ingress

https://kubernetes.io/docs/concepts/services-networking/ingress/

pod与ingress的关系

•通过label-selector相关联
•通过Ingress Controller实现Pod的负载均衡
-支持TCP/UDP 4层和HTTP 7层

Ingress 组成?

ingress controller:将新加入的Ingress转化成Nginx的配置文件并使之生效
ingress服务:将Nginx的配置抽象成一个Ingress对象,每添加一个新的服务只需写一个新的Ingress的yaml文件即可

Ingress 工作原理?

ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化,
然后读取它,按照自定义的规则,规则就是写明了哪个域名对应哪个service,生成一段nginx配置,
再写到nginx-ingress-control的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器会把生成的nginx配置写入/etc/nginx.conf文件中,
然后reload一下使配置生效。
以此达到域名分配置和动态更新的问题。

ingress部署文档

https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md

下载yaml文件,修改使用宿主机网络   hostNetwork: true

[root@k8s-master1 ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

[root@k8s-master1 ingress]# kubectl apply -f mandatory.yaml

namespace/ingress-nginx created

configmap/nginx-configuration created

configmap/tcp-services created

configmap/udp-services created

serviceaccount/nginx-ingress-serviceaccount created

clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created

role.rbac.authorization.k8s.io/nginx-ingress-role created

rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created

clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created

deployment.extensions/nginx-ingress-controller created

查看ingress部署的node节点,使用宿主机网络会在node监听80和443端口

[root@k8s-master1 ingress]# kubectl get ns

NAME            STATUS   AGE

default         Active   6d20h

ingress-nginx   Active   27m

kube-public     Active   6d20h

kube-system     Active   6d20h

[root@k8s-master1 ingress]# kubectl get pods -n ingress-nginx -o wide

NAME                                        READY   STATUS    RESTARTS   AGE   IP              NODE            NOMINATED NODE   READINESS GATES

nginx-ingress-controller-5c98c674b8-l9ft2   /     Running             28m   192.168.0.125   192.168.0.125   <none>           <none>
[root@k8s-node01 ~]# netstat -tnlp |egrep "80|443"

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2358/nginx: master

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2358/nginx: master

tcp        0      0 0.0.0.0:18080           0.0.0.0:*               LISTEN      2358/nginx: master

tcp6       0      0 :::80                   :::*                    LISTEN      2358/nginx: master

tcp6       0      0 :::443                  :::*                    LISTEN      2358/nginx: master

tcp6       0      0 :::18080                :::*                    LISTEN      2358/nginx: master

准备后端服务

[root@k8s-master1 ingress]# cat deploy-demo.yaml

#创建service为myapp

apiVersion: v1

kind: Service

metadata:

  name: myapp

  namespace: default

spec:

  selector:

    app: myapp

    release: canary

  ports:

  - name: http

    targetPort:

    port: 

---

#创建后端服务的deployment

apiVersion: apps/v1

kind: Deployment

metadata:

  name: myapp-backend-pod

  namespace: default

spec:

  replicas:

  selector:

    matchLabels:

      app: myapp

      release: canary

  template:

    metadata:

      labels:

        app: myapp

        release: canary

    spec:

      containers:

      - name: myapp

        image: ikubernetes/myapp:v2

        ports:

        - name: http

          containerPort: 

[root@k8s-master1 ingress]# kubectl apply -f deploy-demo.yaml

service/myapp created

deployment.apps/myapp-backend-pod created

[root@k8s-master1 ingress]# kubectl get pod,svc

NAME                                     READY   STATUS    RESTARTS   AGE

pod/myapp-backend-pod-6b56d98b6b-27vvs   /     Running             12s

pod/myapp-backend-pod-6b56d98b6b-6rq8w   /     Running             12s

pod/myapp-backend-pod-6b56d98b6b-ndbm6   /     Running             12s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE

service/kubernetes   ClusterIP   10.0.0.1     <none>        /TCP   6d21h

service/myapp        ClusterIP   10.0.0.79    <none>        /TCP    12s

[root@k8s-node01 ~]# curl 10.0.0.79

Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

配置ingress规则

[root@k8s-master1 ingress]# vim ingress-myapp.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: simple-fanout-example

  annotations:

    nginx.ingress.kubernetes.io/rewrite-target: /

spec:

  rules:

  - host: foo.bar.com

    http:

      paths:

      - path: /

        backend:

          serviceName: myapp

          servicePort: 

[root@k8s-master1 ingress]# kubectl apply -f ingress-myapp.yaml

ingress.extensions/simple-fanout-example created

[root@k8s-master1 ingress]# kubectl get ingress

NAME                    HOSTS         ADDRESS   PORTS   AGE

simple-fanout-example   foo.bar.com                   10s

设置域名解析到ip,即可访问域名

[root@k8s-master1 ingress]# curl foo.bar.com

Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

查看详细信息

[root@k8s-master1 ingress]# kubectl describe ingress simple-fanout-example

Name:             simple-fanout-example

Namespace:        default

Address:

Default backend:  default-http-backend: (<none>)

Rules:

  Host         Path  Backends

  ----         ----  --------

  foo.bar.com

               /   myapp: (<none>)

Annotations:

  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"simple-fanout-example","namespace":"default"},"spec":{"rules":[{"host":"foo.bar.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}]}}

  nginx.ingress.kubernetes.io/rewrite-target:  /

Events:

  Type    Reason  Age    From                      Message

  ----    ------  ----   ----                      -------

  Normal  CREATE  3m58s  nginx-ingress-controller  Ingress default/simple-fanout-example

进入nginx-ingress-controller进行查看是否注入了nginx的配置

[root@k8s-master1 ingress]# kubectl get pod -n ingress-nginx

NAME                                        READY   STATUS    RESTARTS   AGE

nginx-ingress-controller-5c98c674b8-l9ft2   /     Running             67m

[root@k8s-master1 ingress]# kubectl exec -n ingress-nginx -it nginx-ingress-controller-5c98c674b8-l9ft2 bash

www-data@k8s-node01:/etc/nginx$ cat nginx.conf

........

    ## start server foo.bar.com

    server {

        server_name foo.bar.com ;

        listen ;

        listen [::]:;

        set $proxy_upstream_name "-";

        location / {

            set $namespace      "default";

            set $ingress_name   "simple-fanout-example";

            set $service_name   "myapp";

            set $service_port   "";

            set $location_path  "/";

            rewrite_by_lua_block {

                balancer.rewrite()

            }

            access_by_lua_block {

            }

            header_filter_by_lua_block {

            }

构建TLS站点

准备证书

[root@k8s-master1 ingress]# openssl genrsa -out tls.key

Generating RSA private key,  bit long modulus

..................................................................................+++

........................+++

e is  (0x10001)

[root@k8s-master1 ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=sslexample.foo.com

创建secret

[root@k8s-master1 ingress]# kubectl create secret tls sslexample-foo-com --cert=tls.crt --key=tls.key

secret/sslexample-foo-com created

[root@k8s-master1 ingress]# kubectl get secret

NAME                   TYPE                                  DATA   AGE

default-token-7vs6s    kubernetes.io/service-account-token         6d22h

registry-pull-secret   kubernetes.io/dockerconfigjson              5d1h

sslexample-foo-com     kubernetes.io/tls                           28s
[root@k8s-master1 ingress]# kubectl describe secret sslexample-foo-com

Name:         sslexample-foo-com

Namespace:    default

Labels:       <none>

Annotations:  <none>

Type:  kubernetes.io/tls

Data

====

tls.crt:  1298 bytes

tls.key:  1675 bytes

创建ingress

[root@k8s-master1 ingress]# vim ingress-https.yaml 

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: tls-example-ingress

spec:

  tls:

  - hosts:

    - sslexample.foo.com

    secretName: sslexample-foo-com

  rules:

    - host: sslexample.foo.com

      http:

        paths:

        - path: /

          backend:

            serviceName: myapp

            servicePort: 

[root@k8s-master1 ingress]# kubectl apply -f ingress-https.yaml

ingress.extensions/tls-example-ingress created

[root@k8s-master1 ingress]# kubectl get ingress

NAME                    HOSTS                ADDRESS   PORTS     AGE

simple-fanout-example   foo.bar.com                            59m

tls-example-ingress     sslexample.foo.com             ,    29s

[root@k8s-master1 ingress]# kubectl describe ingress tls-example-ingress

Name:             tls-example-ingress

Namespace:        default

Address:

Default backend:  default-http-backend: (<none>)

TLS:

  sslexample-foo-com terminates sslexample.foo.com

Rules:

  Host                Path  Backends

  ----                ----  --------

  sslexample.foo.com

                      /   myapp: (<none>)

Annotations:

  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"tls-example-ingress","namespace":"default"},"spec":{"rules":[{"host":"sslexample.foo.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":},"path":"/"}]}}],"tls":[{"hosts":["sslexample.foo.com"],"secretName":"sslexample-foo-com"}]}}

Events:

  Type    Reason  Age   From                      Message

  ----    ------  ----  ----                      -------

  Normal  CREATE  72s   nginx-ingress-controller  Ingress default/tls-example-ingress

访问测试

kubernetes-ingress(十)的更多相关文章

  1. Kubernetes Ingress Controller的使用及高可用落地

    Kubernetes Ingress Controller的使用及高可用落地 看懂本文要具备一下知识点: Service实现原理和会应用 知道反向代理原理,了解nginx和apache的vhost概念 ...

  2. Kubernetes Ingress 学习

    Kubernetes 中暴露服务的方式有三种 Loadbalancer 这种方式往往需要云供应商支持,或者本地F5等设备支持 NodePort 这种方式调用方通过NodeIP:NodePort 的方式 ...

  3. Kubernetes Ingress管理

    目录 Ingress介绍 1.Pod漂移问题 2.端口管理问题 3.域名分配及动态更新问题 Nginx Ingress配置 1.部署默认后端 2.部署Ingress Controller 3.部署In ...

  4. Kubernetes Ingress 部署

    Kubernetes Ingress 部署 Pod与Ingress的关系• 通过service相关联• 通过Ingress Controller实现Pod的负载均衡- 支持TCP/UDP 4层和HTT ...

  5. [转帖]kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较

    kubernetes ingress 在物理机上的nodePort和hostNetwork两种部署方式解析及比较 https://www.cnblogs.com/xuxinkun/p/11052646 ...

  6. Kubernetes Ingress日志分析入门

    本文主要介绍如何基于日志服务构建Kubernetes Ingress日志分析平台,并提供一些简单的动手实验方便大家快速了解日志服务相关功能. 部署Ingress日志方案 登录容器服务管理控制台. 将上 ...

  7. Kubernetes Ingress简单入门

    作者:Nick Ramirez 原文链接:https://thenewstack.io/kubernetes-ingress-for-beginners/ 本文转载自Rancher Labs 不知道你 ...

  8. 在 Kubernetes Ingress 中支持 Websocket/Socket 服务

    Kubernetes Ingress 可将集群内部的 Service 通过 HTTP/HTTPS 的方式暴露供外部访问,并通过路径匹配规则定义服务的路由.但是 Ingress 对 TCP/UDP 的服 ...

  9. CORS跨源资源共享概念及配置(Kubernetes Ingress和Spring Cloud Gateway)

    我最新最全的文章都在南瓜慢说 www.pkslow.com,欢迎大家来喝茶! 1 跨源资源共享CORS 跨源资源共享 (CORS) (或通俗地译为跨域资源共享)是一种基于HTTP 头的机制,该机制通过 ...

  10. 几张图解释明白 Kubernetes Ingress

    来源:K8s技术圈 作者:阳明 Kubernetes Ingress 只是 Kubernetes 中的一个普通资源对象,需要一个对应的 Ingress 控制器来解析 Ingress 的规则,暴露服务到 ...

随机推荐

  1. 白白的(baibaide)——树状数组套主席树+splay

    题目 [题目描述] 有一个长度为 $n$ 的序列 $a_1, a_2, \dots, a_n$,一开始每个位置都是白色.如果一个区间中每个位置都是白色,则称这是一个白白的区间.如果一个白白的区间向左或 ...

  2. http系列--从输入 URL 到页面加载完成的过程

    一.前言 这道题的覆盖面可以非常广,很适合作为一道承载知识体系的题目.每一个前端人员,如果要往更高阶发展,必然会将自己的知识体系梳理一遍,没有牢固的知识体系,无法往更高处走! 二.主干流程 在将浏览器 ...

  3. es6的箭头函数转换为普通函数,以及将await/async函数转为普通函数

    箭头函数转为普通函数: 1. 安装babel-preset-es2015  npm install babel-preset-es2015 --save-dev 2.在.babelrc文件夹中:  & ...

  4. @RequestBody注解的用法

    以前,一直以为在SpringMVC环境中,@RequestBody接收的是一个Json对象,一直在调试代码都没有成功,后来发现,其实 @RequestBody接收的是一个Json对象的字符串,而不是一 ...

  5. Microsoft JDBC Driver 使用 getParameterMetaData 会报错?

    不知道为何使用 Microsoft JDBC Driver for SQL Server 驱动时,sql语句不带参数没有问题,但是如果带参数且使用 getParameterMetaData 就会提示某 ...

  6. Ubuntu14.04修改主机名

    1.Ubuntu主机名位于/etc/hostname里,将其修改为自己需要的名称 2.修改/etc/hosts文件,将其中127.0.1.1对应的主机名更改为新的主机名,与/etc/hostname里 ...

  7. CodeForces - 95B

    Petya loves lucky numbers. Everybody knows that positive integers are lucky if their decimal represe ...

  8. 高可用数据同步方案-SqlServer迁移Mysql实战

    简介 随着业务量的上升,以前的架构已经不满足业务的发展,数据作为业务中最重要的一环,需要有更好的架构作为支撑.目前我司有sql server转mysql的需求,所以结合当前业务,我挑选了阿里云开源的一 ...

  9. Docker最全教程之使用PHP搭建个人博客站点(二十二)

    目录 官方镜像  编写简单的Hello world! 1. 编写Hello world! 2. 编写Dockerfile 3. 构建并运行 4. 直接使用PHP Docker镜像运行PHP脚本 构建自 ...

  10. 【C#】C#委托使用详解(Delegates)

    摘要 委托是C#编程一个非常重要的概念,也是一个难点.本文将系统详细讲解委托. 1. 委托是什么? 其实,我一直思考如何讲解委托,才能把委托说得更透彻.说实话,每个人都委托都有不同的见解,因为看问题的 ...