一、kubernetes exposed servcie
暴露服務的幾種方式:
LoadBalancer
NodePort
Ingress
HostNetwork
HostPort
LoadBalancer只能配置在serveice,需要雲運營商提供支持。HostPort應用不是很多,特殊情況下可能會用到。HostNetwork用的時候設置為true。
本文主要介紹NodePort、ingress
1、NodePort
NodePort是暴露在全局的方式,使用了NodePort整個集群的node節點ip都可以訪問到這個服務端口,NodePort的端口范圍默認是30000~32767,這個可以在啟動的時候通過--service-node-port-range指定。
apiVersion: v1 kind: Service metadata: name: kafka-1 spec: type: NodePort selector: statefulset.kubernetes.io/pod-name: kafka-1 ports: - protocol: TCP port: 9092 nodePort: 30092
如果只希望流量只走部署了pod的node節點可以使用
apiVersion: v1 kind: Service metadata: name: kafka-1 spec: type: NodePort externalTrafficPolicy: Local selector: statefulset.kubernetes.io/pod-name: kafka-1 ports: - protocol: TCP port: 9092 nodePort: 30092
2、Ingress
ingress需要配合ingress-controller使用,常用的controller有nginx、traefik、kong等
我們使用的是kong-ingress-controller具體的使用過程參考https://www.cnblogs.com/cuishuai/p/10737737.html
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: foo-bar namespace: istio-system annotations: plugins.konghq.com: transform-request-to-dummy,echo-file-log spec: rules: - host: foo.test.evo.com http: paths: - path: / backend: serviceName: http-svc servicePort: 80
apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: transform-request-to-dummy namespace: istio-system labels: global: "false" disable: false config: replace: headers: - 'host:llll' add: headers: - "x-myheader:my-header-value" plugin: request-transformer
apiVersion: configuration.konghq.com/v1 kind: KongIngress metadata: name: strip-path namespace: istio-system route: strip_path: false
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: tekton-dashboard namespace: tekton-pipelines annotations: kubernetes.io/ingress.class: "kong" spec: rules: - host: tekton.test.evo.com http: paths: - path: / backend: serviceName: tekton-dashboard servicePort: 9097