ingress

https://kubernetes.io/docs/concepts/services-networking/ingress/

pod与ingress的关系

•通过label-selector相关联
•通过Ingress Controller实现Pod的负载均衡
-支持TCP/UDP 4层和HTTP 7层

Ingress 组成?

ingress controller:将新加入的Ingress转化成Nginx的配置文件并使之生效
ingress服务:将Nginx的配置抽象成一个Ingress对象,每添加一个新的服务只需写一个新的Ingress的yaml文件即可

Ingress 工作原理?

ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化,
然后读取它,按照自定义的规则,规则就是写明了哪个域名对应哪个service,生成一段nginx配置,
再写到nginx-ingress-control的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器会把生成的nginx配置写入/etc/nginx.conf文件中,
然后reload一下使配置生效。
以此达到域名分配置和动态更新的问题。

ingress部署文档

https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md

下载yaml文件,修改使用宿主机网络   hostNetwork: true

[root@k8s-master1 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

[root@k8s-master1 ingress]# kubectl apply -f mandatory.yaml

namespace/ingress-nginx created

configmap/nginx-configuration created

configmap/tcp-services created

configmap/udp-services created

serviceaccount/nginx-ingress-serviceaccount created

clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created

role.rbac.authorization.k8s.io/nginx-ingress-role created

rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created

clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created

deployment.extensions/nginx-ingress-controller created

查看ingress部署的node节点,使用宿主机网络会在node监听80和443端口

[root@k8s-master1 ingress]# kubectl get ns

NAME            STATUS   AGE

default         Active   6d20h

ingress-nginx   Active   27m

kube-public     Active   6d20h

kube-system     Active   6d20h

[root@k8s-master1 ingress]# kubectl get pods -n ingress-nginx -o wide

NAME                                        READY   STATUS    RESTARTS   AGE   IP              NODE            NOMINATED NODE   READINESS GATES

nginx-ingress-controller-5c98c674b8-l9ft2   /     Running             28m   192.168.0.125   192.168.0.125   <none>           <none>
[root@k8s-node01 ~]# netstat -tnlp |egrep "80|443"

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2358/nginx: master

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2358/nginx: master

tcp        0      0 0.0.0.0:18080           0.0.0.0:*               LISTEN      2358/nginx: master

tcp6       0      0 :::80                   :::*                    LISTEN      2358/nginx: master

tcp6       0      0 :::443                  :::*                    LISTEN      2358/nginx: master

tcp6       0      0 :::18080                :::*                    LISTEN      2358/nginx: master

准备后端服务

[root@k8s-master1 ingress]# cat deploy-demo.yaml

#创建service为myapp

apiVersion: v1

kind: Service

metadata:

  name: myapp

  namespace: default

spec:

  selector:

    app: myapp

    release: canary

  ports:

  - name: http

    targetPort:

    port: 

---

#创建后端服务的deployment

apiVersion: apps/v1

kind: Deployment

metadata:

  name: myapp-backend-pod

  namespace: default

spec:

  replicas:

  selector:

    matchLabels:

      app: myapp

      release: canary

  template:

    metadata:

      labels:

        app: myapp

        release: canary

    spec:

      containers:

      - name: myapp

        image: ikubernetes/myapp:v2

        ports:

        - name: http

          containerPort: 

[root@k8s-master1 ingress]# kubectl apply -f deploy-demo.yaml

service/myapp created

deployment.apps/myapp-backend-pod created

[root@k8s-master1 ingress]# kubectl get pod,svc

NAME                                     READY   STATUS    RESTARTS   AGE

pod/myapp-backend-pod-6b56d98b6b-27vvs   /     Running             12s

pod/myapp-backend-pod-6b56d98b6b-6rq8w   /     Running             12s

pod/myapp-backend-pod-6b56d98b6b-ndbm6   /     Running             12s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE

service/kubernetes   ClusterIP   10.0.0.1     <none>        /TCP   6d21h

service/myapp        ClusterIP   10.0.0.79    <none>        /TCP    12s

[root@k8s-node01 ~]# curl 10.0.0.79

Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

配置ingress规则

[root@k8s-master1 ingress]# vim ingress-myapp.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: simple-fanout-example

  annotations:

    nginx.ingress.kubernetes.io/rewrite-target: /

spec:

  rules:

  - host: foo.bar.com

    http:

      paths:

      - path: /

        backend:

          serviceName: myapp

          servicePort: 

[root@k8s-master1 ingress]# kubectl apply -f ingress-myapp.yaml

ingress.extensions/simple-fanout-example created

[root@k8s-master1 ingress]# kubectl get ingress

NAME                    HOSTS         ADDRESS   PORTS   AGE

simple-fanout-example   foo.bar.com                   10s

设置域名解析到ip,即可访问域名

[root@k8s-master1 ingress]# curl foo.bar.com

Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

查看详细信息

[root@k8s-master1 ingress]# kubectl describe ingress simple-fanout-example

Name:             simple-fanout-example

Namespace:        default

Address:

Default backend:  default-http-backend: (<none>)

Rules:

  Host         Path  Backends

  ----         ----  --------

  foo.bar.com

               /   myapp: (<none>)

Annotations:

  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"simple-fanout-example","namespace":"default"},"spec":{"rules":[{"host":"foo.bar.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}]}}

  nginx.ingress.kubernetes.io/rewrite-target:  /

Events:

  Type    Reason  Age    From                      Message

  ----    ------  ----   ----                      -------

  Normal  CREATE  3m58s  nginx-ingress-controller  Ingress default/simple-fanout-example

进入nginx-ingress-controller进行查看是否注入了nginx的配置

[root@k8s-master1 ingress]# kubectl get pod -n ingress-nginx

NAME                                        READY   STATUS    RESTARTS   AGE

nginx-ingress-controller-5c98c674b8-l9ft2   /     Running             67m

[root@k8s-master1 ingress]# kubectl exec -n ingress-nginx -it nginx-ingress-controller-5c98c674b8-l9ft2 bash

www-data@k8s-node01:/etc/nginx$ cat nginx.conf

........

    ## start server foo.bar.com

    server {

        server_name foo.bar.com ;

        listen ;

        listen [::]:;

        set $proxy_upstream_name "-";

        location / {

            set $namespace      "default";

            set $ingress_name   "simple-fanout-example";

            set $service_name   "myapp";

            set $service_port   "";

            set $location_path  "/";

            rewrite_by_lua_block {

                balancer.rewrite()

            }

            access_by_lua_block {

            }

            header_filter_by_lua_block {

            }

构建TLS站点

准备证书

[root@k8s-master1 ingress]# openssl genrsa -out tls.key

Generating RSA private key,  bit long modulus

..................................................................................+++

........................+++

e is  (0x10001)

[root@k8s-master1 ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=sslexample.foo.com

创建secret

[root@k8s-master1 ingress]# kubectl create secret tls sslexample-foo-com --cert=tls.crt --key=tls.key

secret/sslexample-foo-com created

[root@k8s-master1 ingress]# kubectl get secret

NAME                   TYPE                                  DATA   AGE

default-token-7vs6s    kubernetes.io/service-account-token         6d22h

registry-pull-secret   kubernetes.io/dockerconfigjson              5d1h

sslexample-foo-com     kubernetes.io/tls                           28s
[root@k8s-master1 ingress]# kubectl describe secret sslexample-foo-com

Name:         sslexample-foo-com

Namespace:    default

Labels:       <none>

Annotations:  <none>

Type:  kubernetes.io/tls

Data

====

tls.crt:  1298 bytes

tls.key:  1675 bytes

创建ingress

[root@k8s-master1 ingress]# vim ingress-https.yaml 

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: tls-example-ingress

spec:

  tls:

  - hosts:

    - sslexample.foo.com

    secretName: sslexample-foo-com

  rules:

    - host: sslexample.foo.com

      http:

        paths:

        - path: /

          backend:

            serviceName: myapp

            servicePort: 

[root@k8s-master1 ingress]# kubectl apply -f ingress-https.yaml

ingress.extensions/tls-example-ingress created

[root@k8s-master1 ingress]# kubectl get ingress

NAME                    HOSTS                ADDRESS   PORTS     AGE

simple-fanout-example   foo.bar.com                            59m

tls-example-ingress     sslexample.foo.com             ,    29s

[root@k8s-master1 ingress]# kubectl describe ingress tls-example-ingress

Name:             tls-example-ingress

Namespace:        default

Address:

Default backend:  default-http-backend: (<none>)

TLS:

  sslexample-foo-com terminates sslexample.foo.com

Rules:

  Host                Path  Backends

  ----                ----  --------

  sslexample.foo.com

                      /   myapp: (<none>)

Annotations:

  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"tls-example-ingress","namespace":"default"},"spec":{"rules":[{"host":"sslexample.foo.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}],"tls":[{"hosts":["sslexample.foo.com"],"secretName":"sslexample-foo-com"}]}}

Events:

  Type    Reason  Age   From                      Message

  ----    ------  ----  ----                      -------

  Normal  CREATE  72s   nginx-ingress-controller  Ingress default/tls-example-ingress

访问测试

kubernetes-ingress(十)的更多相关文章

  1. Kubernetes Ingress Controller的使用及高可用落地

    Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...

  2. Kubernetes Ingress 学习

    Kubernetes 中暴露服务的方式有三种 Loadbalancer 这种方式往往需要云供应商支持,或者本地F5等设备支持 NodePort 这种方式调用方通过NodeIP:NodePort 的方式 ...

  3. Kubernetes Ingress管理

    目录 Ingress介绍 1.Pod漂移问题 2.端口管理问题 3.域名分配及动态更新问题 Nginx Ingress配置 1.部署默认后端 2.部署Ingress Controller 3.部署In ...

  4. Kubernetes Ingress 部署

    Kubernetes Ingress 部署 Pod与Ingress的关系• 通过service相关联• 通过Ingress Controller实现Pod的负载均衡- 支持TCP/UDP 4层和HTT ...

  5. [转帖]kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较

    kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较 https://www.cnblogs.com/xuxinkun/p/11052646 ...

  6. Kubernetes Ingress日志分析入门

    本文主要介绍如何基于日志服务构建Kubernetes Ingress日志分析平台,并提供一些简单的动手实验方便大家快速了解日志服务相关功能. 部署Ingress日志方案 登录容器服务管理控制台. 将上 ...

  7. Kubernetes Ingress简单入门

    作者:Nick Ramirez 原文链接:https://thenewstack.io/kubernetes-ingress-for-beginners/ 本文转载自Rancher Labs 不知道你 ...

  8. 在 Kubernetes Ingress 中支持 Websocket/Socket 服务

    Kubernetes Ingress 可将集群内部的 Service 通过 HTTP/HTTPS 的方式暴露供外部访问,并通过路径匹配规则定义服务的路由.但是 Ingress 对 TCP/UDP 的服 ...

  9. CORS跨源资源共享概念及配置(Kubernetes Ingress和Spring Cloud Gateway)

    我最新最全的文章都在南瓜慢说 www.pkslow.com,欢迎大家来喝茶! 1 跨源资源共享CORS 跨源资源共享 (CORS) (或通俗地译为跨域资源共享)是一种基于HTTP 头的机制,该机制通过 ...

  10. 几张图解释明白 Kubernetes Ingress

    来源:K8s技术圈 作者:阳明 Kubernetes Ingress 只是 Kubernetes 中的一个普通资源对象,需要一个对应的 Ingress 控制器来解析 Ingress 的规则,暴露服务到 ...

随机推荐

  1. 2017-10-2 清北刷题冲刺班p.m

    最大值 (max) Time Limit:1000ms   Memory Limit:128MB 题目描述 LYK有一本书,上面有很多有趣的OI问题.今天LYK看到了这么一道题目: 这里有一个长度为n ...

  2. ie9下网页设计兼容模式

    个人实践使用:ie9下使用低版本ie兼容模式,在网站第一个页面的<head>标签后使用<meta http-equiv="X-UA-Compatible" con ...

  3. Python 软件热更新

    Python 软件热更新 本篇文章涉及技术知识如下: Redis threading 多线程 PyQt5 importlib 热更新 场景 咱们在平时运行一些长时间都会一直运行的软件(如:某些云同步软 ...

  4. js源码 模仿 jquery的ajax的获取数据(get,post )的请求封装

    function ajax(obj){ // 默认参数 var defaults = { type : 'get', data : {}, url : '#', dataType : 'text', ...

  5. 学习:数学----gcd及扩展gcd

    gcd及扩展gcd可以用来求两个数的最大公因数,扩展gcd甚至可以用来求一次不定方程ax+by=c的解   辗转相除法与gcd 假设有两个数a与b,现在要求a与b的最大公因数,我们可以设 a=b*q+ ...

  6. Spark Mllib里的如何对两组数据用斯皮尔曼计算相关系数

    不多说,直接上干货! import org.apache.spark.mllib.stat.Statistics 具体,见 Spark Mllib机器学习实战的第4章 Mllib基本数据类型和Mlli ...

  7. Visual Studio 使用

    目录结构 solution_dir Debug: 存放Debug版本信息的.exe Release: Release的.exe .sln: visual studio 项目文件 project_dir ...

  8. [Freemarker] Getting Start

    Freemarker是一个模板引擎,在.NET中有类似的T4模板,FreeMarker对ASP.NET MVC也很友好,链接地址,引用官方的一幅图 模板+数据=视图 Following are the ...

  9. JFrame 布局

    引用文章:https://blog.csdn.net/zyj0813/article/details/78309739

  10. 一、 Spring Cloud Eureka ,咱们先跑起来

    一.Spring Cloud 简介 Spring Cloud 是一个基于Spring Boot 实现的微服务架构开发工具.是一个涉及到服务治理.分布式配置管理.负载均衡.服务容错.API网关.消息总线 ...