一、lngress介绍
在kubernetes中 服务和pod的IP地址仅可以在集群网络内部使用,对于集群外的应用是不可见的。
为了使外部的应用能够访问集群内的服务,在kubernetes目前,提供了以下几种方案:
1.NodePort
2.LoadBalancer
3.lngress
其中ingress controller目前主要有两种:基于nginx服务的ingress cintroller和基于traefik的ingress controller
而其中traefik的ingress controller 目前支持http和https协议。由于对nginx比较熟悉,而且需要使用TCP负载,所以我们在此选择的是基于nginx服务的ingress controller。
1.lngress组成:
2.lngress工作原理:
3.lngress可以解决什么问题:
4.ingress与ingress-controller
5.ingress-controller
6.ingress
二、ingress部署
1.下载配置文件 并修改
https://github.com/kubernetes/ingress-nginx/releases/tag/ingress-nginx-2.11.2
vimmandatory.yaml
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
hostNetwork: true
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector:
kubernetes.io/os: linux
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.28.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
allowPrivilegeEscalation: true
capabilities:
默认情况下ingress nginx 是没有添加service资源的,不添加service资源也是可以的,但是在ingress nginx的pod日志里面会报找不到相应的service。
2.通过ingress-controller对外提供服务,现在还需要手动给ingress-controller建立一个service,接受集群外部流量
vim mandatory.yaml
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: ingress-nginx
name: ingress-nginx
namespace: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
type: NodePort
3.创建ingressguize
vim ingress-rule.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web
spec:
rules:
- host: wang.test.com
http:
paths:
- backend:
serviceName: web
servicePort: 80
vim httpd.yml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: http-web
name: http-web
spec:
replicas: 2
selector:
matchLabels:
app: http-web
template:
metadata:
labels:
app: http-web
spec:
containers:
- image: httpd
name: httpd
---
apiVersion: v1
kind: Service
metadata:
labels:
app: web
name: web
spec:
selector:
app: http-web
ports:
- port: 80
protocol: TCP
targetPort: 80
type: NodePort
通过域名访问ingress
验证结果: