k8s 对外服务设置
对外服务方式
- kube-proxy 只允许本地访问
- NodePort 使用物理机端口和k8s service虚拟ip:端口 映射
- LoadBalancer 使用NodeIp+Nodeport的方式实现, 配合云环境GCE、aws提供的负载地址
- ingress 使用开源的反向代理负载均衡器来实现对外暴漏服务,比如 Nginx、Apache、Haproxy等
ingress-nginx安装使用
git下载ingress-nginx
切换到deploy目录下
修改mandatory.yaml
设置 hostNetwork: true
由于ingress 使用到物理机的80/443 端口,若在master上端口被占用会出现无法使用问题,所以在node节点物理机上进行ingress的安装
master节点
node节点
执行
查看端口
netstat -tunlp
创建ingress-nginx
kubectl apply -f mandatory.yaml
ingress使用
创建my-nginx
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-nginx
spec:
replicas: 2
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx:1.7.9
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30003
selector:
run: my-nginx
创建my-apache
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-apache
spec:
replicas: 2
template:
metadata:
labels:
run: my-apache
spec:
containers:
- name: my-apache
image: httpd:2.4
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-apache
labels:
run: my-apache
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30002
selector:
run: my-apache
创建test-ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
namespace: default
spec:
rules:
- host: test.apache.ingress
http:
paths:
- path: /
backend:
serviceName: my-apache
servicePort: 80
- host: test.nginx.ingress
http:
paths:
- path: /
backend:
serviceName: my-nginx
servicePort: 80
查询ing
kubectl get ing
检验结果
curl -v http://192.168.136.19 -H ‘host: test.apache.ingress’
curl -v http://192.168.136.19 -H ‘host: test.nginx.ingress’
欢迎大家一起加入讨论!!!