Kubernetes 暴露服务方式
1.1 ClusterIP
Clusterip是集群内部的私有ip,在集群内部访问服务非常方便,也是kuberentes集群默认的方式,直接通过service的Clusterip访问,也可以直接通过ServiceName访问。集群外部则是无法访问的
1.2 NodePort
NodePort 服务是引导外部流量到你的服务的最原始方式。NodePort,正如这个名字所示,在所有节点(虚拟机)上开放一个特定端口,任何发送到该端口的流量都被转发到对应服务。
NodePort 服务特征如下:
每个端口只能是一种服务
端口范围只能是 30000-32767(可调)
不在 YAML 配置文件中指定则会分配一个默认端口
1.3 LoadBalancer
LoadBlancer Service 是 kubernetes 深度结合云平台的一个组件;当使用 LoadBlancer Service 暴露服务时,实际上是通过向底层云平台申请创建一个负载均衡器来向外暴露服务;目前 LoadBlancer Service 支持的云平台已经相对完善,比如国外的 GCE、DigitalOcean,国内的 阿里云,私有云 Openstack 等等,由于 LoadBlancer Service 深度结合了云平台,所以只能在一些云平台上来使用.
1.4 Ingress
Ingress资源对象,用于将不同URL的访问请求转发到后端不同的Service,以实现HTTP层的业务路由机制。Kubernetes使用一个Ingress策略定义和一个具体的Ingress Controller,两者结合并实现了一个完整的Ingress负载均衡器。
Ingress Controller将基于Ingress规则将客户请求直接转发到Service对应的后端Endpoint上,这样会跳过kube-proxy的转发功能,kube-proxy 不再起作用。
Ingress 安装部署
2.1 创建Ingress Controller
在定义Ingress策略之前,需要先部署Ingress Controller,以实现为所有后端Service提供一个统一的入口。Ingress Controller需要实现基于不同HTTP URL向后转发的负载分发机制,并可以灵活设置7层的负载分发策略。如果公有云服务商提供该类型的HTTP路由LoadBalancer,则可以设置其为Ingress Controller.
在Kubernetes中,Ingress Controller将以Pod的形式运行,监控apiserver的/ingress端口后的backend services, 如果service发生变化,则Ingress Controller 应用自动更新其转发规则
Ingress 架构图
ingress.png
2.2 安装backend服务
为了让Ingress Controller 能够正常启动,还需要为它配置一个默认的backend,用于在客户端访问的URL地址不存在时,能够返回一个正确的404应答。这个backend服务用任何应用实现都可以,只要满足默认对路径的访问返回404应答,并且提供/healthz完成对它的健康检查。
2.3 安装ingress 服务
#wget https://github.com/kubernetes/ingress-nginx/archive/nginx-0.30.0.tar.gz
#tar -xf nginx-0.30.0.tar.gz
#cd ingress-nginx-nginx-0.30.0/deploy/static/
#调整mandatory.yaml 配置文件
188 ---
189
190 apiVersion: apps/v1
191 kind: DaemonSet # 从Deployment改为DaemonSet
192 metadata:
193 name: nginx-ingress-controller
194 namespace: ingress-nginx
195 labels:
196 app.kubernetes.io/name: ingress-nginx
197 app.kubernetes.io/part-of: ingress-nginx
198 spec:
199 #replicas: 2 #注销replicas 副本
200 selector:
201 matchLabels:
202 app.kubernetes.io/name: ingress-nginx
203 app.kubernetes.io/part-of: ingress-nginx
204 template:
205 metadata:
206 labels:
207 app.kubernetes.io/name: ingress-nginx
208 app.kubernetes.io/part-of: ingress-nginx
209 annotations:
210 prometheus.io/port: "10254"
211 prometheus.io/scrape: "true"
212 spec:
213 hostNetwork: true # 增加 hostNetwork: true,意思是开启主机网络模式,暴露 Nginx 服务端口 80
214 # wait up to five minutes for the drain of connections
215 terminationGracePeriodSeconds: 300
216 serviceAccountName: nginx-ingress-serviceaccount
217 nodeSelector:
218 Ingress: nginx #制定为node 节点标签为 Ingress:nginx 部署ingress
219 kubernetes.io/os: linux
##########################################新增端口
248 ports:
249 - name: http
250 containerPort: 80
hostPort: 80 # 添加处【可在宿主机通过该端口访问Pod】
251 protocol: TCP
252 - name: https
253 containerPort: 443
hostPort: 443 # 添加处【可在宿主机通过该端口访问Pod】
254 protocol: TCP
#部署创建ingress
#kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
# kubectl get ds -n ingress-nginx -o wide
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
nginx-ingress-controller 1 1 1 1 1 Ingress=nginx,kubernetes.io/os=linux 31d nginx-ingress-controller registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.30.0 app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/part-of=ingress-nginx
# kubectl get pod -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-8r4ph 1/1 Running 0 31d 10.65.4.1 k8s-node-001 <none> <none>
2.4 部署服务测试实例
#cat deply_service1.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy1
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: v1
template:
metadata:
labels:
app: myapp
release: v1
env: test
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1
namespace: default
spec:
type: ClusterIP # 默认类型
selector:
app: myapp
release: v1
ports:
- name: http
port: 80
targetPort: 80
# kubectl apply -f deply_service1.yml
2.5 部署ingress http backend 代理访问
#cat ingress-http-backend.yml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nginx-http
namespace: default
spec:
rules:
- host: www.frank.com
http:
paths:
- path: /
backend:
serviceName: myapp-clusterip1
#kubectl apply -f ingress-http-backend.yml
2.6 验证ingress 服务
#新增C:\WINDOWS\System32\drivers\etc\hosts
10.65.4.1 www.frank.com
ingress-001.png
