.rewrite()

            }

            access_by_lua_block {

            }

            header_filter_by_lua_block {

            }

构建TLS站点

准备证书

[root@k8s-master1 ingress]# openssl genrsa -out tls.key

Generating RSA private key,  bit long modulus

..................................................................................+++

........................+++

e is  (0x10001)

[root@k8s-master1 ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=sslexample.foo.com

创建secret

[root@k8s-master1 ingress]# kubectl create secret tls sslexample-foo-com --cert=tls.crt --key=tls.key

secret/sslexample-foo-com created

[root@k8s-master1 ingress]# kubectl get secret

NAME                   TYPE                                  DATA   AGE

default-token-7vs6s    kubernetes.io/service-account-token         6d22h

registry-pull-secret   kubernetes.io/dockerconfigjson              5d1h

sslexample-foo-com     kubernetes.io/tls                           28s
[root@k8s-master1 ingress]# kubectl describe secret sslexample-foo-com

Name:         sslexample-foo-com

Namespace:    default

Labels:       <none>

Annotations:  <none>

Type:  kubernetes.io/tls

Data

====

tls.crt:  1298 bytes

tls.key:  1675 bytes

创建ingress

[root@k8s-master1 ingress]# vim ingress-https.yaml 

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: tls-example-ingress

spec:

  tls:

  - hosts:

    - sslexample.foo.com

    secretName: sslexample-foo-com

  rules:

    - host: sslexample.foo.com

      http:

        paths:

        - path: /

          backend:

            serviceName: myapp

            servicePort: 

[root@k8s-master1 ingress]# kubectl apply -f ingress-https.yaml

ingress.extensions/tls-example-ingress created

[root@k8s-master1 ingress]# kubectl get ingress

NAME                    HOSTS                ADDRESS   PORTS     AGE

simple-fanout-example   foo.bar.com                            59m

tls-example-ingress     sslexample.foo.com             ,    29s

[root@k8s-master1 ingress]# kubectl describe ingress tls-example-ingress

Name:             tls-example-ingress

Namespace:        default

Address:

Default backend:  default-http-backend: (<none>)

TLS:

  sslexample-foo-com terminates sslexample.foo.com

Rules:

  Host                Path  Backends

  ----                ----  --------

  sslexample.foo.com

                      /   myapp: (<none>)

Annotations:

  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"tls-example-ingress","namespace":"default"},"spec":{"rules":[{"host":"sslexample.foo.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}],"tls":[{"hosts":["sslexample.foo.com"],"secretName":"sslexample-foo-com"}]}}

Events:

  Type    Reason  Age   From                      Message

  ----    ------  ----  ----                      -------

  Normal  CREATE  72s   nginx-ingress-controller  Ingress default/tls-example-ingress

访问测试

kubernetes-ingress(十)的更多相关文章

  1. Kubernetes Ingress Controller的使用及高可用落地

    Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...

  2. Kubernetes Ingress 学习

    Kubernetes 中暴露服务的方式有三种 Loadbalancer 这种方式往往需要云供应商支持,或者本地F5等设备支持 NodePort 这种方式调用方通过NodeIP:NodePort 的方式 ...

  3. Kubernetes Ingress管理

    目录 Ingress介绍 1.Pod漂移问题 2.端口管理问题 3.域名分配及动态更新问题 Nginx Ingress配置 1.部署默认后端 2.部署Ingress Controller 3.部署In ...

  4. Kubernetes Ingress 部署

    Kubernetes Ingress 部署 Pod与Ingress的关系• 通过service相关联• 通过Ingress Controller实现Pod的负载均衡- 支持TCP/UDP 4层和HTT ...

  5. [转帖]kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较

    kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较 https://www.cnblogs.com/xuxinkun/p/11052646 ...

  6. Kubernetes Ingress日志分析入门

    本文主要介绍如何基于日志服务构建Kubernetes Ingress日志分析平台,并提供一些简单的动手实验方便大家快速了解日志服务相关功能. 部署Ingress日志方案 登录容器服务管理控制台. 将上 ...

  7. Kubernetes Ingress简单入门

    作者:Nick Ramirez 原文链接:https://thenewstack.io/kubernetes-ingress-for-beginners/ 本文转载自Rancher Labs 不知道你 ...

  8. 在 Kubernetes Ingress 中支持 Websocket/Socket 服务

    Kubernetes Ingress 可将集群内部的 Service 通过 HTTP/HTTPS 的方式暴露供外部访问,并通过路径匹配规则定义服务的路由.但是 Ingress 对 TCP/UDP 的服 ...

  9. CORS跨源资源共享概念及配置(Kubernetes Ingress和Spring Cloud Gateway)

    我最新最全的文章都在南瓜慢说 www.pkslow.com,欢迎大家来喝茶! 1 跨源资源共享CORS 跨源资源共享 (CORS) (或通俗地译为跨域资源共享)是一种基于HTTP 头的机制,该机制通过 ...

  10. 几张图解释明白 Kubernetes Ingress

    来源:K8s技术圈 作者:阳明 Kubernetes Ingress 只是 Kubernetes 中的一个普通资源对象,需要一个对应的 Ingress 控制器来解析 Ingress 的规则,暴露服务到 ...

随机推荐

  1. angularJs中对时间戳的处理

    一. ng表达式 <!-- 表达式中使用 --> {{ dt1 | date:'yyyy-MM-dd HH:mm:ss' }} 二. 控制器中使用 //controller必须注入 $fi ...

  2. 基于rabbitMQ 消息延时队列方案 模拟电商超时未支付订单处理场景

    前言 传统处理超时订单 采取定时任务轮训数据库订单,并且批量处理.其弊端也是显而易见的:对服务器.数据库性会有很大的要求,并且当处理大量订单起来会很力不从心,而且实时性也不是特别好 当然传统的手法还可 ...

  3. 浅谈关于SRAM与DRAM的区别

    在上体系结构这门课之前,我只知道DRAM用作内存比较多,SRAM用作cache比较多.在今天讲到内存技术时,我对于这两个基础概念有了更加完整的认识.这篇文章是我的听课心得,现在分享给各位,仅供参考,若 ...

  4. codeforces C. Vasya And The Mushrooms (思维+模拟)

    题意:给定一个2*n的矩形方格,每个格子有一个权值,从(0,0)开始出发,要求遍历完整个网格(不能重复走一个格子),求最大权值和,(权值和是按照step*w累加,step步数从0开始). 转载: 题解 ...

  5. ProtobufUtils

    import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Method; import com. ...

  6. java防止表单重复提交的几种方法

    转载大神 1. 使用session同步和token机制来防止并发重复提交 https://blog.csdn.net/hejingyuan6/article/details/50487777 2. S ...

  7. java——方法重载与重写、构造方法、this关键字、static关键字、strictfp关键字、类的导入

    Java SE5新增加@Override注解,它并不是关键字,但是可以把它当作关键字使用.当你想要覆写(重写)某个方法时,可以选择添加这个注解,在你不留心重载而并非覆写了该方法时,编译器就会生成一条错 ...

  8. 转 MYSQL_GTID详解

    http://blog.itpub.net/27067062/viewspace-2141906/   一.GTID概述  GTID是MYSQL5.6新增的特性,GTID(Global Transac ...

  9. QT LCDNumber使用

    新建一个QT工程 然后在cpp文件中写入代码 #include "hello.h" #include <qthread.h> #include <QVariant ...

  10. Ubuntu批量修改文件后缀

    rename 's/\.JPG/.jpg/' *.JPG 把JPG后缀改为jpg 参考url====http://blog.csdn.net/whuslei/article/details/67249 ...