不要直接使用和管理Pods,为什么?

当我们直接通过Pod的IP地址和端口号可以访问到容器应用内的服务,Pod的IP地址是不可靠的,例如当Pod所在的Node发生故障时,Pod将被Kubernetes重新调度到另一个Node,Pod的IP地址将发生变化。更重要的是,如果容器应用本身是分布式的部署方式,通过多个实例共同提供服务,就需要在这些实例的前端设置一个负载均衡器来实现请求的分发。Kubernetes中的Service就是用于解决这些问题的核心组件。

一、集群访问(ClusterIP)

apiVersion: v1
kind: Service
metadata:
  name: redis
  namespace: default
spec:
  selector:
    app: redis
    role: logstor
  clusterIP: 10.97.97.97 # 可以不指定,将会自动分配
  type: ClusterIP
  ports:
  - port: 6379
    targetPort: 6379
 

#port:service的端口
#targetPort:pod的端口
#nodePort:宿主机的端口

二、NodePort

将物理机的端口映射到service的端口,外部可通过宿主机IP+port的方式访问

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    role: canary
  clusterIP: 10.99.99.99
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30080 # 可以不指定,将会自动分配

三、无头service

资源记录:

SVC_NAME.NS_NAME.DOMAIN.LTD

svc.cluster.local

XXX.default.svc.cluster.local

无头service--不指定ClusterIP:

无头service是指service name直接解析为后面的pod ip,无头就是没有cluster ip牵头,有clusterIP就一定解析到clusterIP

apiVersion: v1
kind: Service
metadata:
  name: myapp-svc
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  clusterIP: "None"
  ports:
  - port: 80
    targetPort: 80
 
kubectl apply -f myapp-svc-headless.yaml
kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   13d
myapp-svc    ClusterIP   None         <none>        80/TCP    6s
 
# 直接解析为后端pod ip
dig -t A myapp-svc.default.svc.cluster.local. @10.96.0.10
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.2.8
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.1.10
 
kubectl get pods -o wide
NAME                            READY   STATUS    AGE     IP            NODE    
myapp-deploy-65df64765c-6vrjq   1/1     Running   9s      10.244.2.8    k8s-node2
myapp-deploy-65df64765c-88h9d   1/1     Running   9s      10.244.1.10   k8s-node1

四、Ingress

什么是Ingress?

从前面的学习,我们可以了解到Kubernetes暴露服务的方式目前只有三种:LoadBlancer Service、ExternalName、NodePort Service、Ingress;而我们需要将集群内服务提供外界访问就会产生以下几个问题

五、Ingress Nginx部署

网址:https://github.com/kubernetes/ingress-nginx/tree/nginx-0.20.0/deploy

 

使用Ingress功能步骤:
1、安装部署ingress controller Pod
2、部署后端服务
3、部署ingress-nginx service
4、部署ingress

第一步: 准备镜像,从这里mandatory.yaml查看需要哪些镜像

已经准备好, 可以直接点击下载

镜像名称版本下载地址
k8s.gcr.io/defaultbackend-amd641.5registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64
quay.io/kubernetes-ingress-controller/nginx-ingress-controller0.20.0registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller

如:
docker pull registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller:0.20.0
将镜像上传到自己的私有仓库,以供下面的步骤使用。

第二步: 更新mandatory.yaml中的镜像地址

替换成自己的镜像地址:

  1. 替换defaultbackend-amd64镜像地址
    sed -i 's#k8s.gcr.io/defaultbackend-amd64#registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64#g' mandatory.yaml
    
  2. 替换nginx-ingress-controller镜像地址
    sed -i 's#quay.io/kubernetes-ingress-controller/nginx-ingress-controller#registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller#g' mandatory.yaml
    

第三步: 部署nginx-ingress-controller

kubectl apply -f mandatory.yaml

 

 

部署后端服务

[root@k8s-master ingress-nginx]# cd ../mainfests/
[root@k8s-master mainfests]# mkdir ingress && cd ingress
[root@k8s-master ingress]# cp ../deploy-demo.yaml .
[root@k8s-master ingress]# vim deploy-demo.yaml 
#创建service为myapp
apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  ports:
  - name: http
    targetPort: 80
    port: 80
---
#创建后端服务的pod
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-backend-pod
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: ikubernetes/myapp:v2
        ports:
        - name: http
          containerPort: 80
[root@k8s-master ingress]# kubectl apply -f deploy-demo.yaml 
service/myapp created
deployment.apps/myapp-backend-pod unchanged

查看新建的后端服务pod

[root@k8s-master ingress]# kubectl get pods
NAME                                 READY     STATUS    RESTARTS   AGE
myapp-backend-pod-67f6f6b4dc-9jl9q   1/1       Running   0          7m
myapp-backend-pod-67f6f6b4dc-x5jsb   1/1       Running   0          7m
myapp-backend-pod-67f6f6b4dc-xzxbj   1/1       Running   0          7m

部署ingress-nginx service

通过ingress-controller对外提供服务,现在还需要手动给ingress-controller建立一个service,接收集群外部流量。方法如下:

[root@k8s-master ingress]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
[root@k8s-master ingress]# vim service-nodeport.yaml 
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
 
---

创建ingress-controller的service,并测试访问

[root@k8s-master ingress]# kubectl apply -f service-nodeport.yaml 
service/ingress-nginx created
[root@k8s-master ingress]# kubectl get svc -n ingress-nginx
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
default-http-backend   ClusterIP   10.104.41.201   <none>        80/TCP                       45m
ingress-nginx          NodePort    10.96.135.79    <none>        80:30080/TCP,443:30443/TCP   11s

此时访问:192.168.56.12:30080
此时应该是404 ,调度器是正常工作的,但是后端服务没有关联

部署ingress

编写ingress的配置清单

[root@k8s-master ingress]# vim ingress-myapp.yaml
apiVersion: extensions/v1beta1      #api版本
kind: Ingress       #清单类型
metadata:           #元数据
  name: ingress-myapp    #ingress的名称
  namespace: default     #所属名称空间
  annotations:           #注解信息
    kubernetes.io/ingress.class: "nginx"
spec:      #规格
  rules:   #定义后端转发的规则
  - host: myapp.magedu.com    #通过域名进行转发
    http:
      paths:       
      - path:       #配置访问路径,如果通过url进行转发,需要修改;空默认为访问的路径为"/"
        backend:    #配置后端服务
          serviceName: myapp
          servicePort: 80
[root@k8s-master ingress]# kubectl apply -f ingress-myapp.yaml
[root@k8s-master ingress]# kubectl get ingress
NAME            HOSTS              ADDRESS   PORTS     AGE
ingress-myapp   myapp.magedu.com             80        46s

查看ingress-myapp的详细信息

[root@k8s-master ingress]# kubectl describe ingress ingress-myapp
Name:             ingress-myapp
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host              Path  Backends
  ----              ----  --------
  myapp.magedu.com  
                       myapp:80 (<none>)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"ingress-myapp","namespace":"default"},"spec":{"rules":[{"host":"myapp.magedu.com","http":{"paths":[{"backend":{"serviceName":"myapp","servicePort":80},"path":null}]}}]}}
 
  kubernetes.io/ingress.class:  nginx
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  1m    nginx-ingress-controller  Ingress default/ingress-myapp
 
[root@k8s-master ingress]# kubectl get pods -n ingress-nginx
NAME                                        READY     STATUS    RESTARTS   AGE
default-http-backend-7db7c45b69-fndwp       1/1       Running   0          31m
nginx-ingress-controller-6bd7c597cb-6pchv   1/1       Running   0          55m

修改本地host文件,进行访问
192.168.56.12 myapp.magedu.com
192.168.56.13 myapp.magedu.com

(1)下载ingress相关的yaml

[root@k8s-master ~]# mkdir ingress-nginx
[root@k8s-master ~]# cd ingress-nginx/
[root@k8s-master ingress-nginx]# for file in namespace.yaml configmap.yaml rbac.yaml tcp-services-configmap.yaml with-rbac.yaml udp-services-configmap.yaml default-backend.yaml;do wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.20.0/deploy/$file;done
[root@k8s-master ingress-nginx]# ll
total 28
-rw-r--r-- 1 root root  199 Sep 29 22:45 configmap.yaml #configmap用于为nginx从外部注入配置的
-rw-r--r-- 1 root root 1583 Sep 29 22:45 default-backend.yaml   #配置默认后端服务
-rw-r--r-- 1 root root   69 Sep 29 22:45 namespace.yaml #创建独立的名称空间
-rw-r--r-- 1 root root 2866 Sep 29 22:45 rbac.yaml  #rbac用于集群角色授权
-rw-r--r-- 1 root root  192 Sep 29 22:45 tcp-services-configmap.yaml
-rw-r--r-- 1 root root  192 Sep 29 22:45 udp-services-configmap.yaml
-rw-r--r-- 1 root root 2409 Sep 29 22:45 with-rbac.yaml

部分内容参考:

https://blog.csdn.net/zisefeizhu/article/details/86530357

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐