博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
Kubernetes中的Ingress
阅读量:5742 次
发布时间:2019-06-18

本文共 4907 字,大约阅读时间需要 16 分钟。

Ingress是什么

Ingress :简单理解就是个规则定义;比如说某个域名对应某个 service,即当某个域名的请求进来时转发给某个 service;这个规则将与 Ingress Controller 结合,然后 Ingress Controller 将其动态写入到负载均衡器配置中,从而实现整体的服务发现和负载均衡

Ingress Controller

实质上可以理解为是个监视器,Ingress Controller 通过不断地跟 kubernetes API 打交道,实时的感知后端 service、pod 等变化,比如新增和减少 pod,service 增加与减少等;当得到这些变化信息后,Ingress Controller 再结合Ingress 生成配置,然后更新反向代理负载均衡器,并刷新其配置,达到服务发现的作用

1406056-20181024180229091-1262296683.jpg

安装Ingress

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml #安装ingress-Controller

  • 创建一后端pod service:

    [root@master ingress]# kubectl apply -f deploy-demo.yaml[root@master ingress]# cat deploy-demo.yaml apiVersion: v1kind: Servicemetadata:  name: myapp  namespace: defaultspec:  selector:    app: myapp    release: canary  ports:  - name: http    targetPort: 80    port: 80---apiVersion: apps/v1kind: Deploymentmetadata:  name: myapp-deploy  namespace: defaultspec:  replicas: 3  selector:    matchLabels:      app: myapp      release: canary  template:    metadata:      labels:        app: myapp        release: canary    spec:      containers:      - name: myapp        image: ikubernetes/myapp:v2        ports:        - name: http          containerPort: 80

  • 创建一个用于暴露端口的service

    [root@master baremetal]# kubectl apply -f service-nodeport.yaml[root@master baremetal]# cat service-nodeport.yaml apiVersion: v1kind: Servicemetadata:  name: ingress-nginx  namespace: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/part-of: ingress-nginxspec:  type: NodePort  ports:    - name: http      port: 80      targetPort: 80      protocol: TCP      nodePort: 30080    - name: https      port: 443      targetPort: 443      protocol: TCP      nodePort: 30443  selector:    app.kubernetes.io/name: ingress-nginx

  • 创建Ingress文件

    [root@master ingress]# kubectl apply -f ingress-myapp.yaml[root@master ingress]# cat ingress-myapp.yaml apiVersion: extensions/v1beta1kind: Ingressmetadata:  name: ingress-myapp  namespace: default  annotations:    kubernetes.io/ingress.class: "nginx"spec:  rules:  - host: myapp.template.com    http:      paths:      - path:        backend:          serviceName: myapp          servicePort: 80

  • 查看信息

    [root@master ingress]# kubectl get ingressNAME                 HOSTS                 ADDRESS   PORTS     AGEingress-myapp        myapp.template.com              80        5h55[root@master ingress]# kubectl get svcNAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGEmyapp        ClusterIP   10.98.30.144     
          
                   80/TCP              4h7m[root@master ingress]# kubectl get podsNAME                             READY   STATUS    RESTARTS   AGEmyapp-deploy-7b64976db9-lfnlv    1/1     Running   0          6h30mmyapp-deploy-7b64976db9-nrfgs    1/1     Running   0          6h30mmyapp-deploy-7b64976db9-pbqvh    1/1     Running   0          6h30m#访问[root@master ingress]# curl myapp.template.com:30080Hello MyApp | Version: v2 | 
           Pod Name

Ingress使用ssl

[root@master ingress]# cat tomcat-deploy.yaml apiVersion: v1kind: Servicemetadata:  name: tomcat  namespace: defaultspec:  selector:    app: tomcat    release: canary  ports:  - name: http    targetPort: 8080    port: 8080  - name: ajp    targetPort: 8009    port: 8009    ---apiVersion: apps/v1kind: Deploymentmetadata:  name: tomcat-deploy  namespace: defaultspec:  replicas: 3  selector:    matchLabels:      app: tomcat      release: canary  template:    metadata:      labels:        app: tomcat        release: canary    spec:      containers:      - name: tomcat        image: tomcat:8.5-alpine        ports:        - name: http          containerPort: 8080        - name: ajp          containerPort: 8009[root@master ingress]# kubectl apply -f  tomcat-deploy.yaml [root@master ingress]# openssl genrsa -out tls.key 2048[root@master ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.template.com[root@master ingress]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key[root@master ingress]# kubectl get secretNAME                    TYPE                                  DATA   AGEdefault-token-962mh     kubernetes.io/service-account-token   3      32htomcat-ingress-secret   kubernetes.io/tls                     2      66m[root@master ingress]# cat ingress-tomcat-tls.yaml apiVersion: extensions/v1beta1kind: Ingressmetadata:  name: ingress-tomcat-tls  namespace: default  annotations:    kubernetes.io/ingress.class: "nginx"spec:  tls:  - hosts:      - tomcat.template.com    secretName: tomcat-ingress-secret  rules:  - host: tomcat.template.com    http:      paths:      - path:        backend:          serviceName: tomcat          servicePort: 8080[root@master ingress]# kubectl apply -f ingress-tomcat-tls.yaml[root@master ingress]# curl -k https://tomcat.template.com:30443 #测试访问

转载于:https://www.cnblogs.com/Template/p/9845025.html

你可能感兴趣的文章
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-12-19 10:58:25   当前IP: 3.12.148.195   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我