阿里云通过nginx-ingress-controller 暴露服务

最新推荐文章于 2024-06-07 14:22:54 发布
最新推荐文章于 2024-06-07 14:22:54 发布
阅读量2.7k 收藏 4
点赞数
分类专栏: kubernetes
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xiojing825/article/details/107638776
版权

本文有参考:阿里云的文档:https://developer.aliyun.com/article/721569。然后参考对照实际部署的k8s集群。梳理部署在k8s的不同应用如何在公网被不同的域名访问到。

理解:
实际nginx-ingress-controller 就是在k8s集群中创建一个具有类似nginx作用的应用。此nginx 应用负责接受所有来自不同域名的请求,然后根据不同ingress 定义的规则转发到对应的service。

  1. 看一下nginx-ingress service
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"nginx-ingress-lb"},"name":"nginx-ingress-lb","namespace":"kube-system"},"spec":{"ports":[{"name":"http","port":80,"targetPort":80},{"name":"https","port":443,"targetPort":443}],"selector":{"app":"ingress-nginx"},"type":"LoadBalancer"}}
  creationTimestamp: '2019-06-04T11:49:59Z'
  labels:
    app: nginx-ingress-lb
  name: nginx-ingress-lb
  namespace: kube-system
  resourceVersion: '147529875'
  selfLink: /api/v1/namespaces/kube-system/services/nginx-ingress-lb
  uid: 6106e164-7f80-11e8-b128-00163e10ac41
spec:
  clusterIP: 10.1.1.135
  externalTrafficPolicy: Local
  healthCheckNodePort: 31999
  ports:
    - name: http
      nodePort: 30613
      port: 80
      protocol: TCP
      targetPort: 80
    - name: https
      nodePort: 31070
      port: 443
      protocol: TCP
      targetPort: 443
  selector:
    app: ingress-nginx
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
      - ip: xx.xx.xxx.xxx

解释: 该service选择暴露服务的type 为LoadBalancer,这样就可以被外网访问到。LoadBalancer的实际ip地址为:xx.xx.xxx.xxx。假设集群中有A 、B两个应用,分别需要使用 a.com、b.com 访问。那么将这两个域名的的A记录的解析值都设置为:LoadBalancer的实际ip地址为:xx.xx.xxx.xxx。

  1. 上文1中只是创建了一个service,指定了service对应的应用。在运行的集群中使用命令可以看到对应的deploy。
kubectl get  deploy  -n kube-system -l app=ingress-nginx
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
nginx-ingress-controller   1/1     1            1           2y24d

如下是deploy的yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    component.revision: v5
    component.version: v0.22.0
    deployment.kubernetes.io/revision: '2'
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"component.revision":"v5","component.version":"v0.22.0"},"labels":{"app":"ingress-nginx"},"name":"nginx-ingress-controller","namespace":"kube-system"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"ingress-nginx"}},"template":{"metadata":{"annotations":{"prometheus.io/port":"10254","prometheus.io/scrape":"true","scheduler.alpha.kubernetes.io/critical-pod":""},"labels":{"app":"ingress-nginx"}},"spec":{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["ingress-nginx"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}},"containers":[{"args":["/nginx-ingress-controller","--configmap=$(POD_NAMESPACE)/nginx-configuration","--tcp-services-configmap=$(POD_NAMESPACE)/tcp-services","--udp-services-configmap=$(POD_NAMESPACE)/udp-services","--annotations-prefix=nginx.ingress.kubernetes.io","--publish-service=$(POD_NAMESPACE)/nginx-ingress-lb","--v=2"],"env":[{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}],"image":"registry-vpc.cn-beijing.aliyuncs.com/acs/aliyun-ingress-controller:v0.22.0.5-552e0db-aliyun","livenessProbe":{"failureThreshold":3,"httpGet":{"path":"/healthz","port":10254,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"name":"nginx-ingress-controller","ports":[{"containerPort":80,"name":"http"},{"containerPort":443,"name":"https"}],"readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/healthz","port":10254,"scheme":"HTTP"},"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"70Mi"}},"securityContext":{"capabilities":{"add":["NET_BIND_SERVICE"],"drop":["ALL"]},"runAsUser":33},"volumeMounts":[{"mountPath":"/etc/localtime","name":"localtime","readOnly":true}]}],"initContainers":[{"command":["/bin/sh","-c","mount
      -o remount rw /proc/sys\nsysctl -w net.core.somaxconn=65535\nsysctl -w
      net.ipv4.ip_local_port_range=\"1024 65535\"\nsysctl -w
      fs.file-max=1048576\nsysctl -w fs.inotify.max_user_instances=16384\nsysctl
      -w fs.inotify.max_user_watches=524288\nsysctl -w
      fs.inotify.max_queued_events=16384\n"],"image":"registry-vpc.cn-beijing.aliyuncs.com/acs/busybox:v1.29.2","name":"init-sysctl","securityContext":{"capabilities":{"add":["SYS_ADMIN"],"drop":["ALL"]}}}],"nodeSelector":{"beta.kubernetes.io/os":"linux"},"serviceAccountName":"nginx-ingress-controller","volumes":[{"hostPath":{"path":"/etc/localtime","type":"File"},"name":"localtime"}]}}}}
  creationTimestamp: '2018-07-04T11:49:59Z'
  generation: 2
  labels:
    app: ingress-nginx
  name: nginx-ingress-controller
  namespace: kube-system
  resourceVersion: '169291104'
  selfLink: /apis/apps/v1/namespaces/kube-system/deployments/nginx-ingress-controller
  uid: 610c6dac-7f80-11e8-b128-00163e10ac41
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: ingress-nginx
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
        scheduler.alpha.kubernetes.io/critical-pod: ''
      labels:
        app: ingress-nginx
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - ingress-nginx
                topologyKey: kubernetes.io/hostname
              weight: 100
      containers:
        - args:
            - /nginx-ingress-controller
            - '--configmap=$(POD_NAMESPACE)/nginx-configuration'
            - '--tcp-services-configmap=$(POD_NAMESPACE)/tcp-services'
            - '--udp-services-configmap=$(POD_NAMESPACE)/udp-services'
            - '--annotations-prefix=nginx.ingress.kubernetes.io'
            - '--publish-service=$(POD_NAMESPACE)/nginx-ingress-lb'
            - '--v=2'
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
          image: >-
            registry-vpc.cn-beijing.aliyuncs.com/acs/aliyun-ingress-controller:v0.22.0.5-552e0db-aliyun
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          name: nginx-ingress-controller
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
            - containerPort: 443
              name: https
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          resources:
            requests:
              cpu: 100m
              memory: 70Mi
          securityContext:
            capabilities:
              add:
                - NET_BIND_SERVICE
              drop:
                - ALL
            runAsUser: 33
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /etc/localtime
              name: localtime
              readOnly: true
      dnsPolicy: ClusterFirst
      initContainers:
        - command:
            - /bin/sh
            - '-c'
            - |
              mount -o remount rw /proc/sys
              sysctl -w net.core.somaxconn=65535
              sysctl -w net.ipv4.ip_local_port_range="1024 65535"
              sysctl -w fs.file-max=1048576
              sysctl -w fs.inotify.max_user_instances=16384
              sysctl -w fs.inotify.max_user_watches=524288
              sysctl -w fs.inotify.max_queued_events=16384
          image: 'registry-vpc.cn-beijing.aliyuncs.com/acs/busybox:v1.29.2'
          imagePullPolicy: IfNotPresent
          name: init-sysctl
          resources: {}
          securityContext:
            capabilities:
              add:
                - SYS_ADMIN
              drop:
                - ALL
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
      nodeSelector:
        beta.kubernetes.io/os: linux
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: nginx-ingress-controller
      serviceAccountName: nginx-ingress-controller
      terminationGracePeriodSeconds: 30
      volumes:
        - hostPath:
            path: /etc/localtime
            type: File
          name: localtime
status:
  availableReplicas: 1
  conditions:
    - lastTransitionTime: '2018-07-04T11:51:09Z'
      lastUpdateTime: '2018-07-04T11:51:09Z'
      message: Deployment has minimum availability.
      reason: MinimumReplicasAvailable
      status: 'True'
      type: Available
    - lastTransitionTime: '2018-07-04T11:51:09Z'
      lastUpdateTime: '2020-04-01T22:02:46Z'
      message: >-
        ReplicaSet "nginx-ingress-controller-5fc8b968d6" has successfully
        progressed.
      reason: NewReplicaSetAvailable
      status: 'True'
      type: Progressing
  observedGeneration: 2
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1
  1. 继续使用命令可以看到deploy对应的pod
 kubectl get  pod  -n kube-system -l app=ingress-nginx
NAME                                        READY   STATUS    RESTARTS   AGE
nginx-ingress-controller-5fc8b968d6-s8gmc   1/1     Running   1          78d

使用命令进入到pod中查看/etc/nginx/nginx.conf ,我们可以看到在ingress配置的域名在配置nginx.conf中出现。看到这里就应该明白了nginx-ingress-controller 实际类似nginx 的意思。

  1. 查看一个ingress的yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"ssyl-admin-ingress","namespace":"default"},"spec":{"rules":[{"host":"admin.com","http":{"paths":[{"backend":{"serviceName":"service-admin","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["admin.com"],"secretName":"admin.com"}]}}
    nginx.ingress.kubernetes.io/service-weight: ''
  creationTimestamp: '2019-09-25T07:01:52Z'
  generation: 3
  name: admin-ingress
  namespace: default
  resourceVersion: '169280718'
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/admin-ingress
  uid: e15d1ea1-c090-11e8-b6f2-00163e109a9e
spec:
  rules:
    - host: admin.com
      http:
        paths:
          - backend:
              serviceName: service-admin
              servicePort: 80
            path: /
  tls:
    - hosts:
        - admin.com
      secretName: admin.com
status:
  loadBalancer:
    ingress:
      - ip: xx.xx.xxx.xxx

解释:该ingress的作用就是将域名为admin.com的请求转发到名称为service-admin的服务上。域名admin.com 可以在3中的配置nginx.conf上看到。

好了,到这里就梳理完毕。在总结一下吧:不同域名解析到同一个LoadBalancer的 IP,假设为ip-a;然后nginx-ingress-controller 的service 的type 为LoadBalancer,ip为前面说的ip-a。这样不同域名的请求就被转发到了nginx-ingress-controller 的service。而nginx-ingress-controller 的service所对应的pod会根据 ingress定义的规则,再将不同域名的请求转发到不同的service上。

熊先生的博客
关注
  • 0
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
nginx代理rocketmq端口
weixin_33743661的博客
04-20 1953
1、环境说明系统:centos7因为办公电脑和搭建rocketmq服务服务器不在一个网段,而且办公电脑业无法访问该服务器除了80和8080以外的其他端口,所以要对rocketmq的9876端口做转发。2、修改rocketmq配置$ /data/webApps/rocketmq/conf$ vi broker.conf注释下面两行#namesrvAddr = 192.168...
基于阿里云ingress-nginx 外部认证实战【部分未完成】
wangbeilin123的专栏
05-12 1243
基于阿里云平台,实现了 ingress 网络流量入口相关基础知识和部署说明
k8s学习--ingress详细解释与应用(nginx ingress controller))
最新发布
lwxvgdv的博客
06-07 3136
Ingress 是 Kubernetes 中用于管理集群内服务暴露的 API 资源。它提供了 HTTP 和 HTTPS 路由功能,使外部流量能够访问集群内部的服务。通过定义 Ingress 资源,可以控制哪些外部请求能够访问集群中的哪些服务,以及如何路由这些请求。
分布式开放消息系统(RocketMQ)的原理与实践
weixin_33872660的博客
02-25 601
这篇文章写成距今(201808)已经两年半了,其中的内容我已经不能保证是否已经过时,由于当前的业务中也没有在使用RocketMQ,因此很少有时间再去刨代码,很多实践方面的问题也不能很好的为大家解决。因此,建议大家权当入门文章看看,实践中遇到问题的话,在本机跑一跑代码且调试一下,或者去社区逛逛,有可能对你解决...
RocketMQ + Ngrok 内网穿透配置
dao_feng的博客
12-19 622
RocketMQ + Ngrok 内网穿透配置RocketMQ `broker` 配置Ngrok配置 JAVA: 1.8.0_261 RocketMQ: 4.7.1 Ngrok RocketMQ broker 配置 brokerIP1 = [Ngrok的域名] # 设置borker绑定的端口,默认是:10911 listenPort = 10911 启动broker时需要添加参数-c指定配置文件 Ngrok配置 server_addr: [Ngrok服务器配置] trust_host_root_
玩转阿里云之ack 部署高可靠ingress Controller
manwufeilong的博客
10-24 1693
部署高可靠性ingress controller,使用多副本部署的方式解决单点故障问题,同时,采用一个Ingress服务独占一个Ingress节点的方式,由多个独占Ingress实例组成统一接入层来承载集群入口流量,同时可依据后端业务流量水平扩缩容Ingress节点,避免业务应用与Ingress服务发生资源抢占。架构如下创建ingress专用节点池部署ingress controler配置ingress controler到指定节点池。
nginx-ingress-controller-0.30.0.tar
09-28
因为网络原因不能下载quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0,可以使用这个镜像
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0镜像包
03-06
kubernetes的quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0镜像包,版本为v0.20.0。文件先解压,之后得到nginx-ingress-controller.0.20.0.tar
ingress-nginx-controller(含镜像和代码).rar
10-28
ingress-nginx-controller 是 Kubernetes 社区维护的一个项目,它提供了对 Ingress 资源的实现,使得可以通过定义简单的 YAML 文件来管理对外暴露服务路由。Nginx 作为业界广泛使用的高性能反向代理服务器,其稳定...
ingress-nginx-controller-1.9.yaml
10-18
修改好 "ingress-nginx-controller-1.9.yaml" 文件后,可以使用 `kubectl apply -f ingress-controller-1.9.yaml` 命令进行部署。对于 "nginx-tomcat-svc-ingress.yaml" 和 "nginx-tomcat-deploy.yaml",同样使用 `...
nginx-ingress-controller日志持久化方案的解决
01-09
最近看到一篇公众号讲了nginx-ingress-controller的应用。下面有人评论如何做日志持久化,刚好工作上遇到该问题,整理一个方案,仅供参考。 nginx-ingress-controller的日志 nginx-ingress-controller的日志包括三...
RocketMQ 阿里云部署 公网IP 配置
m0_37859502的博客
05-16 2612
今天将RocketMQ部署到阿里云上的时候 发现一直抱如下错误 [2022-05-16 13:11:33.207] ERROR collectTopicThread_6 - Failed to collect topic: TopicTest data org.apache.rocketmq.remoting.exception.RemotingConnectException: connect to 172.21.67.142:10911 failed at org.apache.rocketmq.re
阿里云ECS服务器的RocketMQ配置Java程序公网连接
终生学习践行者
03-30 2552
阿里云ECS服务器的RocketMQ配置Java程序公网连接
如何使用Nginx公网上搭建加密数据通道?
芋艿V
04-26 253
点击上方“芋道源码”,选择“设为星标”管她前浪,还是后浪?能浪的浪,才是好浪!每天 10:33更新文章,每天掉亿点点头发...源码精品专栏原创 | Java 2021超神之路,很肝~中文详细注释的开源项目RPC 框架 Dubbo 源码解析网络应用框架 Netty 源码解析消息中间件 RocketMQ 源码解析数据库中间件 Sharding-JDBC 和 MyCAT ...
RocketMQ通过端口映射/nginx转发后无法访问broker导致的消费数据问题
DayHappyEveryOne的博客
09-22 991
到这一步理论上应该结束了,但是通过报文可以知道,发出来的走的是10911,但是正常为了安全考虑,一般不会映射默认端口出来,所以还得改broker.conf中的listenPort(Broker 对外服务的监听端口),要与映射端口一致才可以,配置好后外网正常取数。最近因为正好用到了RocketMQ,配置了后因为网络安全原因,需要做多层转发到外网访问,并添加了acl控制,内网测试时一切正常,但是发现9876映射出去后,发现消费端消费不到数据并且无报错,因此兜兜转转花了2天多才解决。具体就是这两个属性(
初试 Kubernetes 暴漏服务类型之 Nginx Ingress
热门推荐
哎_小羊的博客
11-09 1万+
Kubernetes 暴露服务的三种方式:LoadBlancer Service、NodePort Service、Ingress。官网对 Ingress 的定义为管理对外服务到集群内服务之间规则的集合,通俗点讲就是定义规则来允许进入集群的请求被转发到集群中对应服务上,从来实现服务暴漏。 Ingress 能把集群内 Service 配置成外网能够访问的 URL,流量负载均衡,终止SSL,提供基于域名访问的虚拟主机等
阿里云简介
weixin_41973331的博客
09-06 2053
关系型数据库(Relational Database Service)是一种稳定可靠、可弹性伸缩的在线数据库服务基于阿里云分布式文件系统和SSD盘高性能存储,RDS支持多种数据库引擎,并且提供了容灾、备份、恢复、监控、迁移等方面的全套解决方案RDS支持实例管理(创建、变更等)、备份恢复、日志审计、监控报警等负载均衡(Server Load Balancer)是对多台云服务器进行流量分发的负载均衡服务。负载均衡可以通过流量分发扩展应用系统对外的服务能力,通过消除单点故障提升应用系统的可用性。
阿里云AliCloud
AlisoftRD的专栏
09-08 1625
估计中国最大的专业‘云计算Cloud Computing’公司将诞生于alibaba,‘阿里云(AliCloud)’这个名字不错。   ===== by 鬼谷子@魔教,更多内容在 http://DavyYew.BlogBus.com ======
springCloud+nginx+RocketMq搭建高可用静态服务
qq_29751083的博客
07-13 391
3.mkdir -p /opt/nginx-test/{conf,conf.d,html,logs} 创建nginx文件夹。在/opt/nginx-test 目录上传静态文件 访问http://ip:8392/1.jpg 进行测试。1.在对静态文件增删改操作时,通过发送消息的方式,让两台nginx服务都能对自己的静态文件进行同步。3.访问静态资源的时候通过网关转发的方式请求到任意一台正常工作的nginx上。4.copy文件:把刚才启动的nginx容器下的文件拷贝到我们新建的目录下。
nginx-ingress-controller
06-06
### 回答1: nginx-ingress-controller是一种用于Kubernetes集群的Ingress控制器,它使用Nginx作为反向代理来管理入站流量。它可以自动将Ingress资源转换为Nginx配置,并将流量路由到正确的后端服务。它还支持SSL终止、负载均衡、基于URI的路由和HTTP头的修改等功能。nginx-ingress-controller是Kubernetes社区中最受欢迎的Ingress控制器之一。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值