ingress组成
- ingress controller
将新加入的Ingress转化成Nginx的配置文件并使之生效。- ingress service
对外暴露ingress controller管理的nginx服务,即把ingress controller
的pod的80端口和443端口对外暴露,记录这个service的访问入口,即为ingress的访问入口地址。
Tip:如果是公有云环境中,就需要创建LoadBalancer类型的serviece
ingress工作原理
- ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化,
- 然后读取它,按照自定义的规则,规则就是写明了哪个域名对应哪个service,生成一段nginx配置,
- 再写到nginx-ingress-control的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器会把生成的nginx配置写入/etc/nginx.conf文件中,
- 然后reload一下使配置生效。以此达到域名分配置和动态更新的问题。
ingress实践
- 安装 ingress controller
- 安装 ingress service
# EXTERNAL-IP的地址即为ingress的访问入口地址
k get svc/nginx-ingress-lb -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-lb LoadBalancer 192.168.157.54 172.16.38.132 80:31985/TCP,443:31352/TCP 8d
- 安装 ingress
# nginx-deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: svc-test
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
# nginx-service
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: svc-test
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 8087
targetPort: 80
nodePort: 31557
type: LoadBalancer
# nginx-ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: svc-test
spec:
rules:
- host: demo.localdev.me
http:
paths:
- path: /
backend:
serviceName: nginx-service
servicePort: 8087
# ADDRESS会自动绑定ingress service的EXTERNAL-IP
kargo get ing -n svc-test
NAME CLASS HOSTS ADDRESS PORTS AGE
nginx-ingress <none> demo.localdev.me 172.16.38.132 80 24m
配置好本地host后即可通过域名访问,配置如下:
demo.localdev.me 172.16.38.132