7. kubernetes ingress网路
Kubernetes 暴露服务的有三种方式,分别为 LoadBlancer Service、NodePort Service、Ingress。官网对 Ingress 的定义为管理对外服务到集群内服务之间规则的集合,通俗点讲就是它定义规则来允许进入集群的请求被转发到集群中对应服务上,从来实现服务暴露。 Ingress 能把集群内 Service 配置成外网能够访问的 URL,流量负载均衡,SSL,提供基于域名访问的虚拟主机等等。
在kubernetes集群中,我们知道service和pod的ip仅在集群内部访问。如果外部应用要访问集群内的服务,集群外部的请求需要通过负载均衡转发到service在Node上暴露的NodePort上,然后再由kube-proxy组件将其转发给相关的pod。
Service对集群之外暴露服务的主要方式有两种:NotePort和LoadBalancer。但是这 两种方式,都有一定的缺点:
- NodePor方式的缺点是会占用很多集群机器的端口,那么当集群服务越多的时候,这个缺点就愈发明显
- LB方式的缺点是每个service需要一个LB,浪费、麻烦,并且需要kubernetes之外设备的支持,基于这种现状,kubernetes提供了ingress资源对象,Ingress只需要—个NodePort或者一个LB就可以满足暴露多个Service的需求。
一、Ingress-nginx
1. Ingress-nginx 的组成
- 反向代理负载均衡器:通常以service的port方式运行,接收并按照ingress定义的规则进行转发,常用的有nginx,Haproxy,Traefik等,我们使用的就是nginx,即Ingress-nginx。
- Ingress Controller:监听API Server,根据用户编写的ingress规则(编写ingress的yaml文件),动态地去更改nginx服务的配置文件,并且reload重载使其生效,此过程是自动化的(通过lua脚本来实现(有点类似
consul template + consul nginx的概念))。 - Ingress:(kubernetes的一个资源对象,作用是定义请求如何转发到service的规则)将nginx的配置抽象成一个Ingress对象,当用户每添加一个新的服务,只需要编写一个新的ingress的yaml文件即可。
2. Ingress-nginx 的工作原理
推荐:k8s 基于 Ingress 实现 k8s 七层调度和负载均衡
- 用户编写ingress规则,说明哪个域名对应kubernetes集群中的哪个Service
- Ingress控制器动态感知Ingress服务规则的变化,然后生成一段对应的Nginx反向代理配置
- Ingress控制品会将生成的Nginx配置写入到一个运行着的Nginx服务中,并动态更新
- 到此为止,其实真正在工作的就是一个Nginx了,内部配置了用户定义的请求转发规则
image.png
- Nginx 对后端运行的服务(Service1、Service2)提供反向代理,在配置文件中配置了域名与后端服务 Endpoints 的对应关系。
- 客户端通过使用 DNS 服务或者直接配置本地的 hosts 文件,将域名都映射到 Nginx 代理服务器。
- 当客户端访问 service1.com 时,浏览器会把包含域名的请求发送给 nginx 服务器,nginx 服务器根据传来的域名,选择对应的 Service,这里就是选择 Service 1 后端服务,然后根据一定的负载均衡策略,选择 Service1 中的某个容器接收来自客户端的请求并作出响应。
3. 官网地址
基于 nginx 服务的ingress controller根据开发公司我们有可以分为:
- kubernetes 社区版
- nginx 官方版
我们选择最主流,最活跃的。 即 kubernetes 社区版
二、 安装Ingress-nginx
安装的化,推荐参考github。选取符合自己要求的版本。
适用于 Kubernetes 版本 v1.19+ (包括 v1.19 )
我们使用v1.2.0.这里我们从github上截取一部分
ngress-NGINX version k8s supported version Alpine Version Nginx Version v1.2.1 1.23, 1.22, 1.21, 1.20, 1.19 3.14.6 1.19.10† v1.2.0 1.23, 1.22, 1.21, 1.20, 1.19 3.14.6 1.19.10† v1.1.3 1.23, 1.22, 1.21, 1.20, 1.19 3.14.4 1.19.10† v1.1.2 1.23, 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.1.1 1.23, 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.1.0 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.5 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9† v1.0.4 1.22, 1.21, 1.20, 1.19 3.14.2 1.19.9†
# 注意,官方的nginx-ingress 镜像由于网路原因无法下载,这里我们换源成国内的阿里镜像。
# 可以先把镜像下载,再安装(如果有多个节点,需要在多个节点上执行)
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.2.0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1
# 下载官方的yaml,网络因素有可能失败,多试几次
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml
# 修改镜像地址
sed -i 's@k8s.gcr.io/ingress-nginx/controller:v1.2.0\(.*\)@registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.2.0@' deploy.yaml
sed -i 's@k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1\(.*\)$@registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1@' deploy.yaml
### 还需要修改两地方,具体修改位置和内容,参照`完整的deploy.yaml`
# 1、kind: 类型修改成DaemonSet,replicas: 注销掉,因为DaemonSet模式会每个节点运行一个pod
# 2、在添加一条: hostnetwork:true
# 3、把LoadBalancer修改成NodePort
# 4、在--validating-webhook-key下面添加- --watch-ingress-without-class=true
kubectl apply -f deploy.yaml
# 查看是否部署成功
kubectl get pods -n ingress-nginx
#--------------------------
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-dz4jt 0/1 Completed 0 18m
ingress-nginx-admission-patch-gtlgx 0/1 Completed 1 18m
ingress-nginx-controller-5d895cdfdf-7p5zb 1/1 Running 0 18m
#--------------------------
# 我们重点查看`ingress-nginx-controller`, READY = 1/1; STATUS = Running; 代表成功。
# ingress-nginx-admission-create、ingress-nginx-admission-patch `STATUS = Completed` 即可
完整的deploy.yaml 文件如下,请参考带有# 号标识的部分进行修改
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- ingress-controller-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-controller
namespace: ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
externalTrafficPolicy: Local
ports:
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: NodePort # 修改LoadBalancer 为 NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
ports:
- appProtocol: https
name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: ClusterIP
---
apiVersion: apps/v1
# kind: Deployment
# 修改kind 为`DaemonSet`,每个节点都部署副本。
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
spec:
hostNetwork: true # ingress-nginx-controller 为 hostNetwork模式
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --watch-ingress-without-class=true # 增加信息
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: k8s.gcr.io/ingress-nginx/controller:v1.2.0@sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 101
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission-create
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission-create
spec:
containers:
- args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
imagePullPolicy: IfNotPresent
name: create
securityContext:
allowPrivilegeEscalation: false
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission-patch
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission-patch
spec:
containers:
- args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
imagePullPolicy: IfNotPresent
name: patch
securityContext:
allowPrivilegeEscalation: false
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: nginx
spec:
controller: k8s.io/ingress-nginx
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: ingress-nginx-controller-admission
namespace: ingress-nginx
path: /networking/v1/ingresses
failurePolicy: Fail
matchPolicy: Equivalent
name: validate.nginx.ingress.kubernetes.io
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
sideEffects: None
三、 ingress-nginx的使用
我们按照以下步骤来部署配置ingress网络:
step 1:
我们编写一个nginx资源配置文件(包含deployment 和 service),并运行step 2:
查看nginx 服务是否部署成功step 3:
我们编写**ingress资源配置文件**,关联service,运行step 4:
配置虚拟机hosts,并测试访问step 5:
拓展,多服务网络。我们编写一个tomcat资源配置文件,运行。step 6:
修改ingress配置文件,运行,查看结果。
step 1
# step 1 我们编写一个nginx资源配置文件(包含deployment 和 service),并运行
vim ingress_deployment.yaml
#--------------------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-demo-ig
labels:
app: nginx-deployment-demo-ig
spec:
replicas: 3
template:
metadata:
name: nginx-deployment-demo-ig
labels:
app: nginx-deployment-demo-ig
spec:
containers:
- name: nginx-deployment-demo-ig
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
restartPolicy: Always
selector:
matchLabels:
app: nginx-deployment-demo-ig
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service-demo-ig
spec:
selector:
app: nginx-deployment-demo-ig # selector 对应匹配 deployment的 labels
ports:
- port: 80
name: nginx-service-ig-80
protocol: TCP
targetPort: 80
type: ClusterIP
#--------------------------------
kubectl apply -f ingress_deployment.yaml
step 2
# step 2 查看nginx 服务是否部署成功
kubectl describe service my-tomcat-service-ig
#--------------------------------
Name: nginx-service-demo-ig
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=nginx-deployment-demo-ig
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.222.216.203
IPs: 10.222.216.203
Port: nginx-service-ig-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.122.154:80,10.244.211.216:80,10.244.32.145:80
Session Affinity: None
Events: <none>
#--------------------------------
curl 10.222.216.203:80
#--------------------------------
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
#--------------------------------
step 3
# step 3 我们编写ingress资源配置文件,关联service,运行
vim ingress_service_nginx.yml
#---------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-http
spec:
rules:
- host: mytest.nginx.com
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: nginx-service-demo-ig
port:
number: 80
#---------------------------------
kubectl apply -f ingress_service_nginx.yaml
# 查看详情
#---------------------------------
Name: ingress-nginx-http
Labels: <none>
Namespace: default
Address: 10.222.103.214
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
mytest.nginx.com
/ nginx-service-demo-ig:80 (10.244.122.154:80,10.244.211.216:80,10.244.32.145:80)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
#---------------------------------
step 4
# step 4 配置虚拟机hosts,并测试访问
vim /etc/hosts
# 添加如下信息
#----------------------
10.222.103.214 mytest.nginx.com mytest.tomcat.com
#----------------------
curl mytest.nginx.com
#----------------------
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
#----------------------
step 5
# step 5 拓展,多服务网络。我们编写一个tomcat资源配置文件,运行。
vim ingress_tomcat_deployment.yml
#----------------------------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-tomcat-test-ig
labels:
app: my-tomcat-test-ig
spec:
replicas: 3
template:
metadata:
name: my-tomcat-test-ig
labels:
app: my-tomcat-test-ig
spec:
containers:
- name: my-tomcat-test-ig
image: tomcat:8.5.34-jre8-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
restartPolicy: Always
selector:
matchLabels:
app: my-tomcat-test-ig
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat-service-ig
spec:
selector:
app: my-tomcat-service-ig
ports:
- port: 8080
name: http
targetPort: 8080
type: ClusterIP
#----------------------------------------
kubectl apply -f ingress_tomcat_deployment.yml
step 6
# step 6 修改ingress配置文件,运行,查看结果
vim ingress_service_nginx.yml
# 修改如下
#------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-http
spec:
rules:
- host: mytest.nginx.com
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: nginx-service-demo-ig
port:
number: 80
- host: mytest.tomcat.com
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: my-tomcat-service-ig
port:
number: 8080
#------------------------------
kubectl apply -f ingress_service_nginx.yml
# 查看详情
kubectl describe ingress ingress-nginx-http
#----------------------------
Name: ingress-nginx-http
Labels: <none>
Namespace: default
Address: 10.222.103.214
Rules:
Host Path Backends
---- ---- --------
mytest.nginx.com
/ nginx-service-demo-ig:80 (10.244.122.154:80,10.244.211.216:80,10.244.32.145:80)
mytest.tomcat.com
/ my-tomcat-service-ig:8080 (10.244.122.156:8080,10.244.211.219:8080,10.244.32.147:8080)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
Normal Sync 29m (x3 over 125m) nginx-ingress-controller Scheduled for sync
#----------------------------
# 访问测试
curl mytest.nginx.com
curl mytest.tomcat.com
