K8S ingress
这里使用的版本为 K8S v1.16.9, nginx-0.30.0
简单介绍 Ingress 主要有两个部分组成 (ingress与ingress-controller)
ingress: 指的是k8s中的一个api对象,一般用yaml配置。作用是定义请求如何转发到service的规则,可以理解为配置模板。
ingress-controller: 具体实现反向代理及负载均衡的程序,对ingress定义的规则进行解析,根据配置的规则来实现请求转发。
简单来说,ingress-controller才是负责具体转发的组件 pod,如:nginx-ingress-controller,通过各种方式将它暴露在集群入口,外部对集群的请求流量会先到ingress-controller,而ingress对象是用来告诉ingress-controller该如何转发请求,比如哪些域名哪些path要转发到哪些服务等等。
下面我们创建一个例子
创建一个后端服务
mkdir -p /data/ingress && cd /data/ingress
cat myapp-deploy.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
release: canary
ports:
- name: http
targetPort: 80
port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 1
selector:
matchLabels:
release: canary
template:
metadata:
labels:
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: http
containerPort: 80
kubectl apply -f myapp-deploy.yaml
# 测试 svc
[root@k8s-master01 ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h3m
myapp ClusterIP 10.105.84.255 <none> 80/TCP 24m
[root@k8s-master01 ingress]# curl 10.105.84.255
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
创建一个 ingress-controller
cd /data/ingress
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
kubectl apply -f mandatory.yaml
# 检查
kubectl get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx --watch
创建 ingress
cat ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.klvchen.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80
kubectl apply -f ingress-myapp.yaml
# 因为 ingress 对象是用来告诉 ingress-controller 该如何转发请求,对于 nginx 来说就是如何配置 nginx.conf
kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-7f74f657bd-wbknh 1/1 Running 0 35m 10.244.0.10 k8s-master01 <none> <none>
# 测试 nginx-ingress-controller 是否加入 ingress 的配置
# 在 /etc/hosts 中加入配置
vi /etc/hosts
10.244.0.10 myapp.klvchen.com
curl myapp.klvchen.com
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
# nginx-ingress-controller 已经成功加入 ingress 配置
创建一个 svc,给 ingress-controller 接入流量
cat service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
externalTrafficPolicy: Cluster
kubectl apply -f service-nodeport.yaml
# 测试
# 在 /etc/hosts 中加入配置宿主机的IP
vi /etc/hosts
172.18.54.75 myapp.klvchen.com
curl myapp.klvchen.com:30080
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
这个时候,你只需在宿主机安装一个 nginx,把请求转入到两个端口 30080 和 30443 就可以按域名管理所有的 svc了。
cat test.yanpin.cn.conf
server {
listen 80;
server_name *.test.klvchen.com;
location /
{
proxy_pass http://172.18.54.75:30080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log logs/test.klvchen.com.access.log main;
error_log logs/test.klvchen.com.error.log;
}
参考
https://github.com/kubernetes/ingress-nginx/blob/nginx-0.30.0/docs/deploy/index.md
浙公网安备 33010602011771号