手把手带你玩转k8s-完整的发布一个可对外访问的服务
前言连续撸了两篇文,但是还没真正的将服务对外访问,本文还是基于前两篇文的环境,完整的发布一个可对外访问的服务。当然,肯定还是先部署nginx,这里先简单画一下图。先梳理一下问题如图,先决条件:小A同学的公网ip为 47.92.133.211负载均衡器的绑定的公网ip为 47.92.133.212有两个域名a.mldong.com和b.mldong.comk8s集群中有两个服务a和b本文内容:如何配
·
前言
连续撸了两篇文,但是还没真正的将服务对外访问,本文还是基于前两篇文的环境,完整的发布一个可对外访问的服务。当然,肯定还是先部署nginx,这里先简单画一下图。
先梳理一下问题
如图,先决条件:
- 小A同学的公网ip为 47.92.133.211
- 负载均衡器的绑定的公网ip为 47.92.133.212
- 有两个域名
a.mldong.com和b.mldong.com - k8s集群中有两个服务a和b
本文内容:
如何配置,使访问a.mldong.com即为访问服务a,访问b.mldong.com即为访问服务a。
随便贴一下当前集群信息
kubectl get nodes
重新梳理k8s上部署Nginx的流程
├── /mldong/k8s/nginx
├── mldong-test-ns.yaml
├── nginx-cm.yaml
├── nginx-pv.yaml
├── nginx-pvc.yaml
├── nginx-deployment.yaml
├── nginx-service.yaml
└── nginx-ingress.yaml
├── /mnt
├── a
└── index.html
└── b
└── index.html
选择镜像
因为k8s集群目前不能联网,所以需要选择镜像,重新打tag,并推送到私有仓库(内网仓库)内。
-
小A服务器拉取最新的nginx镜像
docker pull nginx:latest -
给镜像添加新的标签
docker tag nginx:latest registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest -
登录镜像仓库
docker login --username=524719755@qq.com registry-vpc.cn-zhangjiakou.aliyuncs.com注意:这里的账号和地址要根据自己创建的阿里云的容器镜像仓库的信息填写。
-
将镜像推送到镜像仓库
docker push registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
创建命名空间
mldong-test-ns.yaml
cat <<EOF > /mldong/k8s/nginx/mldong-test-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mldong-test
EOF
创建ConfigMap
nginx-cm.yaml
cat <<EOF > /mldong/k8s/nginx/nginx-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-cm
namespace: mldong-test
data:
a.conf: |-
server {
listen 80;
server_name a.mldong.com;
location / {
root /usr/share/nginx/html/a;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
b.conf: |-
server {
listen 80;
server_name b.mldong.com;
location / {
root /usr/share/nginx/html/b;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
EOF
创建pv
nginx-pv.yaml
cat <<EOF > /mldong/k8s/nginx/nginx-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: nginx-pv
labels:
alicloud-pvname: nginx-pv
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
csi:
driver: nasplugin.csi.alibabacloud.com
volumeHandle: nginx-pv
volumeAttributes:
server: "9fdd94bf87-wfq66.cn-zhangjiakou.nas.aliyuncs.com"
path: "/"
vers: "3"
storageClassName: nas
EOF
创建pvc
nginx-pvc.yaml
cat <<EOF > /mldong/k8s/nginx/nginx-pv.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
pv.kubernetes.io/bind-completed: 'yes'
pv.kubernetes.io/bound-by-controller: 'yes'
finalizers:
- kubernetes.io/pvc-protection
name: nginx-pvc
namespace: mldong-test
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
selector:
matchLabels:
alicloud-pvname: nginx-pv
storageClassName: nas
volumeMode: Filesystem
volumeName: nginx-pv
EOF
创建pod
nginx-deployment.yaml
cat <<EOF > /mldong/k8s/nginx/nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: mldong-test
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: port
protocol: TCP
volumeMounts:
- name: nginx-pvc
mountPath: "/usr/share/nginx/html"
- name: nginx-cm
mountPath: "/etc/nginx/conf.d"
volumes:
- name: nginx-pvc
persistentVolumeClaim:
claimName: nginx-pvc
- name: nginx-cm
configMap:
name: nginx-cm
EOF
创建Service
nginx-service.yaml
cat <<EOF > /mldong/k8s/nginx/nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-nodeport
namespace: mldong-test
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 32180 # 这里不指定就会随机(30000-32767)
selector:
app: nginx
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: mldong-test
spec:
type: ClusterIP
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
EOF
创建Ingress
nginx-ingress.yaml
cat <<EOF > /mldong/k8s/nginx/nginx-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
name: nginx-ingress
namespace: mldong-test
spec:
rules:
- host: a.mldong.com
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
path: /
- host: b.mldong.com
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
path: /
EOF
依次执行
kubectl apply -f mldong-test-ns.yaml
kubectl apply -f nginx-cm.yaml
kubectl apply -f nginx-pv.yaml
kubectl apply -f nginx-pvc.yaml
kubectl apply -f nginx-deployment.yaml
kubectl apply -f nginx-service.yaml
kubectl apply -f nginx-ingress.yaml
查询
查询ConfigMap
kubectl get configmap -n mldong-test
# 或者
kubectl get cm -n mldong-test
查询pv
kubectl get pv
查询pvc
kubectl get pvc -n mldong-test
查询pod
kubectl get pods -n mldong-test
查询Service
kubectl get service -n mldong-test
# 或者
kubectl get svc -n mldong-test
这里的端口即为k8s服务对外访问的端口,可以通过工作节点ip:port的方式访问。
kubectl get ingress -n mldong-test
这里的ADDRESS不出来,其实是负载均衡的内网ip。
访问集群服务
内网访问
-
先配置hosts
echo "172.26.22.124 worker1" >> /etc/hosts echo "172.26.22.125 worker2" >> /etc/hosts echo "172.26.22.126 a.mldong.com" >> /etc/hosts echo "172.26.22.126 b.mldong.com" >> /etc/hosts
-
curl访问
直接访问节点1
curl -H "a.mldong.com" worker1:32180 curl -H "b.mldong.com" worker1:32180直接访问节点2
curl -H "a.mldong.com" worker2:32180 curl -H "b.mldong.com" worker2:32180访问内网的负载均衡器
curl a.mldong.com curl b.mldong.com结果都为
/mnt/a/index.html和/mnt/a/index.html的内容
外网访问
方案一:给负载均衡实例绑定弹性公网ip。(略)
方案二:小A服务器上的nginx配置代理到a.mldong.com和b.mldong.com,然后再做域名解析
注:小A的nginx和k8s的nginx不是同一个nginx,这里只是为了演示才在k8s上部署nginx的。
这里采用方案二:
小A服务器的nginx新增配置
a.mldong.com.conf
cat <<EOF > /etc/nginx/conf.d/a.mldong.com.conf
server {
listen 80;
server_name a.mldong.com;
location / {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://a.mldong.com; # 这里代理到k8s的nginx-ingress.yaml配置的host
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
EOF
b.mldong.com
cat <<EOF > /etc/nginx/conf.d/a.mldong.com.conf
server {
listen 80;
server_name b.mldong.com;
location / {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://b.mldong.com; # 这里代理到k8s的nginx-ingress.yaml配置的host
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
EOF
添加域名解析
浏览器访问
over!
小结
本文虽然发布的还是nginx这个简单的服务,但是基本上把如何在k8s上发布一个可对外的服务的流程走了一篇。写这一篇的目地也是想一步一步来,有了这个基础后,后续去发布springboot等服务也就变得简单了。
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献6条内容
所有评论(0)