k8s之Service详解Ingress使用
环境准备
搭建ingress环境
#创建文件夹[root@master
~]# mkdir ingress-controller[root@master
~]# cd ingress-controller/[root@master ingress
-controller]##获取ingress
-nginx,本次案例使用的是0.30版本(不挂代理可能无法访问,这里我把yaml文件内容复制上来,需要的可以自行复制粘贴)[root@master ingress
-controller]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml[root@master ingress-controller]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml
[root@master ingress-controller]# ls
mandatory.yaml service-nodeport.yaml
mandatory.yaml
apiVersion: v1kind: Namespace
metadata:
name: ingress
-nginxlabels:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:
name: nginx
-configurationnamespace: ingress-nginxlabels:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:
name: tcp
-servicesnamespace: ingress-nginxlabels:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:
name: udp
-servicesnamespace: ingress-nginxlabels:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginx---apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx
-ingress-serviceaccountnamespace: ingress-nginxlabels:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginx---apiVersion: rbac.authorization.k8s.io
/v1beta1kind: ClusterRole
metadata:
name: nginx
-ingress-clusterrolelabels:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginxrules:
- apiGroups:- ""resources:
- configmaps- endpoints- nodes- pods- secretsverbs:
- list- watch- apiGroups:- ""resources:
- nodesverbs:
- get- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector:
kubernetes.io/os: linux
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 101
runAsUser: 101
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
---
apiVersion: v1
kind: LimitRange
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
limits:
- min:
memory: 90Mi
cpu: 100m
type: Container
View Code
service-nodeport.yaml
apiVersion: v1kind: Service
metadata:
name: ingress
-nginxnamespace: ingress-nginxlabels:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginxspec:
type: NodePort
ports:
- name: httpport:
80targetPort:
80protocol: TCP
- name: httpsport:
443targetPort:
443protocol: TCP
selector:
app.kubernetes.io
/name: ingress-nginxapp.kubernetes.io
/part-of: ingress-nginx---
View Code
#创建ingress-nginx[root@master ingress
-controller]# kubectl apply -f ./namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
service/ingress-nginx created
#查看ingress-nginx
[root@master ingress-controller]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-7f74f657bd-kzvrq 1/1 Running 0 2m7s
#查看service
[root@master ingress-controller]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.106.160.9 <none> 80:32000/TCP,443:32421/TCP 5m48s
准备service和pod
为了方便后续的实验,创建下图所示的模型
创建tomcat-nginx.yaml
apiVersion: apps/v1kind: Deployment
metadata:
name: nginx
-deploymentnamespace: devspec:
replicas:
3selector:
matchLabels:
app: nginx
-podtemplate:
metadata:
labels:
app: nginx
-podspec:
containers:
- name: nginximage: nginx:
1.17.1ports:
- containerPort: 80---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
app: tomcat-pod
template:
metadata:
labels:
app: tomcat-pod
spec:
containers:
- name: tomcat
image: tomcat:8.5-jre10-slim
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: dev
spec:
selector:
app: nginx-pod
clusterIP: None
type: ClusterIP
ports:
- port: 80
targetPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
namespace: dev
spec:
selector:
app: tomcat-pod
clusterIP: None
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
View Code
使用配置文件
[root@master ingress-controller]# cd ..[root@master
~]# vim tomcat-nginx.yaml[root@master
~]# kubectl create -f tomcat-nginx.yamldeployment.apps
/nginx-deployment createddeployment.apps
/tomcat-deployment createdservice
/nginx-service createdservice
/tomcat-service created[root@master
~]# kubectl get svc -n devNAME TYPE CLUSTER
-IP EXTERNAL-IP PORT(S) AGEnginx
-service ClusterIP None <none> 80/TCP 20stomcat
-service ClusterIP None <none> 8080/TCP 20s
Http代理
创建ingress-http.yaml
apiVersion: extensions/v1beta1kind: Ingress
metadata:
name: ingress
-httpnamespace: devspec:
rules:
- host: nginx.test.comhttp:
paths:
- path: /backend:
serviceName: nginx
-serviceservicePort:
80- host: tomcat.test.com
http:
paths:
- path: /
backend:
serviceName: tomcat-service
servicePort: 8080
使用配置文件
[root@master ~]# vim ingress-http.yaml[root@master
~]# kubectl create -f ingress-http.yamlingress.extensions
/ingress-http created[root@master
~]# kubectl get ing ingress-http -n devNAME HOSTS ADDRESS PORTS AGE
ingress
-http nginx.test.com,tomcat.test.com 80 13s[root@master
~]# kubectl describe ing ingress-http -n devName: ingress
-httpNamespace: dev
Address:
10.106.160.9Default backend:
default-http-backend:80 (<none>)Rules:
Host Path Backends
---- ---- --------nginx.test.com
/ nginx-service:80 (10.244.1.33:80,10.244.2.13:80,10.244.2.16:80)tomcat.test.com
/ tomcat-service:8080 (10.244.2.14:8080,10.244.2.17:8080,10.244.2.18:8080)Annotations:
kubectl.kubernetes.io
/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"ingress-http","namespace":"dev"},"spec":{"rules":[{"host":"nginx.test.com","http":{"paths":[{"backend":{"serviceName":"nginx-service","servicePort":80},"path":"/"}]}},{"host":"tomcat.test.com","http":{"paths":[{"backend":{"serviceName":"tomcat-service","servicePort":8080},"path":"/"}]}}]}}Events:
Type Reason Age From Message
---- ------ ---- ---- -------Normal CREATE 18m nginx
-ingress-controller Ingress dev/ingress-httpNormal UPDATE 38s (x2 over 18m) nginx
-ingress-controller Ingress dev/ingress-http
修改本机的hosts文件(位置:C:WindowsSystem32driversetc),添加如下内容
master虚拟机的IP地址 nginx.test.commasete虚拟机的IP地址 tomcat.test.com
查看ingress为service提供的端口号
[root@master ~]# kubectl get svc -n ingress-nginxNAME TYPE CLUSTER
-IP EXTERNAL-IP PORT(S) AGEingress
-nginx NodePort 10.106.160.9 <none> 80:32000/TCP,443:32421/TCP 95m
在浏览器中测试访问,发现能够访问通
nginx:
tomcat:
Https代理
创建证书
[root@master ~]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=test.com"Generating a
2048 bit RSA private key............................
+++..............................
+++writing
newprivate key to "tls.key"-----
创建密钥
[root@master ~]# kubectl create secret tls tls-secret --key tls.key --cert tls.crtsecret
/tls-secret created创建ingress-https.yaml
apiVersion: extensions/v1beta1kind: Ingress
metadata:
name: ingress
-httpsnamespace: devspec:
tls:
- hosts:- nginx.test.com- tomcat.test.comsecretName: tls
-secret #指定密钥rules:
- host: nginx.test.comhttp:
paths:
- path: /backend:
serviceName: nginx
-serviceservicePort:
80- host: tomcat.test.com
http:
paths:
- path: /
backend:
serviceName: tomcat-service
servicePort: 8080
使用配置文件
[root@master ~]# vim ingress-https.yaml[root@master
~]# kubectl create -f ingress-https.yamlingress.extensions
/ingress-https created[root@master
~]# kubectl get ing ingress-https -n devNAME HOSTS ADDRESS PORTS AGE
ingress
-https nginx.test.com,tomcat.test.com 10.106.160.980, 443 52s[root@master
~]# kubectl describe ing ingress-https -n devName: ingress
-httpsNamespace: dev
Address:
10.106.160.9Default backend:
default-http-backend:80 (<none>)TLS:
tls
-secret terminates nginx.test.com,tomcat.test.comRules:
Host Path Backends
---- ---- --------nginx.test.com
/ nginx-service:80 (10.244.1.33:80,10.244.2.13:80,10.244.2.16:80)tomcat.test.com
/ tomcat-service:8080 (10.244.2.14:8080,10.244.2.17:8080,10.244.2.18:8080)Annotations:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------Normal CREATE 79s nginx
-ingress-controller Ingress dev/ingress-httpsNormal UPDATE 38s nginx
-ingress-controller Ingress dev/ingress-https
获取端口,左边的是http使用的端口,右边是https使用的端口,因此要使用的端口是32421
[root@master ~]# kubectl get svc -n ingress-nginxNAME TYPE CLUSTER
-IP EXTERNAL-IP PORT(S) AGEingress
-nginx NodePort 10.106.160.9 <none> 80:32000/TCP,443:32421/TCP 129m
使用浏览器访问
nginx:
tomcat:
以上是 k8s之Service详解Ingress使用 的全部内容, 来源链接: utcz.com/z/519857.html
