ingress
1、ingress——deployment + nodeport
daemonset + hostnetwork
2、ingress——svc——deployment里面的pod
ingress的权限控制:
访问页面的时候,输入账号密码才可以访问页面。
[root@master01 ingress]# yum -y install httpd [root@master01 ingress]# htpasswd -c auth zhailiming #必须是auth [root@master01 ingress]# kubectl create secret generic basic-auth --from-file=auth [root@master01 ingress]# vim ingress-nginx1.yaml 58 metadata: 59 name: nginx-daemon-ingree 60 annotations: 61 #设置认证的类型: 62 nginx.ingress.kubernetes.io/auth-type: basic 63 #设置认证的secret的名称: 64 nginx.ingress.kubernetes.io/auth-secret: basic-auth 65 #设置认证密码窗口的提示信息 66 nginx.ingress.kubernetes.io/auth-realm: 'Hello' [root@master01 ingress]# kubectl apply -f ingress-nginx1.yaml
设置重定向:
[root@master01 ingress]# vim ingress-nginx1.yaml metadata: name: nginx-daemon-ingree annotations: #设定重定向流量的目标连接 nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
ingress的权限控制:
访问页面的时候,输入账号密码才可以访问页面。
basicAuth
traefik ingress controller
专门为了部署k8s微服务开发的http方向代理和负载均衡工具。
自动发现匹配的后端pod的变化,同时有可视化的页面
自动感知变化,实现服务的自动发现。
daemonset+hostnetwork 适用于大集群
deployment+nodeport 适用于内部访问,性能较低
ingress-traaefik 和 ingress-nginx之间的区别。
ingress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,podip地址的变化。
动态实现nginx的配置修改。
ingress-traaefik: 本身就能够和k8s的api交互,感知后端service以及pod的变化。traefik更简单,更方便。
go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml [root@master01 traefik]# kubectl apply -f traefik-rbac.yaml [root@master01 traefik]# kubectl apply -f traefik-deployment.yaml [root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 8d traefik-ingress-service NodePort 10.96.82.99 <none> 80:32079/TCP,8080:30335/TCP 113s traefik-web-ui ClusterIP 10.96.18.158 <none> 80/TCP
[root@master01 traefik]# vim traefik-nginx.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nfs-pvc spec: accessModes: - ReadWriteMany storageClassName: nfs-client-storageclass resources: requests: storage: 2Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: nginx-traefik labels: app1: nginx spec: replicas: 3 selector: matchLabels: app1: nginx template: metadata: labels: app1: nginx spec: containers: - name: nginx image: nginx:1.22 ports: - containerPort: 80 volumeMounts: - name: nfs-pvc mountPath: /usr/share/nginx/html volumes: - name: nfs-pvc persistentVolumeClaim: claimName: nfs-pvc --- apiVersion: v1 kind: Service metadata: name: nginx-traefik-svc spec: type: ClusterIP ports: - protocol: TCP port: 80 targetPort: 80 selector: app1: nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx-traefik-ingree annotations: spec: rules: - host: www.xy102.com http: paths: - path: / pathType: Prefix #前缀匹配,可以匹配/ /test1 /test1/test2 backend: #声明匹配的svc的名称————pod service: name: nginx-traefik-svc port: number: 80 [root@master01 traefik]# kubectl apply -f traefik-nginx.yaml
总结:
ingress:对外提供访问
ingress——根据servicename选择sevic——service把请求根据匹配的标签转发到pod
支持http 80 https 443
deployment+nodeport
daemonset+hostnetwork
ingress-nginx
ingress-traefik