k8s服务暴露流程

段帅星

已于 2022-11-21 23:10:09 修改

阅读量453

点赞数

分类专栏： kubernetes 文章标签： kubernetes 运维 nginx

于 2020-12-12 23:18:22 首次发布

本文链接：https://blog.csdn.net/weixin_47003048/article/details/111085940

版权

kubernetes 专栏收录该内容

41 篇文章 3 订阅

订阅专栏

环境信息：

IP地址	系统	角色
192.168.86.100	centos7.7	master
192.168.86.101	centos7.7	node1
192.168.86.102	centos7.7	node2
192.168.86.7	centos7.7	lb

k8s版本：v1.18.2
helm版本: v3.2.1

一、部署服务并暴露

1、访问过程
domain–>lb–>ingress-nginx-controller的svc (nodeip+nodeport)–>ingress->svc–>pod

2、部署ingress-nginx

安装helm
wget https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz
tar -xf helm-v3.2.1-linux-amd64.tar.gz
mv ./linux-amd64/helm /usr/bin

添加repo源
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

创建ingress的namespace
kubectl create namespace ingress-public
helm install --namespace=ingress-public ingress-nginx-public ingress-nginx/ingress-nginx --version=3.35.0

修改ingress-controller镜像（默认gcr仓库下载不到）
kubectl -n ingress-public set image deployment ingress-nginx-public-controller controller=registry.baidubce.com/k8s.gcr.io/ingress-nginx/controller:v0.48.1 --record

3、部署服务通过ingress暴露(部署到此已经可以通过hosts解析域名加上nodeip和ingress-nginx-controller的svc nodeport端口访问了)

kubecel apply -f ingress-test.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-test
  name: nginx-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-test
  template:
    metadata:
      labels:
        app: nginx-test
    spec:
      containers:
      - image: nginx
        name: nginx
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx-test
  name: nginx-test
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-test
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
  - host: nginx-test.com
    http:
      paths:
      - backend:
          serviceName: nginx-test
          servicePort: 80

二、部署配置LB并测试访问

1、通过nginx配置反向代理ingress-nginx-controller的svc nodeport端口

docker run -itd --restart=unless-stopped -p 80:80 -p 443:443 --name ingress-lb -v /root/ingress/nginx.conf:/etc/nginx/nginx.conf nginx:latest

cat /root/ingress/nginx.conf

worker_processes 4;
worker_rlimit_nofile 40000;

events {
    worker_connections 8192;
}

stream {
    upstream ingress_test_http {
        least_conn;
        server 192.168.86.101:23115 max_fails=3 fail_timeout=5s;
        server 192.168.86.102:23115 max_fails=3 fail_timeout=5s;
    }
    server {
        listen 80;
        proxy_pass ingress_test_http;
    }

}

2、在hosts中添加解析浏览器访问

C:\Windows\System32\drivers\etc\hosts
192.168.86.7 nginx-test.com

三、ingress-nginx配置https证书
1、创建证书secret

kubectl create secret tls ingress-https-secret --cert=ssl.crt --key=ssl.key

2、部署deployment、svc、ingress

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:latest
        name: nginx
        imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-https
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-https-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: ingress-https.onap.vip
    http:
      paths:
      - path:
        backend:
          serviceName: nginx-https
          servicePort: 80
  tls:
  - hosts:
    - ingress-https.onap.vip
    secretName: ingress-https-secret