1 Ingress简介
原理解析
Ingress是授权入站连接到达集群服务的规则集合。
从外部流量调度到nodeport上的service
从service调度到ingress-controller
ingress-controller根据ingress[Pod]中的定义(虚拟主机或者后端的url)
根据虚拟主机名直接调度到后端的一组应用pod中
2 Ingress部署
环境部署
获取配置文件
cd /data/kubernetes/app_secure
mkdir ingress ; cd ingress
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/baremetal/deploy.yaml
mv deploy.yaml ingress-deploy.yaml
cp ingress-deploy.yaml{,.bak}
默认镜像
]# grep image: ingress-deploy.yaml | awk -F '/|@' '{print $(NF-1)}' | uniq
controller:v1.3.1
kube-webhook-certgen:v1.3.0
获取镜像
for i in nginx-ingress-controller:v1.3.1 kube-webhook-certgen:v1.3.0
do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$i
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$i kubernetes-register.sswang.com/google_containers/$i
docker push kubernetes-register.sswang.com/google_containers/$i
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$i
done
注意:
controller的名称是需要更改一下,阿里云的镜像名称多了一个标识
修改基础镜像
]# grep image: ingress-deploy.yaml
image: kubernetes-register.sswang.com/google_containers/nginx-ingress-controller:v1.3.1
image: kubernetes-register.sswang.com/google_containers/kube-webhook-certgen:v1.3.0
image: kubernetes-register.sswang.com/google_containers/kube-webhook-certgen:v1.3.0
开放访问入口地址
]# vim ingress-deploy.yaml
...
334 apiVersion: v1
335 kind: Service
...
344 namespace: ingress-nginx
345 spec:
...
348 ipFamilyPolicy: SingleStack
349 externalIPs: ['10.0.0.12'] # 限制集群外部访问的入口ip
350 ports:
351 - appProtocol: http
352 name: http
353 port: 80
...
628 failurePolicy: Ignore # 为了避免默认的准入控制限制,改为Ignore
...
应用资源配置文件
]# kubectl apply -f ingress-deploy.yaml
确认效果
]# kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-s5p7h 0/1 Completed 0 105s
pod/ingress-nginx-admission-patch-qnjmv 0/1 Completed 0 105s
pod/ingress-nginx-controller-6cc467dfd9-c2dfg 1/1 Running 0 105s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.109.163.145 10.0.0.12 80:30439/TCP,443:31912/TCP 105s
service/ingress-nginx-controller-admission ClusterIP 10.96.223.121 <none> 443/TCP 105s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 105s
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-6cc467dfd9 1 1 1 105s
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 8s 105s
job.batch/ingress-nginx-admission-patch 1/1 7s 105s
测试访问页面
]# curl 10.0.0.12:30439
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
3 Ingress实践
定制资源清单文件
定制资源清单文件
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: superopsmsb-ingress-mulhost
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: nginx.sswang.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sswang-nginx-web
port:
number: 80
- host: tomcat.sswang.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sswang-tomcat-web
port:
number: 8080