Linux——K8s集群实现外部访问(Ingress)
环境:masternode01node02192.168.1.40192.168.1.41192.168.1.42Ingress作用:Ingress 是对集群中服务的外部访问进行管理的 API 对象。1.创建deploymentPS:创建nginx和httpd[root@master yaml]# vim nginx.yamlkind: DeploymentapiVersion: extensi
·
环境:
| master | node01 | node02 |
|---|---|---|
| 192.168.1.40 | 192.168.1.41 | 192.168.1.42 |
Ingress
作用:Ingress 是对集群中服务的外部访问进行管理的 API 对象。
1.创建deployment
PS:创建nginx和httpd
[root@master yaml]# vim nginx.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nginx
spec:
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
---
kind: Service
apiVersion: v1
metadata:
name: nginx-svc
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master yaml]# kubectl apply -f nginx.yaml
deployment.extensions/nginx created
service/nginx-svc created
[root@master yaml]# vim httpd.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: httpd
spec:
replicas: 3
template:
metadata:
labels:
app: httpd
spec:
containers:
- name: httpd
image: httpd
---
kind: Service
apiVersion: v1
metadata:
name: httpd-svc
spec:
selector:
app: httpd
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master yaml]# kubectl apply -f httpd.yaml
deployment.extensions/httpd created
service/httpd-svc created
[root@master yaml]# kubectl get deployments.
NAME READY UP-TO-DATE AVAILABLE AGE
httpd 3/3 3 3 117s
nginx 3/3 3 3 3m10s
[root@master yaml]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd-svc ClusterIP 10.97.134.80 <none> 80/TCP 2m1s
nginx-svc ClusterIP 10.96.37.85 <none> 80/TCP 3m14s
2.部署Ingress
2.1 下载Ingress文件
[root@master yaml]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.35.0/deploy/static/provider/baremetal/deploy.yaml
2.2 修改yaml文件
[root@master yaml]# vim deploy.yaml
......
spec:
hostNetwork: true #本地网络访问
dnsPolicy: ClusterFirst
containers:
- name: controller
image: registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.30.0
imagePullPolicy: IfNotPresent
......
[root@master yaml]# kubectl apply -f deploy.yaml
2.3 查看
PS:namespace为ingress-nginx
[root@master yaml]# kubectl get pod -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-nginx-admission-create-qqjz2 0/1 Completed 0 3m30s 10.244.1.9 node02 <none> <none>
ingress-nginx-admission-patch-7xkk8 0/1 Completed 0 3m30s 10.244.2.7 node01 <none> <none>
ingress-nginx-controller-6584bf6bc8-hj9zk 1/1 Running 0 3m30s 192.168.1.41 node01 <none> <none>
[root@master yaml]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.97.134.37 <none> 80:31126/TCP,443:31537/TCP 3m23s
ingress-nginx-controller-admission ClusterIP 10.96.170.183 <none> 443/TCP 3m23s
2.4 查看Ingress-nginx-controller容器内部详情
PS:它现在已经有一个模板,用来描述Ingress资源能够收集到的信息了
[root@master yaml]# kubectl exec -it -n ingress-nginx ingress-nginx-controller-6584bf6bc8-hj9zk sh
/etc/nginx $ cat nginx.conf
......
location / {
set $namespace "";
set $ingress_name "";
set $service_name "";
set $service_port "";
set $location_path "/";
......
3.基于httpd的访问
3.1 创建对应的Ingress规则
[root@master yaml]# vim ingress-httpd.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: web-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: wwww.ingress.com
http:
paths:
- path: /nginx
backend:
serviceName: nginx-svc
servicePort: 80
- path: /httpd
backend:
serviceName: httpd-svc
servicePort: 80
[root@master yaml]# kubectl apply -f ingress-httpd.yaml
ingress.extensions/web-ingress created
3.2 查看对应规则的详细信息
[root@master yaml]# kubectl describe ingresses. web-ingress
Name: web-ingress
Namespace: default
Address: 192.168.1.41
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
web.ingress.com
/nginx nginx-svc:80 (10.244.1.2:80,10.244.2.2:80,10.244.2.3:80)
/httpd httpd-svc:80 (10.244.1.3:80,10.244.1.4:80,10.244.2.4:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"web-ingress","namespace":"default"},"spec":{"rules":[{"host":"web.ingress.com","http":{"paths":[{"backend":{"serviceName":"nginx-svc","servicePort":80},"path":"/nginx"},{"backend":{"serviceName":"httpd-svc","servicePort":80},"path":"/httpd"}]}}]}}
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 50s nginx-ingress-controller Ingress default/web-ingress
Normal UPDATE 3s nginx-ingress-controller Ingress default/web-ingress
3.3 查看Ingress-nginx-controller容器内部详情
[root@master yaml]# kubectl exec -it -n ingress-nginx ingress-nginx-controller-6584bf6bc8-hj9zk sh
/etc/nginx $ cat nginx.conf
......
location ~* "^/nginx" {
set $namespace "default";
set $ingress_name "web-ingress";
set $service_name "nginx-svc";
set $service_port "80";
set $location_path "/nginx";
......
location ~* "^/httpd" {
set $namespace "default";
set $ingress_name "web-ingress";
set $service_name "httpd-svc";
set $service_port "80";
set $location_path "/httpd";
......
3.4 访问
PS:有DNS的话可以设置解析,没有的话必须在host文件下添加域名解析才可访问
windows:C:\Windows\System32\drivers\etc\
linux:/etc/hosts
[root@client ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.41 wwww.ingress.com
4.基于http实现虚拟机主机的访问
4.1创建Ingress规则
[root@master yaml]# vim ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress1
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: ingress1.web.io
http:
paths:
- path: /nginx
backend:
serviceName: nginx-svc
servicePort: 80
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress2
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: ingress2.web.io
http:
paths:
- path: /httpd
backend:
serviceName: httpd-svc
servicePort: 80
[root@master yaml]# kubectl apply -f ingress.yaml
ingress.extensions/ingress1 created
ingress.extensions/ingress2 created
4.2 查看对应的Ingress规则
[root@master yaml]# kubectl describe ingresses. ingress1
Name: ingress1
Namespace: default
Address: 192.168.1.41
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
ingress1.web.io
/nginx nginx-svc:80 (10.244.1.2:80,10.244.2.2:80,10.244.2.3:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"ingress1","namespace":"default"},"spec":{"rules":[{"host":"ingress1.web.io","http":{"paths":[{"backend":{"serviceName":"nginx-svc","servicePort":80},"path":"/nginx"}]}}]}}
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 71s nginx-ingress-controller Ingress default/ingress1
Normal UPDATE 39s nginx-ingress-controller Ingress default/ingress1
[root@master yaml]# kubectl describe ingresses. ingress2
Name: ingress2
Namespace: default
Address: 192.168.1.41
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
ingress2.web.io
/httpd httpd-svc:80 (10.244.1.3:80,10.244.1.4:80,10.244.2.4:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"ingress2","namespace":"default"},"spec":{"rules":[{"host":"ingress2.web.io","http":{"paths":[{"backend":{"serviceName":"httpd-svc","servicePort":80},"path":"/httpd"}]}}]}}
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 73s nginx-ingress-controller Ingress default/ingress2
Normal UPDATE 41s nginx-ingress-controller Ingress default/ingress2
4.3 访问
[root@node02 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.41 ingress1.web.io ingress2.web.io
5.基于https的访问
5.1 创建证书
[root@master yaml]# mkdir https
[root@master yaml]# cd https/
[root@master https]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
Generating a 2048 bit RSA private key
.......................................+++
.....................................................+++
writing new private key to 'tls.key'
-----
[root@master https]# ls
tls.crt tls.key
5.2 用secret创建资源,将证书保存到k8s集群中
[root@master https]# kubectl create secret tls tls-secret --key=tls.key --cert tls.crt
secret/tls-secret created
5.3 创建Deployment和对应Ingress规则
[root@master https]# vim deploy.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: httpds
spec:
replicas: 2
template:
metadata:
labels:
app: httpd
spec:
containers:
- name: httpd
image: httpd
---
kind: Service
apiVersion: v1
metadata:
name: httpdsvc-1
spec:
selector:
app: httpd
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master https]# kubectl apply -f deploy.yaml
deployment.extensions/httpds created
service/httpdsvc-1 created
[root@master https]# vim ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: https
spec:
tls:
- hosts:
- ingress.httpd.com
secretName: tls-secret
rules:
- host: ingress.httpd.com
http:
paths:
- path: /
backend:
serviceName: httpdsvc-1
servicePort: 80
[root@master https]# kubectl apply -f ingress.yaml
ingress.extensions/https created
5.4 访问
[root@node02 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.41 ingress1.web.io ingress2.web.io ingress.httpd.com
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献7条内容
所有评论(0)