service类型以及ingress介绍和部署

最新推荐文章于 2024-01-17 17:04:23 发布
最新推荐文章于 2024-01-17 17:04:23 发布
阅读量556 收藏 1
点赞数
分类专栏: kubernetes 文章标签: kubernetes docker 容器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_50589374/article/details/126637540
版权

service类型介绍

ClusterIP:

使用kubectl explain service.spec.type查看service类型
ClusterIP: kubernetes默认的类型,用于k8s内部之间的服务访问,即通过serviceIP就能通过服务间的访问,serviceIP是虚拟的网络,仅可以在集群内访问,不能在集群外访问。

NodePort:

NodePort:在cluster IP的基础之上,在每个node节点监听一个可以指定宿主机端口(nodeport)来暴露服务,从而允许外部client访问k8s集群中的服务,nodePort把外部的请求转发到service,然后由service把具体的请求转发给后端pod进行处理。

LoadBalancer:

LoadBalancer: 主要在公有云上使用,LoadBalancer构建在nodeport基础之上,通过公有云服务商提供的负载均衡器将k8s集群中的服务暴露给集群外部的客户端访问

ExternalName:

ExternalName: 用于将k8s集群外部的服务映射到k8s集群内部,从而让集群内部的pod能够通过servicename访问集群外部的服务。

ingress介绍以及部署

ingress介绍:

官方文档:https://kubernetes.io/zh/docs/concepts/services-networking/ingress/
ingress: ingress是k8s API标准资源类型之一,ingress实现的功能是在应用层对客户端请求的host名称或者url路径把请求转发到对应的service资源的规则,将集群外部的请求资源转发给内部的service,在由service转发给后端的pod来处理具体的请求。
ingress-controller: ingress资源需要指定监听地址,请求的host和url等配置,然后根据这些规则的匹配机制将客户端的请求进行转发,这种能够为ingress配置资源监听并转发流量的组件称为ingress控制器(ingresscontroller),ingresscontroller是kubernetes的一个附件,需要单独部署。
下图是一个将客户端请求转发到 Service 的简单 Ingress 示例:
在这里插入图片描述

ingress部署

参考文档:https://kubernetes.github.io/ingress-nginx/deploy/
推荐以DaemonSet形式部署,这样能够提高性能:
支持的k8s版本为1.23, 1.22, 1.21, 1.20, 1.19,经实际测试1.24版本也使用。

apiVersion: v1
kind: Namespace
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - secrets
  - endpoints
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resourceNames:
  - ingress-controller-leader
  resources:
  - configmaps
  verbs:
  - get
  - update
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - create
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods
  - secrets
  - namespaces
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
rules:
- apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
  - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: v1
data:
  allow-snippet-annotations: "true"
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
---
#apiVersion: v1
#kind: Service
#metadata:
#  labels:
#    app.kubernetes.io/component: controller
#    app.kubernetes.io/instance: ingress-nginx
#    app.kubernetes.io/name: ingress-nginx
#    app.kubernetes.io/part-of: ingress-nginx
#    app.kubernetes.io/version: 1.2.0
#  name: ingress-nginx-controller
#  namespace: ingress-nginx
#spec:
#  ipFamilies:
#  - IPv4
#  ipFamilyPolicy: SingleStack
#  ports:
#  - appProtocol: http
#    name: http
#    port: 80
#    protocol: TCP
#    targetPort: http
#  - appProtocol: https
#    name: https
#    port: 443
#    protocol: TCP
#    targetPort: https
#  selector:
#    app.kubernetes.io/component: controller
#    app.kubernetes.io/instance: ingress-nginx
#    app.kubernetes.io/name: ingress-nginx
#  type: NodePort
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
spec:
  ports:
  - appProtocol: https
    name: https-webhook
    port: 443
    targetPort: webhook
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: ClusterIP
---
apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
    spec:
      hostNetwork: true #使用宿主机网络
      hostPID: true #使用宿主机Pid
      containers:
      - args:
        - /nginx-ingress-controller
        - --election-id=ingress-controller-leader
        - --controller-class=k8s.io/ingress-nginx
        - --ingress-class=nginx
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
        image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/ingress-nginx:v1.2.0 
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - /wait-shutdown
        livenessProbe:
          failureThreshold: 5
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: controller
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
        - containerPort: 8443
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          requests:
            cpu: 100m
            memory: 90Mi
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - ALL
          runAsUser: 101
        volumeMounts:
        - mountPath: /usr/local/certificates/
          name: webhook-cert
          readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
      - name: webhook-cert
        secret:
          secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.2.0
      name: ingress-nginx-admission-create
    spec:
      containers:
      - args:
        - create
        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
        - --namespace=$(POD_NAMESPACE)
        - --secret-name=ingress-nginx-admission
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/kube-webhook-certgen:v1.1.1 
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.2.0
      name: ingress-nginx-admission-patch
    spec:
      containers:
      - args:
        - patch
        - --webhook-name=ingress-nginx-admission
        - --namespace=$(POD_NAMESPACE)
        - --patch-mutating=false
        - --secret-name=ingress-nginx-admission
        - --patch-failure-policy=Fail
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/kube-webhook-certgen:v1.1.1 
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: nginx
spec:
  controller: k8s.io/ingress-nginx
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.2.0
  name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: ingress-nginx-controller-admission
      namespace: ingress-nginx
      path: /networking/v1/ingresses
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: validate.nginx.ingress.kubernetes.io
  rules:
  - apiGroups:
    - networking.k8s.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ingresses
  sideEffects: None

示例说明

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    app: myserver-tomcat-app1-deployment-label
  name: myserver-tomcat-app1-deployment
  namespace: myserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: myserver-tomcat-app1-selector
  template:
    metadata:
      labels:
        app: myserver-tomcat-app1-selector
    spec:
      containers:
      - name: myserver-tomcat-app1-container
        image: tomcat:7.0.94-alpine 
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
          protocol: TCP
          name: http
        resources:
          limits:
            cpu: 1
            memory: "512Mi"
          requests:
            cpu: 500m
            memory: "512Mi"
---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: myserver-tomcat-app1-service-label
  name: myserver-tomcat-app1-service
  namespace: myserver
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
    nodePort: 40003
  selector:
    app: myserver-tomcat-app1-selector

实现单个虚拟主机:

#apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: myserver
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型
    nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
    nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客户端上传文件,最大大小,默认为20m
    #nginx.ingress.kubernetes.io/rewrite-target: / ##URL重写
    nginx.ingress.kubernetes.io/app-root: /index.html

#spec:
#  rules: #路由规则
#  - host: www.example.com ##客户端访问的host域名
#    http:
#      paths:
#      - path:
#        backend:
#          serviceName: myserver-nginx-service  #转发至哪个service
#          servicePort: 80 ##转发至service的端口号

spec:
  rules:
  - host: www.example.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: myserver-tomcat-app1-service 
            port:
              number: 80

实现多个虚拟主机:

#apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: myserver
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型
    nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
    nginx.ingress.kubernetes.io/proxy-body-size: "10m" ##客户端上传文件,最大大小,默认为20m
    #nginx.ingress.kubernetes.io/rewrite-target: / ##URL重写
    nginx.ingress.kubernetes.io/app-root: /index.html
#spec:
#  rules:
#  - host: www.example.com
#    http:
#      paths:
#      - path:
#        backend:
#          serviceName: myserver-tomcat-app1-service
#          servicePort: 80

#  - host: mobile.example.com
#    http:
#      paths:
#      - path:
#        backend:
#          serviceName: myserver-tomcat-app2-service 
#          servicePort: 80

spec:
  rules:
  - host: www.example.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: myserver-tomcat-app1-service
            port:
              number: 80


  - host: mobile.example.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: myserver-tomcat-app2-service
            port:
              number: 80

基于客户端请求的同一个 host 不同的 URL 进行转发

#apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: myserver
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型
    nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定义的path可以使用正则表达式
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##连接超时时间,默认为5s
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服务器回转数据超时时间,默认为60s
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服务器响应超时时间,默认为60s
    nginx.ingress.kubernetes.io/proxy-body-size: "10m" ##客户端上传文件,最大大小,默认为20m
    #nginx.ingress.kubernetes.io/rewrite-target: / ##URL重写
    nginx.ingress.kubernetes.io/app-root: /index.html
spec:
  rules:
#  - host: www.example.com
#    http:
#      paths:
#      - path: /myserver
#        backend:
#          serviceName: myserver-tomcat-app1-service
#          servicePort: 80
#      - path: /myserver2
#        backend:
#          serviceName: myserver-tomcat-app2-service 
#          servicePort: 80

  - host: www.example.com
    http:
      paths:
      - pathType: Prefix
        path: "/testpath1"
        backend:
          service:
            name: myserver-tomcat-app1-service
            port:
              number: 80

      - pathType: Prefix
        path: "/testpath2"
        backend:
          service:
            name: myserver-tomcat-app2-service
            port:
              number: 80

ingress实现单域名https

创建证书秘钥

certs# openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=www.example.com'
certs# openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=www.example.com'
certs# openssl x509 -req -sha256 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
kubectl  create secret tls  tls-secret-www     --cert=server.crt     --key=server.key      -n myserver

#apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: myserver
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型
    nginx.ingress.kubernetes.io/ssl-redirect: 'true' #SSL重定向,即将http请求强制重定向至https,等于nginx中的全站https
spec:
  tls:
  - hosts:
    - www.example.com
    secretName: tls-secret-www
#  rules:
#  - host: www.example.com
#    http:
#      paths:
#      - path: /
#        backend:
#          serviceName: myserver-tomcat-app1-service
#          servicePort: 80

  rules:
  - host: www.example.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: myserver-tomcat-app1-service
            port:
              number: 80

ingress实现多域名https

#apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: name-virtual-host-ingress
  namespace: myserver
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
  tls:
  - hosts:
    - foo.bar.com
    secretName: tls-secret-foo
  - hosts:
    - bar.foo.com
    secretName: tls-secret-bar
  rules:
  - host: foo.bar.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: myserver-tomcat-app1-service
            port:
              number: 80


  - host: bar.foo.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: myserver-tomcat-app2-service
            port:
              number: 80
zhangjwnx
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
K8s之NodePort LoadBalancer和Ingress的区别
等风来也chen
10-24 1万+
ClusterIP ClusterIP服务是k8s默认的服务。给你一个集群内的服务,集群内的其他应用都可以访问该服务,集群外部无法访问它。 ClusterIP服务的yaml文件类似如下: apiVersion: v1 kind: Service metadata: name: my-internal-service selector: app: my-app spec: t...
k8s的入门教程4 --对外发布服务nodePort和Ingress
朱海燕的博客日记
06-13 2751
对外发布服务 可以让集群外访问集群内部的服务,服务可能来自第三方或者其他团队,无法把所有服务都放入集群内部,这时候我们就需要集群内部和集群外部的服务能够实现互访 -对外提供服务:nodePort -对外提供服务:ingress nodePort发布服务 语法格式: kubectl expose 资源类型 资源名称 --type=NodePort --port=80 --target-port=80 --name=服务名称 [root@kubemaseter ~]# vimt6.yaml...
k8s-service-nodeport与ingress
查士丁尼绵_的博客
08-21 2814
nodeport类型的服务通过每个节点上暴露的ip和端口路由到ClusterIP服务,所以可从外部访问。外部客户端如何通过负载均衡器和Ingress控制器访问到pod?
Ingress vs. NodePort:Kubernetes 服务暴露方式的对比
weixin_50606361的博客
09-10 662
IngressKubernetes中的一种资源类型,用于管理HTTP和HTTPS流量的路由。它允许您将多个服务映射到同一IP地址和端口,并基于域名或路径将流量路由到适当的服务。NodePort是Kubernetes中的一种服务类型,允许将服务绑定到每个节点的IP地址和端口上。NodePort服务将外部流量通过节点的特定端口路由到后端服务。Ingress和NodePort都是在Kubernetes中暴露服务的有效方式,但它们适用于不同的使用案例和需求。选择哪种方法取决于特定场景和配置复杂性。
Kubernetes网络三部曲之三 ~ NodePort vs LoadBalancer vs Ingress
meser88的博客
06-15 3909
在上一篇《Kubernetes网络三部曲~Service网络》中,波波讲解了K8s的4层网络栈中的第2层Service网路。有了Service网络,K8s集群内的应用可以通过服务名/ClusterIP进行统一寻址和访问,而不需要关心应用集群中到底有多少个Pods,Pod的IP是什么,会不会变化,以及如何以负载均衡方式去访问等问题。但是,K8s的Service网络只是一个集群内部网络,集群外部是无法直接访问的。而我们发布的应用,有些是需要暴露出去,要让外网甚至公网能够访问的,这样才能对外输出业务价值。
7-k8s部署Ingress1
08-08
(2)-创建ConfigMap来保存配置数据或环境变量 (3)-创建Ingress用到的ServiceAccount、ClusterRole、Role、Role
demoaspnet5aksagic:通过GitHub Actions部署到Azure Kubernetes Service和Application Gateway Ingress Controller的.NET 5中的示例Web应用程序
05-11
demoaspnet5aksagic 带有GitHub Actions的.NET 5中的示例Web应用程序到Azure Kubernetes服务和Application Gateway Ingress Controller资源
citrix-k8s-ingress-controller:适用于Kubernetes的Citrix ADC(NetScaler)入口控制器:
02-03
citrix-k8s-ingress-controller:适用于Kubernetes的Citrix ADC(NetScaler)入口控制器:
service mesh 学习实践笔记.zip
08-17
16 | Ingress 和 Egress:入口流量和出口流量控制 17 | 金丝雀发布:金丝雀部署和版本控制 18 | 如何利用组件做到服务的可观测性? (关注【云世】公众号,免费获取课程全部内容。) 模块三:自己动手用 Go 实现 ...
k8s部署ingress-nginx脚本,ingress-nginx v1.2.0版本deploy.yaml
10-19
kubernetes 中的 pod 中容器想要对外部用户...端口的方式访问,而在 ingress 当中可以使用七层协议(HTTP/HTTPS)的服务方式来实现负载均衡以及 k8s 集群内部服务和客户端之间的通信(既可以通过域名和主机名的方式)
k8s nodepoet 端口修改_限定k8s的nodeport只在固定主机上开放
weixin_32516271的博客
02-17 1177
isunkubernetes浏览:1,145八月 6, 2020默认情况下kubernetes会在集群所有主机上开放nodeport,我们可以限制nodeport端口只在固定几台主机上开放,这几台主机作为专用的集群流量入口,这样便于管理,也避免了node节点上端口的浪费。通过kube-proxy –help命令可以查看kube-proxy支持的参数其中–nodeport-address参数可以用来...
漫话Kubernetes的网络架构,该用NodePort还是Ingress还是load balancer?
Tom098的博客
01-31 1252
要说清楚Kubernetes的网络架构,需要对计算机网络有比较深入的理解,至少是实战的CCNA or CCNP level的网络工程师,并且要对现代Linux所具备的各种网络功能非常理解才能彻底搞清楚底层实现细节,比如Linux的birdge, firewall (iptable), router/NAT等等功能。 现代Linux操作系统已经远远不是一个传统的单一操作系统,他集成了操作系统,交换机,路由器,防火墙等等很多功能。由于虚拟机、容器技术的发展,很多在传统网络设备中才有的功能,比如switch/r
Kubernetes】第八篇 - Ingress 路由转发的介绍与使用
BraveWangDev
02-23 2569
上一篇,通过 Service 服务,解决了 pod 的 IP 漂移问题;K8s 的 Pod 和 Service 通过 NodePort 将服务暴露到外部,随着服务增加端口就变得不好管理;所以,通常情况下会设计一个 Ingress 进行路由转发方便统一管理;本篇,介绍 Ingress 的使用;ingress:意思是入口、进入;Ingresskubernetes 组件,能够帮助服务实现负载均衡:根据路径前缀匹配、权重、cookie、header 值访问不同的服务;
k8s之对外服务ingress
2303_79207100的博客
01-17 1491
ingress的作用是定义请求如何转发到service的规则,相当于一个配置模板,ingress通过http和https暴露集群内部的service,给service提供一个外部的url、负载均衡、ssl/tls(https)功能,实现一个基于域名的负载均衡。nginx-controller默认配置的一个bachend,反向代理的端口,所有请求中,只要是不符合ingress配置的请求会转发到8181,相当于一个error页面。云平台上的service服务,由云平台提供负载均衡的IP地址。
k8s---对外服务 ingress
最新发布
qq_51506982的博客
01-17 1278
ingress的核心组件traefik都是开源的ingress-controller。
nginx-ingress部署+跨命名空间转发
大新新大浩浩的博客
03-01 2725
k8s 1.23部署nginx-ingress并配置跨namespace访问
k8s(四)—service服务(暴露方式:ClusterIP、NodePort、LoadBalancer、ExternalName、ingress)
qq_43114229的博客
03-26 7533
[root@server2 ~]# kubectl -n kube-system get pod | grep proxy 每个节点都有haproxy kube-proxy-d6cp2 1/1 Running 6 (121m ago) 5d12h kube-proxy-pqn5q 1/1 Running 6 (121m ago) 5d12h kube-proxy-xt2m9 ..
NodePort vs LoadBalancer vs Ingress
linxi7的博客
04-03 861
前言 在上一篇《Kubernetes网络三部曲~Service网络》中,介绍了K8s的4层网络栈中的第2层Service网路。有了Service网络,K8s集群内的应用可以通过服务名/ClusterIP进行统一寻址和访问,而不需要关心应用集群中到底有多少个Pods,Pod的IP是什么,会不会变化,以及如何以负载均衡方式去访问等问题。但是,K8s的Service网络只是一个集群内部网络,集群外部是无法直接访问的。而我们发布的应用,有些是需要暴露出去,要让外网甚至公网能够访问的,这样才能对外输出业务价值。K8s
Kubernetes——使用NodePort的方式让外部访问Tomcat集群
卑微小韩
11-22 2317
文章目录使用NodePort的方式外部访问Tomcat集群一、通过NodePort的方式1.1 引入服务概念1.2 yml中写一个service1.2.1 关于port、targetPort、nodePort的解释1.3 部署service1.3.1 创建service1.3.2 查看service状态1.3.3 查看service详细状态1.3.4 访问测试Kubernetes其他文档列表 使用NodePort的方式外部访问Tomcat集群 一、通过NodePort的方式 1.1 引入服务概念 此时,
怎么看ingress-controller service 部署在哪台机器
06-06
您可以通过以下步骤来查看 ingress-controller service 部署在哪台机器上: 1. 运行以下命令获取 ingress-controller 的 service 名称: ``` kubectl get svc -n ``` 其中 `<namespace>` 是 ingress-...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值