1、概述
在上篇文章中我们详解销售了Ingress是什么、有什么用以及怎么安装,如果没有看的建议先看下,然后再来看这篇文章,上篇文章地址:https://blog.csdn.net/u011837804/article/details/128564606
这篇文章我们用实际操作,演示怎么使用Ingress。
2、准备Service、Pod
为了后面的实验比较方便,创建如下图所示的模型
安装上述图片模型,我们创建3个Nginx Pod和3个Tomcat Pod,并分配为他们创建servce ,yaml文件名叫tomcat-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
app: tomcat-pod
template:
metadata:
labels:
app: tomcat-pod
spec:
containers:
- name: tomcat
image: tomcat:8.0
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: dev
spec:
selector:
app: nginx-pod
clusterIP: None
type: ClusterIP
ports:
- port: 80
targetPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
namespace: dev
spec:
selector:
app: tomcat-pod
clusterIP: None
type: ClusterIP
ports:
- port: 8080
targetPort: 8080执行文件并查看创建结果
# 创建
[root@k8s-master ~]# kubectl apply -f tomcat-nginx.yaml
deployment.apps/nginx-deployment created
deployment.apps/tomcat-deployment created
service/nginx-service created
service/tomcat-service created
[root@k8s-master ~]#
# 查看 deploy
[root@k8s-master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 2/3 3 2 7s
tomcat-deployment 3/3 3 3 7s
[root@k8s-master ~]#
# 查看pod
[root@k8s-master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
nginx-deployment-69cbb4f6b6-2nwkd 1/1 Running 0 13s
nginx-deployment-69cbb4f6b6-lsqcp 1/1 Running 0 13s
nginx-deployment-69cbb4f6b6-rmfzc 0/1 ContainerCreating 0 13s
tomcat-deployment-798c966d9d-cg59r 1/1 Running 0 13s
tomcat-deployment-798c966d9d-s5blw 1/1 Running 0 13s
tomcat-deployment-798c966d9d-zrjdf 1/1 Running 0 13s
[root@k8s-master ~]#
# 查看svc
[root@k8s-master ~]# kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service ClusterIP None <none> 80/TCP 17s
tomcat-service ClusterIP None <none> 8080/TCP 17s3、在本机配置host
更改本机host,模拟两个域名
# 我的master IP 为192.168.8.120 模拟 nginx域名为 nginx.lc.com
[root@k8s-master ~]# echo "192.168.8.120 nginx.lc.com" >> /etc/hosts
[root@k8s-master ~]#
# 我的master IP 为192.168.8.120 模拟 tomcat域名为 tomcat.lc.com
[root@k8s-master ~]# echo "192.168.8.120 tomcat.lc.com" >> /etc/hosts
[root@k8s-master ~]#
# 查看已添加hosts
[root@k8s-master ~]# cat /etc/hosts
192.168.8.120 nginx.lc.com
192.168.8.120 tomcat.lc.com4、Http代理
创建ingress-http.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-http
namespace: dev
spec:
# 这个很关键,如果写错会导致访问404
ingressClassName: nginx
rules:
- host: nginx.lc.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
- host: tomcat.lc.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 8080ingressClassName 如果忘记自己设置的是什么,可以通过以下方式查询
命令:
kubectl describe deploy ingress-nginx-controller -n ingress-nginx
实际操作
[root@k8s-master ~]#
# 创建
[root@k8s-master ~]# kubectl apply -f ingress-http.yaml
ingress.networking.k8s.io/ingress-http created
[root@k8s-master ~]#
[root@k8s-master ~]#
# 查看ingress
[root@k8s-master ~]# kubectl get ing ingress-http -n dev
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-http nginx nginx.lc.com,tomcat.lc.com 80 64s
[root@k8s-master ~]#
# 查看ingress详情
[root@k8s-master ~]# kubectl describe ing ingress-http -n dev
Name: ingress-http
Labels: <none>
Namespace: dev
Address:
Ingress Class: ingress
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
# 可以看出域名 nginx.lc.com 代理了后端 三个nginx pod 访问
nginx.lc.com
/ nginx-service:80 (172.17.169.187:80,172.17.169.190:80,172.17.36.106:80)
# 可以看出域名 tomcat.lc.com 代理了后端 三个tomcat pod
tomcat.lc.com
/ tomcat-service:8080 (172.17.169.185:8080,172.17.169.188:8080,172.17.36.105:8080)
Annotations: <none>
Events: <none>
# 还记得上篇文章中我们 安装完ingree-nginx 后,查看 ingress-nginx-controller service的结果吗
# 在上面我们已经安装完ingress-http 如果想在外部访问则需此处PORTS,这个端口意思是,如果ing代理的是http即80端口,则外部访问需要使用30577(随机生成的,可以自定义)端口访问,如果ing代理的是https即443端口,则外部访问需要使用32667(也是随机生成,当然可以自定义)端口访问
[root@k8s-master ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.15.245.169 <none> 80:30577/TCP,443:32667/TCP 41h
ingress-nginx-controller-admission ClusterIP 10.0.156.229 <none> 443/TCP
# 本次实例我们的tomcat和nginx都是80 端口,所以访问的时候都需要在域名 后面增加 :30577 才可正常访问本机访问效果
5、Https代理
5.1、创建证书
实际生产我们需要申请https nginx证书,这里我们就模拟创建一个证书
# 创建证书
[root@k8s-master ~]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=lc.com"
Generating a 2048 bit RSA private key
...........+++
..............................+++
writing new private key to 'tls.key'
-----
[root@k8s-master ~]#
# 证书已创建
[root@k8s-master ~]# ls
tls.crt tls.key
# 创建密钥 这个秘钥创建,如果不会先记着,后续有讲解
[root@k8s-master ~]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt
secret/tls-secret created
[root@k8s-master ~]#
# 查看已创建秘钥
[root@k8s-master ~]# kubectl get secret
NAME TYPE DATA AGE
tls-secret kubernetes.io/tls 2 6s
5.2、创建ingress-https.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-https
namespace: dev
spec:
tls:
- hosts:
- nginx.lc.com
- tomcat.lc.com
secretName: tls-secret # 指定秘钥
ingressClassName: ingress-nginx
rules:
- host: nginx.lc.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
- host: tomcat.lc.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-service
port:
number: 80805.3、实例操作效果
# 创建
[root@k8s-master ~]# kubectl apply -f ingress-https.yaml
ingress.networking.k8s.io/ingress-https created
[root@k8s-master ~]#
# 查看ing
[root@k8s-master ~]# kubectl get ing ingress-https -n dev
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-https ingress-nginx nginx.lc.com,tomcat.lc.com 80, 443 7s
[root@k8s-master ~]#
# 查看ing 详情
[root@k8s-master ~]# kubectl describe ing ingress-https -n dev
Name: ingress-https
Labels: <none>
Namespace: dev
Address:
Ingress Class: ingress-nginx
Default backend: <default>
# TLS已关联
TLS:
tls-secret terminates nginx.lc.com,tomcat.lc.com
Rules:
# 规则也已经创建
Host Path Backends
---- ---- --------
nginx.lc.com
/ nginx-service:80 (172.17.169.187:80,172.17.169.190:80,172.17.36.106:80)
tomcat.lc.com
/ tomcat-service:8080 (172.17.169.185:8080,172.17.169.188:8080,172.17.36.105:8080)
Annotations: <none>
Events: <none>
[root@k8s-master ~]#
# 查看访问443 需要什么用什么端口 此处是32667
[root@k8s-master ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.15.245.169 <none> 80:30577/TCP,443:32667/TCP 41h
ingress-nginx-controller-admission ClusterIP 10.0.156.229 <none> 443/TCP
# 在本地访问 https://tomcat.lc.com:32667 和 https://nginx.lc.com:32667 查看效果
