k8s搭建和部署应用完成后,可以通过NodePort,Loadbalancer,Ingress方式将应用端口暴露到集群外部,提供外部访问。
缺点:
NodePort占用端口,大量暴露端口非常不安全,并且有端口数量限制【不推荐】;
Loadbalancer 非常好用,但是得加钱才行【视情况定】
Ingress 配置稍微复杂,并且需要内部DNS解析转发【推荐】
Ingress-nginx-controller 安装部署见k8s安装ingress-nginx DaemonSet + HostNetwork + nodeSelector
因为Ingress-nginx-controller是部署在k8s集群内部以pod方式运行,是可以访问到集群内部k8s的各个服务的,而只需要将Ingress-nginx-controller监听的80/443端口提供暴露给外部访问,并安装一定规则进行代理转发,即可实现外部通过Ingress-nginx-controller访问到内部应用中。
简易理解ingress 同 svc,pod关系,ingress --转发–> svc --转发–> pods
这里简易部署nginx、tomcat为例:
vi nginx-tomcat-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx-container
image: nginx:latest
ports:
- name: nginx-port
containerPort: 80
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: tomcat-pod
template:
metadata:
labels:
app: tomcat-pod
spec:
containers:
- name: tomcat-container
image: tomcat:8.5-jre10-slim
ports:
- name: tomcat-port
containerPort: 8080
protocol: TCP
执行部署
kubectl apply -f nginx-tomcat-deployment.yaml
配置nginx和tomcat访问服务svc脚本,监听nginx-80/tomcat-8080端口nginx-tomcat-service.yaml
vi nginx-tomcat-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: default
spec:
selector:
app: nginx-pod
type: ClusterIP # 默认使用ClusterIP不使用NodePort方式
# clusterIP: None
ports:
- protocol: TCP
port: 80
targetPort: 80 # 部署的nginx端口
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: default
spec:
selector:
app: tomcat-pod
type: ClusterIP # 默认使用ClusterIP不使用NodePort方式
# clusterIP: None
ports:
- protocol: TCP
port: 8080
targetPort: 8080 # 部署的tomcat端口
执行部署
kubectl apply -f nginx-tomcat-service.yaml
编写ingress脚本,ingress目的就是访问将指定访问url或域名的配置提交给ingress-nginx-controller做反向代理转发到选择绑定的service中,实现pod应用暴露给外部访问。
nginx-tomcat-ingress.yaml由nginx代理转发到nginx/tomcat的svc端口
vi nginx-tomcat-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-http
annotations:
kubernetes.io/ingress.class: "nginx" # 必须添加防止访问404
spec:
rules:
- host: ng.yunzaixin.top # 配置转发地址
http:
paths:
- path: /
pathType: Prefix # 前缀匹配
backend:
service:
name: nginx-svc # 转发到那个svc中
port:
number: 80 # 转发到svc中绑定的端口
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat-http
annotations:
kubernetes.io/ingress.class: "nginx" # 必须添加防止访问404
spec:
rules:
- host: tomcat.yunzaixin.top # 配置转发地址
http:
paths:
- path: /
pathType: Prefix # 前缀匹配
backend:
service:
name: tomcat-svc # 转发到那个svc中
port:
number: 8080 # 转发到svc中绑定的端口
执行部署
kubectl apply -f nginx-tomcat-ingress.yaml
相当于访问tomcat.yunzaixin.top 或者ng.yunzaixin.top ,ingress-nginx-controller将会转发到nginx-svc或tomcat-svc,nginx-svc或tomcat-svc转发到对应得nginx或tomcat中
在运行ingress-nginx-controller节点主机上访问:
curl ng.yunzaixin.top
curl tomcat.yunzaixin.top
![2023年中国汽车铸造模具竞争现状及行业市场规模前景分析[图]](https://img-blog.csdnimg.cn/img_convert/86735421771191cdfc89a36f22745a32.png)
![【C++入门到精通】哈希 (STL) _ unordered_map _ unordered_set [ C++入门 ]](https://img-blog.csdnimg.cn/4868d249e6f9452abf489fbc82caf53b.jpeg#pic_center)
