一、ingress和ingress-controller
ingress对象: 指的是k8s中的⼀个api对象/资源对象,⼀般⽤yaml配置。作⽤是定义请求如何转发到service的规则,可以理解为配置模板。
ingress-controller: 具体实现反向代理及负载均衡的程序,对ingress定义的规则进⾏解析,根据配置的规则来实现请求转发;
简单来说,ingress-controller才是负责具体转发的组件,通过各种⽅式将它暴露在集群⼊⼝,外部对集群的请求流量会先到ingress-controller,⽽ingress对象是⽤来告诉ingress-controller该如何转发请求,⽐如哪些域名哪些path要转发到哪些服务等等;
对于不同的URL地址经常对应
⽤不同的后端服务或者虚拟服务器,这些应⽤层的转发机制仅通过kubernetes的service机制是⽆法实
现的,这种情况我们可以使⽤ingress策略定义和⼀个具体的ingress Controller. Ingress提供七层负载
均衡能⼒,可以通过 Ingress 配置提供外部可访问的 URL、负载均衡、SSL、基于名称的虚拟主机等。
作为集群流量接⼊层,Ingress 的⾼可靠性显得尤为重要;
这个负载均衡是基于nginx七层反向代理来实现的,ingress⼯作原理如下图:
2)Ingress ⼀般由三个组件组成:
Nginx 反向代理负载均衡器
Ingress Controller 可以理解为控制器,它通过不断的跟 Kubernetes API 交互,实时获取后端Service、Pod 等的变化,⽐如新增、删除等,然后结合 Ingress 定义的规则⽣成配置,然后动态更新上边的 Nginx 负载均衡器,并刷新使配置⽣效,来达到服务⾃动发现的作⽤。
Ingress 则是定义规则,通过它定义某个域名的请求过来之后转发到集群中指定的 Service。它可以通过 Yaml ⽂件定义,可以给⼀个或多个 Service 定义⼀个或多个 Ingress 规则
二、部署Ingress控制器(nginx)
1.下载ingress controller
wget https://github.com/kubernetes/ingress-nginx/archive/nginx-0.30.0.tar.gz
2.解压到/mnt目录下
tar xzvf nginx-0.30.0.tar.gz -C /mnt
3.修改配置文件
[root@k8s-master static]# pwd
/mnt/nginx-0.30.0/deploy/static
[root@k8s-master static]# ls
configmap.yaml mandatory.yaml namespace.yaml provider rbac.yaml with-rbac.yaml
[root@k8s-master static]# vim mandatory.yaml#找到已下apiserver 的版本;大概在190行左右apiVersion: apps/v1kind: DaemonSet # 将原来的 Deployment 修改为 DaemonSetmetadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxspec:#replicas: 1 #将这⾥注释selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionsterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccounthostNetwork: true #添加此配置,共享宿主机⽹络,将下面两行注释掉# nodeSelector:# custom/ingress-controller-ready: "true" # 添加此配置containers:- name: nginx-ingress-controllerimage: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0# 提前将镜像拉下来args:- /nginx-ingress-controller
4、应用并创建ingress
[root@k8s-master static]# kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
5.测试ingress
[root@k8s-master ingress]# vim my-apache.yaml
[root@k8s-master ingress]# cat my-apache.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-apache
spec:
selector:
matchLabels:
run: my-apache
replicas: 2
template:
metadata:
labels:
run: my-apache
spec:
containers:
- name: my-apache
image: daocloud.io/library/httpd:2.4
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-apache
labels:
run: my-apache
spec:
#type: NodePort
ports:
- port: 80
targetPort: 80
#nodePort: 30002
selector:
run: my-apache
[root@k8s-master ingress]# vim my-nginx.yaml
[root@k8s-master ingress]# cat my-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
run: my-nginx
replicas: 2
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: daocloud.io/library/nginx:1.7.9
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
#type: NodePort
ports:
- port: 80
targetPort: 80
#nodePort: 30001
selector:
run: my-nginx
[root@k8s-master ingress]# kubectl apply -f my-apache.yaml
deployment.apps/my-apache created
service/my-apache created
[root@k8s-master ingress]# kubectl apply -f my-nginx.yaml
deployment.apps/my-nginx created
service/my-nginx created
[root@k8s-master ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d
my-apache ClusterIP 10.96.232.20 <none> 80/TCP 22s
my-nginx ClusterIP 10.109.72.52 <none> 80/TCP 13s
redis-access-service ClusterIP 10.103.21.164 <none> 6379/TCP 5h50m
redis-service ClusterIP None <none> 6379/TCP 7h33m
[root@k8s-master ingress]# kubectl get pod
NAME READY STATUS RESTARTS AGE
my-apache-7c88db656c-6s7zd 1/1 Running 0 31s
my-apache-7c88db656c-xvmg8 1/1 Running 0 31s
my-nginx-5fdc96f9b4-dmsm7 1/1 Running 0 22s
my-nginx-5fdc96f9b4-pl2w4 1/1 Running 0 22s
6.配置ingress转发文件
1)宿主机网络模式:hostNetwork
[root@k8s-master ingress]# vim ingress-test.yaml
[root@k8s-master ingress]# cat ingress-test.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: www.ingress.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-apache
port:
number: 80
[root@k8s-master ingress]# kubectl apply -f ingress-test.yaml
ingress.networking.k8s.io/test-ingress created
[root@k8s-master ingress]# kubectl get ingress
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
test-ingress <none> www.ingress.com 80 21s
[root@k8s-master ingress]# vim /etc/hosts
# 添加www.ingress.com的域名解析
192.168.22.135 k8s-node1 www.ingress.com
192.168.22.136 k8s-node2 www.ingress.com
[root@k8s-master ingress]# curl www.ingress.com
<html><body><h1>It works!</h1></body></html>2)nodePort方式
将上述mandatory.yaml文件修改一下,
#找到已下apiserver的版本;大概在190行左右
apiVersion: apps/v1
kind: Deployment #将原来的DaemonSet修改为Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 2 #将这⾥注释取消掉
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
#hostNetwork: true #这一行注释掉,将下面两行注释掉
# nodeSelector:
# custom/ingress-controller-ready: "true"
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
#提前将镜像拉下来
args:
- /nginx-ingress-controller将my-apache.yaml和my-nginx.yaml文件中的type:NodePort这一行的注释取消掉,应用就可以了;
[root@k8s-master ingress]# cat my-apache.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-apache
spec:
selector:
matchLabels:
run: my-apache
replicas: 2
template:
metadata:
labels:
run: my-apache
spec:
containers:
- name: my-apache
image: daocloud.io/library/httpd:2.4
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-apache
labels:
run: my-apache
spec:
type: NodePort #将这一行注释取消掉
ports:
- port: 80
targetPort: 80
#nodePort: 30002 #这一行注释不取消掉则会随机指定一个端口号
selector:
run: my-apache然后应用即可;
[root@k8s-master nodeport]# kubectl apply -f mandatory.yaml[root@k8s-master nodeport]# kubectl apply -f my-apache.yml[root@k8s-master nodeport]# kubectl apply -f my-nginx.yml[root@k8s-master nodeport]# kubectl apply -f ingress-test.yaml
查看并测试
[root@k8s-master ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d1h
my-apache NodePort 10.104.49.58 <none> 80:30002/TCP 72s
my-nginx NodePort 10.110.73.158 <none> 80:30001/TCP 66s
redis-access-service ClusterIP 10.103.21.164 <none> 6379/TCP 6h59m
redis-service ClusterIP None <none> 6379/TCP 8h打开浏览器访问,如果访问不到记得做域名解析;win+r打开运行窗口,输入drivers,打开etc文件中的hosts文件,写入域名解析即可;
