碼上快樂

相關內容    簡體    繁體

Kubernetes學習之路(十五)之Ingress和Ingress Controller

本文轉載自   查看原文   2018-09-26 14:32   35326    Kubernetes

目錄

一、什么是Ingress?

從前面的學習,我們可以了解到Kubernetes 暴露服務的方式目前只有三種:LoadBlancer Service、ExternalName、NodePort Service、Ingress;而我們需要將集群內服務提供外界訪問就會產生以下幾個問題:

1、Pod 漂移問題

Kubernetes 具有強大的副本控制能力,能保證在任意副本(Pod)掛掉時自動從其他機器啟動一個新的,還可以動態擴容等,通俗地說,這個 Pod 可能在任何時刻出現在任何節點上,也可能在任何時刻死在任何節點上;那么自然隨着 Pod 的創建和銷毀,Pod IP 肯定會動態變化;那么如何把這個動態的 Pod IP 暴露出去?這里借助於 Kubernetes 的 Service 機制,Service 可以以標簽的形式選定一組帶有指定標簽的 Pod,並監控和自動負載他們的 Pod IP,那么我們向外暴露只暴露 Service IP 就行了;這就是 NodePort 模式:即在每個節點上開起一個端口,然后轉發到內部 Pod IP 上,如下圖所示:
此時的訪問方式:http://nodeip:nodeport/

2、端口管理問題

采用 NodePort 方式暴露服務面臨問題是,服務一旦多起來,NodePort 在每個節點上開啟的端口會及其龐大,而且難以維護;這時,我們可以能否使用一個Nginx直接對內進行轉發呢?眾所周知的是,Pod與Pod之間是可以互相通信的,而Pod是可以共享宿主機的網絡名稱空間的,也就是說當在共享網絡名稱空間時,Pod上所監聽的就是Node上的端口。那么這又該如何實現呢?簡單的實現就是使用 DaemonSet 在每個 Node 上監聽 80,然后寫好規則,因為 Nginx 外面綁定了宿主機 80 端口(就像 NodePort),本身又在集群內,那么向后直接轉發到相應 Service IP 就行了,如下圖所示:

3、域名分配及動態更新問題

從上面的方法,采用 Nginx-Pod 似乎已經解決了問題,但是其實這里面有一個很大缺陷:當每次有新服務加入又該如何修改 Nginx 配置呢??我們知道使用Nginx可以通過虛擬主機域名進行區分不同的服務,而每個服務通過upstream進行定義不同的負載均衡池,再加上location進行負載均衡的反向代理,在日常使用中只需要修改nginx.conf即可實現,那在K8S中又該如何實現這種方式的調度呢???

假設后端的服務初始服務只有ecshop,后面增加了bbs和member服務,那么又該如何將這2個服務加入到Nginx-Pod進行調度呢?總不能每次手動改或者Rolling Update 前端 Nginx Pod 吧!!此時 Ingress 出現了,如果不算上面的Nginx,Ingress 包含兩大組件:Ingress Controller 和 Ingress。

Ingress 簡單的理解就是你原來需要改 Nginx 配置,然后配置各種域名對應哪個 Service,現在把這個動作抽象出來,變成一個 Ingress 對象,你可以用 yaml 創建,每次不要去改 Nginx 了,直接改 yaml 然后創建/更新就行了;那么問題來了:”Nginx 該怎么處理?”

Ingress Controller 這東西就是解決 “Nginx 的處理方式” 的;Ingress Controoler 通過與 Kubernetes API 交互,動態的去感知集群中 Ingress 規則變化,然后讀取他,按照他自己模板生成一段 Nginx 配置,再寫到 Nginx Pod 里,最后 reload 一下,工作流程如下圖:

實際上Ingress也是Kubernetes API的標准資源類型之一,它其實就是一組基於DNS名稱(host)或URL路徑把請求轉發到指定的Service資源的規則。用於將集群外部的請求流量轉發到集群內部完成的服務發布。我們需要明白的是,Ingress資源自身不能進行“流量穿透”,僅僅是一組規則的集合,這些集合規則還需要其他功能的輔助,比如監聽某套接字,然后根據這些規則的匹配進行路由轉發,這些能夠為Ingress資源監聽套接字並將流量轉發的組件就是Ingress Controller。

PS:Ingress 控制器不同於Deployment 控制器的是,Ingress控制器不直接運行為kube-controller-manager的一部分,它僅僅是Kubernetes集群的一個附件,類似於CoreDNS,需要在集群上單獨部署。

二、如何創建Ingress資源

Ingress資源時基於HTTP虛擬主機或URL的轉發規則,需要強調的是,這是一條轉發規則。它在資源配置清單中的spec字段中嵌套了rules、backend和tls等字段進行定義。如下示例中定義了一個Ingress資源,其包含了一個轉發規則:將發往myapp.magedu.com的請求,代理給一個名字為myapp的Service資源。

apiVersion: extensions/v1beta1		
kind: Ingress		
metadata:			
  name: ingress-myapp   
  namespace: default     
  annotations:          
    kubernetes.io/ingress.class: "nginx"
spec:     
  rules:   
  - host: myapp.magedu.com   
    http:
      paths:       
      - path:       
        backend:    
          serviceName: myapp
          servicePort: 80

Ingress 中的spec字段是Ingress資源的核心組成部分,主要包含以下3個字段:

  • rules:用於定義當前Ingress資源的轉發規則列表;由rules定義規則,或沒有匹配到規則時,所有的流量會轉發到由backend定義的默認后端。
  • backend:默認的后端用於服務那些沒有匹配到任何規則的請求;定義Ingress資源時,必須要定義backend或rules兩者之一,該字段用於讓負載均衡器指定一個全局默認的后端。
  • tls:TLS配置,目前僅支持通過默認端口443提供服務,如果要配置指定的列表成員指向不同的主機,則需要通過SNI TLS擴展機制來支持該功能。
    backend對象的定義由2個必要的字段組成:serviceName和servicePort,分別用於指定流量轉發的后端目標Service資源名稱和端口。
    rules對象由一系列的配置的Ingress資源的host規則組成,這些host規則用於將一個主機上的某個URL映射到相關后端Service對象,其定義格式如下: 
    spec:
  rules:
  - hosts: <string>
    http:
      paths:
      - path:
        backend:
          serviceName: <string>
          servicePort: <string>

    需要注意的是,.spec.rules.host屬性值,目前暫不支持使用IP地址定義,也不支持IP:Port的格式,該字段留空,代表着通配所有主機名。
    tls對象由2個內嵌的字段組成,僅在定義TLS主機的轉發規則上使用。

    • hosts: 包含 於 使用 的 TLS 證書 之內 的 主機 名稱 字符串 列表, 因此, 此處 使用 的 主機 名 必須 匹配 tlsSecret 中的 名稱。
    • secretName: 用於 引用 SSL 會話 的 secret 對象 名稱, 在 基於 SNI 實現 多 主機 路 由 的 場景 中, 此 字段 為 可選。

    三、Ingress資源類型

    Ingress的資源類型有以下4種:

    • 1、單Service資源型Ingress
    • 2、基於URL路徑進行流量轉發
    • 3、基於主機名稱的虛擬主機
    • 4、TLS類型的Ingress資源

    1、單Service資源型Ingress

    暴露單個服務的方法有多種,如NodePort、LoadBanlancer等等,當然也可以使用Ingress來進行暴露單個服務,只需要為Ingress指定default backend即可,如下示例:

    apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  backend:
    serviceName: my-svc
    servicePort: 80

    Ingress控制器會為其分配一個IP地址接入請求流量,並將其轉發至后端my-svc

    四、Ingress Nginx部署

    使用Ingress功能步驟:
    1、安裝部署ingress controller Pod
    2、部署后端服務
    3、部署ingress-nginx service
    4、部署ingress

    從前面的描述我們知道,Ingress 可以使用 yaml 的方式進行創建,從而得知 Ingress 也是標准的 K8S 資源,其定義的方式,也可以使用 explain 進行查看:

    [root@k8s-master ~]# kubectl explain ingress
KIND:     Ingress
VERSION:  extensions/v1beta1

DESCRIPTION:
     Ingress is a collection of rules that allow inbound connections to reach
     the endpoints defined by a backend. An Ingress can be configured to give
     services externally-reachable urls, load balance traffic, terminate SSL,
     offer name based virtual hosting etc.

FIELDS:
   apiVersion	<string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

   kind	<string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

   metadata	<Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

   spec	<Object>
     Spec is the desired state of the Ingress. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

   status	<Object>
     Status is the current state of the Ingress. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

    1、部署Ingress controller

    ingress-nginx在github上的地址
    (1)下載ingress相關的yaml

    [root@k8s-master ~]# mkdir ingress-nginx
[root@k8s-master ~]# cd ingress-nginx/
[root@k8s-master ingress-nginx]# for file in namespace.yaml configmap.yaml rbac.yaml tcp-services-configmap.yaml with-rbac.yaml udp-services-configmap.yaml default-backend.yaml;do wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/$file;done
[root@k8s-master ingress-nginx]# ll
total 28
-rw-r--r-- 1 root root  199 Sep 29 22:45 configmap.yaml	#configmap用於為nginx從外部注入配置的
-rw-r--r-- 1 root root 1583 Sep 29 22:45 default-backend.yaml	#配置默認后端服務
-rw-r--r-- 1 root root   69 Sep 29 22:45 namespace.yaml	#創建獨立的名稱空間
-rw-r--r-- 1 root root 2866 Sep 29 22:45 rbac.yaml	#rbac用於集群角色授權
-rw-r--r-- 1 root root  192 Sep 29 22:45 tcp-services-configmap.yaml
-rw-r--r-- 1 root root  192 Sep 29 22:45 udp-services-configmap.yaml
-rw-r--r-- 1 root root 2409 Sep 29 22:45 with-rbac.yaml

    (2)創建ingress-nginx名稱空間

    [root@k8s-master ingress-nginx]# cat namespace.yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx

---
[root@k8s-master ingress-nginx]# kubectl apply -f namespace.yaml 
namespace/ingress-nginx created

    (3)創建ingress controller的pod

    [root@k8s-master ingress-nginx]#  kubectl apply -f ./
configmap/nginx-configuration created
deployment.extensions/default-http-backend created
service/default-http-backend created
namespace/ingress-nginx configured
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
configmap/tcp-services created
configmap/udp-services created
deployment.extensions/nginx-ingress-controller created
[root@k8s-master ingress-nginx]# kubectl get pod -n ingress-nginx -w
NAME                                        READY     STATUS              RESTARTS   AGE
default-http-backend-7db7c45b69-gjrnl       0/1       ContainerCreating   0          35s
nginx-ingress-controller-6bd7c597cb-6pchv   0/1       ContainerCreating   0          34s

    此處遇到一個問題,新版本的Kubernetes在安裝部署中,需要從k8s.grc.io倉庫中拉取所需鏡像文件,但由於國內網絡防火牆問題導致無法正常拉取。
    docker.io倉庫對google的容器做了鏡像,可以通過下列命令下拉取相關鏡像:

    [root@k8s-node01 ~]# docker pull mirrorgooglecontainers/defaultbackend-amd64:1.5
1.5: Pulling from mirrorgooglecontainers/defaultbackend-amd64
9ecb1e82bb4a: Pull complete 
Digest: sha256:d08e129315e2dd093abfc16283cee19eabc18ae6b7cb8c2e26cc26888c6fc56a
Status: Downloaded newer image for mirrorgooglecontainers/defaultbackend-amd64:1.5

[root@k8s-node01 ~]# docker tag mirrorgooglecontainers/defaultbackend-amd64:1.5 k8s.gcr.io/defaultbackend-amd64:1.5
[root@k8s-node01 ~]# docker image ls
REPOSITORY                                    TAG                 IMAGE ID            CREATED             SIZE
mirrorgooglecontainers/defaultbackend-amd64   1.5                 b5af743e5984        34 hours ago        5.13MB
k8s.gcr.io/defaultbackend-amd64               1.5                 b5af743e5984        34 hours ago        5.13MB

    2、部署后端服務

    (1)查看ingress的配置清單選項

    [root@k8s-master ingress-nginx]# kubectl explain ingress.spec
KIND:     Ingress
VERSION:  extensions/v1beta1

RESOURCE: spec <Object>

DESCRIPTION:
     Spec is the desired state of the Ingress. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

     IngressSpec describes the Ingress the user wishes to exist.

FIELDS:
   backend	<Object>     #定義后端有哪幾個主機
     A default backend capable of servicing requests that don't match any rule.
     At least one of 'backend' or 'rules' must be specified. This field is
     optional to allow the loadbalancer controller or defaulting logic to
     specify a global default.

   rules	<[]Object>    #定義規則
     A list of host rules used to configure the Ingress. If unspecified, or no
     rule matches, all traffic is sent to the default backend.

   tls	<[]Object>
     TLS configuration. Currently the Ingress only supports a single TLS port,
     443. If multiple members of this list specify different hosts, they will be
     multiplexed on the same port according to the hostname specified through
     the SNI TLS extension, if the ingress controller fulfilling the ingress
     supports SNI.

    (2)部署后端服務

    [root@k8s-master ingress-nginx]# cd ../mainfests/
[root@k8s-master mainfests]# mkdir ingress && cd ingress
[root@k8s-master ingress]# cp ../deploy-demo.yaml .
[root@k8s-master ingress]# vim deploy-demo.yaml 
#創建service為myapp
apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  ports:
  - name: http
    targetPort: 80
    port: 80
---
#創建后端服務的pod
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-backend-pod
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: ikubernetes/myapp:v2
        ports:
        - name: http
          containerPort: 80
[root@k8s-master ingress]# kubectl apply -f deploy-demo.yaml 
service/myapp created
deployment.apps/myapp-backend-pod unchanged

    (3)查看新建的后端服務pod

    [root@k8s-master ingress]# kubectl get pods
NAME                                 READY     STATUS    RESTARTS   AGE
myapp-backend-pod-67f6f6b4dc-9jl9q   1/1       Running   0          7m
myapp-backend-pod-67f6f6b4dc-x5jsb   1/1       Running   0          7m
myapp-backend-pod-67f6f6b4dc-xzxbj   1/1       Running   0          7m

    3、部署ingress-nginx service

    通過ingress-controller對外提供服務,現在還需要手動給ingress-controller建立一個service,接收集群外部流量。方法如下:
    (1)下載ingress-controller的yaml文件

    [root@k8s-master ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
[root@k8s-master ingress]# vim service-nodeport.yaml 
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

---

    (2)創建ingress-controller的service,並測試訪問

    [root@k8s-master ingress]# kubectl apply -f service-nodeport.yaml 
service/ingress-nginx created
[root@k8s-master ingress]# kubectl get svc -n ingress-nginx
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
default-http-backend   ClusterIP   10.104.41.201   <none>        80/TCP                       45m
ingress-nginx          NodePort    10.96.135.79    <none>        80:30080/TCP,443:30443/TCP   11s

    此時訪問:192.168.56.12:30080
    此時應該是404 ,調度器是正常工作的,但是后端服務沒有關聯

    4、部署ingress

    (1)編寫ingress的配置清單

    [root@k8s-master ingress]# vim ingress-myapp.yaml
apiVersion: extensions/v1beta1		#api版本
kind: Ingress		#清單類型
metadata:			#元數據
  name: ingress-myapp    #ingress的名稱
  namespace: default     #所屬名稱空間
  annotations:           #注解信息
    kubernetes.io/ingress.class: "nginx"
spec:      #規格
  rules:   #定義后端轉發的規則
  - host: myapp.magedu.com    #通過域名進行轉發
    http:
      paths:       
      - path:       #配置訪問路徑,如果通過url進行轉發,需要修改;空默認為訪問的路徑為"/"
        backend:    #配置后端服務
          serviceName: myapp
          servicePort: 80
[root@k8s-master ingress]# kubectl apply -f ingress-myapp.yaml
[root@k8s-master ingress]# kubectl get ingress
NAME            HOSTS              ADDRESS   PORTS     AGE
ingress-myapp   myapp.magedu.com             80        46s

    (2)查看ingress-myapp的詳細信息

    [root@k8s-master ingress]# kubectl describe ingress ingress-myapp
Name:             ingress-myapp
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host              Path  Backends
  ----              ----  --------
  myapp.magedu.com  
                       myapp:80 (<none>)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"ingress-myapp","namespace":"default"},"spec":{"rules":[{"host":"myapp.magedu.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":null}]}}]}}

  kubernetes.io/ingress.class:  nginx
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  1m    nginx-ingress-controller  Ingress default/ingress-myapp

[root@k8s-master ingress]# kubectl get pods -n ingress-nginx
NAME                                        READY     STATUS    RESTARTS   AGE
default-http-backend-7db7c45b69-fndwp       1/1       Running   0          31m
nginx-ingress-controller-6bd7c597cb-6pchv   1/1       Running   0          55m

    (3)進入nginx-ingress-controller進行查看是否注入了nginx的配置

    [root@k8s-master ingress]# kubectl exec -n ingress-nginx -it nginx-ingress-controller-6bd7c597cb-6pchv -- /bin/bash
www-data@nginx-ingress-controller-6bd7c597cb-6pchv:/etc/nginx$ cat nginx.conf
......
	## start server myapp.magedu.com
	server {
		server_name myapp.magedu.com ;
		
		listen 80;
		
		set $proxy_upstream_name "-";
		
		location / {
			
			set $namespace      "default";
			set $ingress_name   "ingress-myapp";
			set $service_name   "myapp";
			set $service_port   "80";
			set $location_path  "/";
			
			rewrite_by_lua_block {
				
				balancer.rewrite()
				
			}
			
			log_by_lua_block {
				
				balancer.log()
				
				monitor.call()
			}
......

    (4)修改本地host文件,進行訪問
    192.168.56.12 myapp.magedu.com
    192.168.56.13 myapp.magedu.com

    四、增加tomcat服務

    (1)編寫tomcat的配置清單文件

    [root@k8s-master ingress]# cp deploy-demo.yaml tomcat-demo.yaml
[root@k8s-master ingress]# vim tomcat-demo.yaml 
apiVersion: v1
kind: Service
metadata:
  name: tomcat
  namespace: default
spec:
  selector:
    app: tomcat
    release: canary
  ports:
  - name: http
    targetPort: 8080
    port: 8080
  - name: ajp
    targetPort: 8009
    port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-deploy
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: tomcat
      release: canary
  template:
    metadata:
      labels:
        app: tomcat
        release: canary
    spec:
      containers:
      - name: tomcat
        image: tomcat:8.5.34-jre8-alpine   
        #此鏡像在dockerhub上進行下載,需要查看版本是否有變化,hub.docker.com
        ports:
        - name: http
          containerPort: 8080
          name: ajp
          containerPort: 8009
[root@k8s-master ingress]# kubectl get pods
NAME                                 READY     STATUS    RESTARTS   AGE
tomcat-deploy-6dd558cd64-b4xbm       1/1       Running   0          3m
tomcat-deploy-6dd558cd64-qtwpx       1/1       Running   0          3m
tomcat-deploy-6dd558cd64-w7f9s       1/1       Running   0          5m

    (2)進入tomcat的pod中進行查看是否監聽8080和8009端口,並查看tomcat的svc

    [root@k8s-master ingress]# kubectl exec tomcat-deploy-6dd558cd64-b4xbm -- netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      

[root@k8s-master ingress]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
......
tomcat       ClusterIP   10.104.158.148   <none>        8080/TCP,8009/TCP   28m

    (3)編寫tomcat的ingress規則,並創建ingress資源

    [root@k8s-master ingress]# cp ingress-myapp.yaml ingress-tomcat.yaml
[root@k8s-master ingress]# vim ingress-tomcat.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tomcat
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: tomcat.magedu.com    #主機域名
    http:
      paths:
      - path:
        backend:
          serviceName: tomcat
          servicePort: 8080
[root@k8s-master ingress]# kubectl apply -f ingress-tomcat.yaml 
ingress.extensions/tomcat created

    (4)查看ingress具體信息

    [root@k8s-master ingress]# kubectl get ingress
NAME            HOSTS               ADDRESS   PORTS     AGE
ingress-myapp   myapp.magedu.com              80        3h
tomcat          tomcat.magedu.com             80        5s
[root@k8s-master ingress]# kubectl describe ingress
Name:             ingress-myapp
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host              Path  Backends
  ----              ----  --------
  myapp.magedu.com  
                       myapp:80 (<none>)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"ingress-myapp","namespace":"default"},"spec":{"rules":[{"host":"myapp.magedu.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":null}]}}]}}

  kubernetes.io/ingress.class:  nginx
Events:                         <none>


Name:             tomcat
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host               Path  Backends
  ----               ----  --------
  tomcat.magedu.com  
                        tomcat:8080 (<none>)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"tomcat","namespace":"default"},"spec":{"rules":[{"host":"tomcat.magedu.com","http":{"paths":[{"backend":{"serviceName":"tomcat","servicePort":8080},"path":null}]}}]}}

  kubernetes.io/ingress.class:  nginx
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  2m    nginx-ingress-controller  Ingress default/tomcat

    (5)測試訪問:tomcat.mageud.com:30080

    (6)總結
    從前面的部署過程中,可以再次進行總結部署的流程如下:
    ①下載Ingress-controller相關的YAML文件,並給Ingress-controller創建獨立的名稱空間;
    ②部署后端的服務,如myapp,並通過service進行暴露;
    ③部署Ingress-controller的service,以實現接入集群外部流量;
    ④部署Ingress,進行定義規則,使Ingress-controller和后端服務的Pod組進行關聯。
    本次部署后的說明圖如下:

    四、構建TLS站點

    (1)准備證書

    [root@k8s-master ingress]# openssl genrsa -out tls.key 2048 
Generating RSA private key, 2048 bit long modulus
.......+++
.......................+++
e is 65537 (0x10001)

[root@k8s-master ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.magedu.com

    (2)生成secret

    [root@k8s-master ingress]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key
secret/tomcat-ingress-secret created
[root@k8s-master ingress]# kubectl get secret
NAME                    TYPE                                  DATA      AGE
default-token-j5pf5     kubernetes.io/service-account-token   3         39d
tomcat-ingress-secret   kubernetes.io/tls                     2         9s
[root@k8s-master ingress]# kubectl describe secret tomcat-ingress-secret
Name:         tomcat-ingress-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/tls

Data
====
tls.crt:  1294 bytes
tls.key:  1679 bytes

    (3)創建ingress

    [root@k8s-master ingress]# kubectl explain ingress.spec
[root@k8s-master ingress]# kubectl explain ingress.spec.tls
[root@k8s-master ingress]# cp ingress-tomcat.yaml ingress-tomcat-tls.yaml
[root@k8s-master ingress]# vim ingress-tomcat-tls.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-tomcat-tls
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - tomcat.magedu.com
    secretName: tomcat-ingress-secret
  rules:
  - host: tomcat.magedu.com
    http:
      paths:
      - path:
        backend:
          serviceName: tomcat
          servicePort: 8080

[root@k8s-master ingress]# kubectl apply -f ingress-tomcat-tls.yaml 
ingress.extensions/ingress-tomcat-tls created
[root@k8s-master ingress]# kubectl get ingress
NAME                 HOSTS               ADDRESS   PORTS     AGE
ingress-myapp        myapp.magedu.com              80        4h
ingress-tomcat-tls   tomcat.magedu.com             80, 443   5s
tomcat               tomcat.magedu.com             80        1h
[root@k8s-master ingress]# kubectl describe ingress ingress-tomcat-tls
Name:             ingress-tomcat-tls
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<none>)
TLS:
  tomcat-ingress-secret terminates tomcat.magedu.com
Rules:
  Host               Path  Backends
  ----               ----  --------
  tomcat.magedu.com  
                        tomcat:8080 (<none>)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"ingress-tomcat-tls","namespace":"default"},"spec":{"rules":[{"host":"tomcat.magedu.com","http":{"paths":[{"backend":{"serviceName":"tomcat","servicePort":8080},"path":null}]}}],"tls":[{"hosts":["tomcat.magedu.com"],"secretName":"tomcat-ingress-secret"}]}}

  kubernetes.io/ingress.class:  nginx
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  20s   nginx-ingress-controller  Ingress default/ingress-tomcat-tls

    (4)訪問測試:https://tomcat.magedu.com:30443

    posted @ 2018-09-26 14:32  煙雨浮華  閱讀( 35298)  評論( 3編輯  收藏


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Kubernetes 學習11 kubernetes ingress及ingress controller kubernetes之ingress及ingress controller Kubernetes之(十一)Ingress和Ingress Controller kubernetes 安裝 ingress controller kubernetes:部署Ingress Controller NGINX Ingress Controller for Kubernetes kubernetes nginx ingress controller部署 Kubernetes Ingress 學習 Kubernetes 部署 Nginx Ingress Controller 之 nginxinc/kubernetes-ingress kubernetes(11):k8s的服務訪問ingress & ingress controller
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM