概述
Kubernetes 具有先进的网络功能,允许Services 和Pods在集群网络内进行通信;Ingress启用与集群的入站连接,允许外部流量到达正确的Pod。
Ingress能够提供外部访问url、负载均衡、集群虚拟主机命名等。本文将介绍如何部署和配置Ingress规则来管理传入的HTTP请求。
创建Deployment
我们需要创建一个http服务器作为我们请求的目的主机,deployment 有三个,分别是:webapp1、webapp2和webapp3,他们对于的service也分别是:webapp1、webapp2和webapp3。
文件deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: webapp1
spec:
replicas: 1
template:
metadata:
labels:
app: webapp1
spec:
containers:
- name: webapp1
image: y.com/docker-http-server:1.0.0
ports:
- containerPort: 80
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: webapp2
spec:
replicas: 1
template:
metadata:
labels:
app: webapp2
spec:
containers:
- name: webapp2
image: y.com/docker-http-server:1.0.0
ports:
- containerPort: 80
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: webapp3
spec:
replicas: 1
template:
metadata:
labels:
app: webapp3
spec:
containers:
- name: webapp3
image: y.com/docker-http-server:1.0.0
ports:
- containerPort: 80
---
name: webapp1-svc
labels:
app: webapp1
spec:
ports:
- port: 80
selector:
app: webapp1
---
apiVersion: v1
kind: Service
metadata:
name: webapp2-svc
labels:
app: webapp2
spec:
ports:
- port: 80
selector:
app: webapp2
---
apiVersion: v1
kind: Service
metadata:
name: webapp3-svc
labels:
app: webapp3
spec:
ports:
- port: 80
selector:
app: webapp3
主节点执行部署命令:
kubectl create -f deployment.yaml
查看deployment状态命令:
kubectl get deployment
部署Ingress
ingress被部署为Replication Controller,该Controller将软件负载均衡(nginx或HAProxy,)和k8s结合,根据定义的规则进行负载和路由。
下面的YAML文件定义了一个基于nginx的Ingress Controller和一个service ,使其在端口80上可以使用ExternalIPs进行外部连接。
cat ingress.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-ingress-rc
labels:
app: nginx-ingress
spec:
replicas: 1
selector:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
spec:
containers:
- image: nginxdemos/nginx-ingress:0.9.0
name: nginx-ingress
ports:
- containerPort: 80
hostPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
labels:
app: nginx-ingress
spec:
externalIPs:
- apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-ingress-rc
labels:
app: nginx-ingress
spec:
replicas: 1
selector:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
spec:
containers:
- image: nginxdemos/nginx-ingress:0.9.0
name: nginx-ingress
ports:
- containerPort: 80
hostPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
labels:
app: nginx-ingress
spec:
externalIPs:
- 172.17.0.61
ports:
- port: 80
name: http
targetPort: 80
selector:
app: nginx-ingress
ports:
- port: 80
name: http
targetPort: 80
selector:
app: nginx-ingress
部署ingress服务命令:
kubectl create -f ingress.yaml
查看服务状态命令:
kubectl get rc
部署ingress访问规则
ingress访问规则是k8s的object类型,访问规则可以基于请求的host;或者请求的路径;或者两者的组合。
规则例子如下:
cat ingress-rules.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: webapp-ingress
spec:
rules:
- host: my.kubernetes.example
http:
paths:
- path: /webapp1
backend:
serviceName: webapp1-svc
servicePort: 80
- path: /webapp2
backend:
serviceName: webapp2-svc
servicePort: 80
- backend:
serviceName: webapp3-svc
servicePort: 80
该规则适用于对主机my.kubernetes.example的请求。基于路径定义了两个规则:1、对于路径/webapp1的请求转发到webapp1-srv上;2、对于路径/webapp2的请求转发到webapp2-srv上;如果没有合适的规则那么就转发到webapp3-srv上。
部署ingress规则命令:
kubectl create -f ingress-rules.yaml
查看状态命令:
kubectl get ing
测试服务
测试1
curl -H “Host: my.kubernetes.example” 172.17.0.61/webapp1
该请求将被deployment(webapp1)处理:
测试2
curl -H “Host: my.kubernetes.example” 172.17.0.61/webapp2
该请求将被deployment(webapp2)处理:
测试3
curl -H “Host: my.kubernetes.example” 172.17.0.61
该请求将被deployment(webapp3)处理:
总结
优点:Ingress支持L4、L7负载均衡;Ingress基于Pod部署,并将Pod网络设置成external network;Ingress controller支持Nginx、Haproxy,能够满足企业内部使用。
缺点:因为pod是临时的,由于Ingress Controller也是基于Pod部署,这样Ingress对外的IP会发生变化。在企业内部都会在防火墙上给Service的访问IP设定规则,而IP变动对这一机制是致命的,因为企业不可能经常手动修改防火墙规则。
转载请标明出处