Ingress是什么
Ingress :简单理解就是个规则定义;比如说某个域名对应某个 service,即当某个域名的请求进来时转发给某个 service;这个规则将与 Ingress Controller 结合,然后 Ingress Controller 将其动态写入到负载均衡器配置中,从而实现整体的服务发现和负载均衡
Ingress Controller
实质上可以理解为是个监视器,Ingress Controller 通过不断地跟 kubernetes API 打交道,实时的感知后端 service、pod 等变化,比如新增和减少 pod,service 增加与减少等;当得到这些变化信息后,Ingress Controller 再结合Ingress 生成配置,然后更新反向代理负载均衡器,并刷新其配置,达到服务发现的作用
安装Ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml #安装ingress-Controller创建一后端pod service:
[root@master ingress]# kubectl apply -f deploy-demo.yaml[root@master ingress]# cat deploy-demo.yaml apiVersion: v1kind: Servicemetadata: ?name: myapp ?namespace: defaultspec: ?selector: ???app: myapp ???release: canary ?ports: ?- name: http ???targetPort: 80 ???port: 80---apiVersion: apps/v1kind: Deploymentmetadata: ?name: myapp-deploy ?namespace: defaultspec: ?replicas: 3 ?selector: ???matchLabels: ?????app: myapp ?????release: canary ?template: ???metadata: ?????labels: ???????app: myapp ???????release: canary ???spec: ?????containers: ?????- name: myapp ???????image: ikubernetes/myapp:v2 ???????ports: ???????- name: http ?????????containerPort: 80创建一个用于暴露端口的service
[root@master baremetal]# kubectl apply -f service-nodeport.yaml[root@master baremetal]# cat service-nodeport.yaml apiVersion: v1kind: Servicemetadata: ?name: ingress-nginx ?namespace: ingress-nginx ?labels: ???app.kubernetes.io/name: ingress-nginx ???app.kubernetes.io/part-of: ingress-nginxspec: ?type: NodePort ?ports: ???- name: http ?????port: 80 ?????targetPort: 80 ?????protocol: TCP ?????nodePort: 30080 ???- name: https ?????port: 443 ?????targetPort: 443 ?????protocol: TCP ?????nodePort: 30443 ?selector: ???app.kubernetes.io/name: ingress-nginx创建Ingress文件
[root@master ingress]# kubectl apply -f ingress-myapp.yaml[root@master ingress]# cat ingress-myapp.yaml apiVersion: extensions/v1beta1kind: Ingressmetadata: ?name: ingress-myapp ?namespace: default ?annotations: ???kubernetes.io/ingress.class: "nginx"spec: ?rules: ?- host: myapp.template.com ???http: ?????paths: ?????- path: ???????backend: ?????????serviceName: myapp ?????????servicePort: 80查看信息
[root@master ingress]# kubectl get ingressNAME ????????????????HOSTS ????????????????ADDRESS ??PORTS ????AGEingress-myapp ???????myapp.template.com ?????????????80 ???????5h55[root@master ingress]# kubectl get svcNAME ????????TYPE ???????CLUSTER-IP ??????EXTERNAL-IP ??PORT(S) ????????????AGEmyapp ???????ClusterIP ??10.98.30.144 ????<none> ???????80/TCP ?????????????4h7m[root@master ingress]# kubectl get podsNAME ????????????????????????????READY ??STATUS ???RESTARTS ??AGEmyapp-deploy-7b64976db9-lfnlv ???1/1 ????Running ??0 ?????????6h30mmyapp-deploy-7b64976db9-nrfgs ???1/1 ????Running ??0 ?????????6h30mmyapp-deploy-7b64976db9-pbqvh ???1/1 ????Running ??0 ?????????6h30m#访问[root@master ingress]# curl myapp.template.com:30080Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
Ingress使用ssl
[root@master ingress]# cat tomcat-deploy.yaml apiVersion: v1kind: Servicemetadata: ?name: tomcat ?namespace: defaultspec: ?selector: ???app: tomcat ???release: canary ?ports: ?- name: http ???targetPort: 8080 ???port: 8080 ?- name: ajp ???targetPort: 8009 ???port: 8009 ???---apiVersion: apps/v1kind: Deploymentmetadata: ?name: tomcat-deploy ?namespace: defaultspec: ?replicas: 3 ?selector: ???matchLabels: ?????app: tomcat ?????release: canary ?template: ???metadata: ?????labels: ???????app: tomcat ???????release: canary ???spec: ?????containers: ?????- name: tomcat ???????image: tomcat:8.5-alpine ???????ports: ???????- name: http ?????????containerPort: 8080 ???????- name: ajp ?????????containerPort: 8009[root@master ingress]# kubectl apply -f ?tomcat-deploy.yaml [root@master ingress]# openssl genrsa -out tls.key 2048[root@master ingress]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.template.com[root@master ingress]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key[root@master ingress]# kubectl get secretNAME ???????????????????TYPE ?????????????????????????????????DATA ??AGEdefault-token-962mh ????kubernetes.io/service-account-token ??3 ?????32htomcat-ingress-secret ??kubernetes.io/tls ????????????????????2 ?????66m[root@master ingress]# cat ingress-tomcat-tls.yaml apiVersion: extensions/v1beta1kind: Ingressmetadata: ?name: ingress-tomcat-tls ?namespace: default ?annotations: ???kubernetes.io/ingress.class: "nginx"spec: ?tls: ?- hosts: ?????- tomcat.template.com ???secretName: tomcat-ingress-secret ?rules: ?- host: tomcat.template.com ???http: ?????paths: ?????- path: ???????backend: ?????????serviceName: tomcat ?????????servicePort: 8080[root@master ingress]# kubectl apply -f ingress-tomcat-tls.yaml[root@master ingress]# curl -k https://tomcat.template.com:30443 #测试访问Kubernetes中的Ingress
原文地址:https://www.cnblogs.com/Template/p/9845025.html