1 创建skipper角色
# cat cat role.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: skipper-ingress-serviceaccount
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: skipper-ingress-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: skipper-ingress-role
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: skipper-ingress-role-nisa-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: skipper-ingress-role
subjects:
- kind: ServiceAccount
name: skipper-ingress-serviceaccount
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: skipper-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: skipper-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: skipper-ingress-serviceaccount
namespace: kube-system
# kubectl create -f role.yaml
2 创建skipper-ingress controller
# cat skipper-ingress-ds.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: skipper-ingress
namespace: kube-system
labels:
application: skipper-ingress
version: v0.10.5
component: ingress
spec:
selector:
matchLabels:
application: skipper-ingress
updateStrategy:
type: RollingUpdate
template:
metadata:
name: skipper-ingress
labels:
application: skipper-ingress
version: v0.10.13
component: ingress
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
serviceAccountName: skipper-ingress-serviceaccount
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: master
operator: DoesNotExist
tolerations:
- key: CriticalAddonsOnly
operator: Exists
hostNetwork: true
containers:
- name: skipper-ingress
image: registry.opensource.zalan.do/pathfinder/skipper:v0.10.13
ports:
- name: ingress-port
containerPort: 9999
hostPort: 9999
args:
- "skipper"
- "-kubernetes"
- "-kubernetes-in-cluster"
- "-address=:9999"
- "-proxy-preserve-host"
- "-serve-host-metrics"
- "-enable-ratelimits"
- "-experimental-upgrade"
- "-metrics-exp-decay-sample"
- "-lb-healthcheck-interval=3s"
- "-metrics-flavour=codahale,prometheus"
- "-enable-connection-metrics"
resources:
requests:
cpu: 25m
memory: 25Mi
readinessProbe:
httpGet:
path: /kube-system/healthz
port: 9999
initialDelaySeconds: 5
timeoutSeconds: 5
# kubectl create -f skipper-ingress-ds.yaml
3 测试Blue-Green deployments\
创建hello-world service:
# kubectl run hello-world --image=tutum/hello-world --replicas=2 --port=80
# kubectl expose deploy hello-world
创建skipper demo service
# cat demo-deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: skipper-demo
spec:
replicas: 2
template:
metadata:
labels:
application: skipper-demo
spec:
containers:
- name: skipper-demo
image: registry.opensource.zalan.do/pathfinder/skipper:v0.10.5
args:
- "skipper"
- "-inline-routes"
- "* -> inlineContent(\"<body style='color: white; background-color: green;'><h1>Hello!</h1>\") -> <shunt>"
ports:
- containerPort: 9090
# cat demo-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: skipper-demo
labels:
application: skipper-demo
spec:
type: ClusterIP
ports:
- port: 80
protocol: TCP
targetPort: 9090
name: external
selector:
application: skipper-demo
# kubectl create -f demo-deployment.yaml
# kubectl create -f demo-svc.yaml
创建ingress
# cat demo-ing.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: skipper-demo
annotations:
zalando.org/backend-weights: |
{"skipper-demo": 20, "hello-world": 80}
spec:
rules:
- host: skipper-demo.mydomain.org
http:
paths:
- backend:
serviceName: skipper-demo
servicePort: 80
- backend:
serviceName: hello-world
servicePort: 80
# kubectl create -f demo-ing.yaml
测试:
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-world ClusterIP 10.100.216.64 <none> 80/TCP 25m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h
skipper-demo ClusterIP 10.111.89.2 <none> 80/TCP 4h
# kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
skipper-demo skipper-demo.mydomain.org 80 46m
访问skipper-demo.mydomain.org两次,能够转发到不同的service。
参考:
https://opensource.zalando.com/skipper/kubernetes/ingress-controller/#what-is-an-ingress-controller
https://github.com/zalando-incubator/kube-ingress-aws-controller/issues/153
https://opensource.zalando.com/skipper/kubernetes/ingress-usage/#blue-green-deployments