k8s集群安装ingress服务
Ingress-TraefikTraefik 是一款开源的反向代理与负载均衡工具。它最大的优点是能够与常见的微服务系统直接整合,可以实现自动化动态配置。目前支持 Docker、Swarm、Mesos/Marathon、 Mesos、Kubernetes、Consul、Etcd、Zookeeper、BoltDB、Rest API 等等后端模型。traefik实战1:创建rbac认证mkdi...
·
文章目录
Ingress-Traefik
Traefik 是一款开源的反向代理与负载均衡工具。它最大的优点是能够与常见的微服务系统直接整合,可以实现自动化动态配置。目前支持 Docker、Swarm、Mesos/Marathon、 Mesos、Kubernetes、Consul、Etcd、Zookeeper、BoltDB、Rest API 等等后端模型。
traefik实战:
1. 创建rbac认证
[root@kubernetes-master ~] mkdir traefik && cd traefik
[root@kubernetes-master traefik]# vim rabc.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: ClusterRole #集群角色
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources: #资源
- services
- endpoints
- secrets
verbs: #监控
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding #集群角色绑定
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller #账户
namespace: kube-system
2. 直接在集群中创建即可
[root@kubernetes-master traefik]# kubectl create -f rbac.yaml
serviceaccount "traefik-ingress-controller" created
clusterrole.rbac.authorization.k8s.io "traefik-ingress-controller" created
clusterrolebinding.rbac.authorization.k8s.io "traefik-ingress-controller" created
3. 部署traefik服务
1.给traefik镜像打tag
[root@kubernetes-master ~]# docker tag traefik:latest traefik:v1.7.12
2.编写traefik yml文件
[root@kubernetes-master traefik]# cat traefik.yml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
tolerations:
- operator: "Exists"
nodeSelector:
kubernetes.io/hostname: kubernetes-master #节点的主机名
containers:
- image: traefik:v1.7.12
imagePullPolicy: IfNotPresent
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
- name: admin
containerPort: 8080
args:
- --api
- --kubernetes
- --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80 #后期它为其他服务访问
name: web
- protocol: TCP
port: 8080 #traefik的web管理界面
name: admin
type: NodePort #svc的类型
4. 直接创建上面的资源对象即可
[root@kubernetes-master traefik]# kubectl create -f traefik.yml
deployment.extensions "traefik-ingress-controller" created
service "traefik-ingress-service" created
[root@kubernetes-master traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.254.0.10 <none> 53/UDP,53/TCP,9153/TCP 12h
kubernetes-dashboard NodePort 10.254.153.159 <none> 443:30001/TCP 12h
traefik-ingress-service NodePort 10.254.117.16 <none> 80:31550/TCP,8080:31726/TCP 2m2s
traefik有两个端口:
一个是web ui 工具,就是上面的 8080 端口对应的服务,为了能够访问到该服务,我们这里将服务设置成的 NodePort;
80是后期它为其他的服务提供访问的端口
5. 访问traefik 的 dashboard
6. 创建Ingress 对象
1.node1上传nginx镜像
[root@kubernetes-node1 ~]# docker load -i docker_nginx.tar.gz
b67d19e65ef6: Loading layer [==================================================>] 72.5MB/72.5MB
6eaad811af02: Loading layer [==================================================>] 57.54MB/57.54MB
a89b8f05da3a: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: nginx:latest
[root@kubernetes-node1 ~]# docker tag nginx:latest nginx:v1.17
2.启动pod并创建svc
[root@kubernetes-master traefik]# kubectl run nginx --image=nginx:v1.17 --replicas=3 --record
[root@kubernetes-master traefik]# kubectl expose deployment.apps/nginx --port=80
service/nginx exposed
3.查看是否关联后端3个pod
[root@kubernetes-master traefik]# kubectl describe service nginx
Name: nginx
Namespace: default
Labels: run=nginx
Annotations: <none>
Selector: run=nginx
Type: ClusterIP
IP: 10.254.195.141
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.10:80,10.244.1.11:80,10.244.1.9:80
Session Affinity: None
Events: <none>
4. 创建ingress规则
如果有单独的namespace,需要增加namespace配置
1.编写ingress配置文件
vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-nginx
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: nginx.cheng.com
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
2.创建 ingress 对象:
kubectl create -f ingress.yaml
ingress.extensions "traefik-nginx" created
3.查看
[root@kubernetes-master traefik]# kubectl get ingresses
NAME HOSTS ADDRESS PORTS AGE
traefik-nginx nginx.cheng.com 80 2m17s
7. 测试访问
这时候可以显示出后端连接的节点
第一步:
在本地的/etc/hosts里面添加上 nginx.cheng.com 与 master 节点外网 IP 的映射关系
10.0.0.11 nginx.cheng.com
[root@kubernetes-master traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.254.0.10 <none> 53/UDP,53/TCP,9153/TCP 13h
kubernetes-dashboard NodePort 10.254.153.159 <none> 443:30001/TCP 12h
traefik-ingress-service NodePort 10.254.117.16 <none> 80:31550/TCP,8080:31726/TCP 16m
第二步:
访问http://nginx.cheng.com:31550/
7.1 查看traefik HEALTH
7.2 优化;让ingress直接监控宿主机的80端口
1. 修改配置
[root@kubernetes-master traefik]# vim traefik.yml +19
spec:
hostNetwork: true #使用宿主机的80端口
2. 更新配置文件
[root@kubernetes-master traefik]# kubectl apply -f traefik.yml
3. 查看pod资源
[root@kubernetes-master traefik]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-bccdc95cf-gzjm5 1/1 Running 1 13h 10.244.1.8 kubernetes-node1 <none> <none>
coredns-bccdc95cf-p9m4r 1/1 Running 1 13h 10.244.1.6 kubernetes-node1 <none> <none>
etcd-kubernetes-master 1/1 Running 1 13h 10.0.0.24 kubernetes-master <none> <none>
kube-apiserver-kubernetes-master 1/1 Running 1 13h 10.0.0.24 kubernetes-master <none> <none>
kube-controller-manager-kubernetes-master 1/1 Running 1 13h 10.0.0.24 kubernetes-master <none> <none>
kube-flannel-ds-amd64-chffd 1/1 Running 1 12h 10.0.0.24 kubernetes-master <none> <none>
kube-flannel-ds-amd64-xd9w5 1/1 Running 1 12h 10.0.0.25 kubernetes-node1 <none> <none>
kube-proxy-tnhkm 1/1 Running 1 13h 10.0.0.25 kubernetes-node1 <none> <none>
kube-proxy-wxqvv 1/1 Running 1 13h 10.0.0.24 kubernetes-master <none> <none>
kube-scheduler-kubernetes-master 1/1 Running 1 13h 10.0.0.24 kubernetes-master <none> <none>
kubernetes-dashboard-5dc4c54b55-dp5f9 1/1 Running 1 12h 10.244.1.7 kubernetes-node1 <none> <none>
traefik-ingress-controller-596d585794-4xq8q 1/1 Running 0 14s 10.0.0.24 kubernetes-master <none> <none>
扩展:
一个Pod直接使用宿主机网络
#增加一行hostPort: 80
ports:
- name: http
containerPort: 80
hostPort: 80
添加以后hostPort: 80,然后更新应用:
$ kubectl apply -f traefik.yaml
这个时候我们在浏览器中直接使用http://nginx.cheng.com访问
7.3 创建namespace并暴露端口
1.创建namespce
[root@kubernetes-master traefik]# kubectl create namespace test
namespace/test created
2.运行pod
[root@kubernetes-master traefik]# kubectl run nginx -n test --image=nginx:v1.17 --replicas=3 --record
3.查看pod
[root@kubernetes-master traefik]# kubectl get all -n test
NAME READY STATUS RESTARTS AGE
pod/nginx-5f48d5d67b-89wkv 1/1 Running 0 9s
pod/nginx-5f48d5d67b-trq2p 1/1 Running 0 9s
pod/nginx-5f48d5d67b-vfptz 1/1 Running 0 9s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 3/3 3 3 9s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-5f48d5d67b 3 3 3 9s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 3/3 3 3 8s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-5f48d5d67b 3 3 3 8s
4. 暴露80端口
[root@kubernetes-master traefik]# kubectl expose -n test deployment.apps/nginx --port=80
service/nginx exposed
5. 配置指定namespace的资源
[root@kubernetes-master traefik]# cat ingress2.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-nginx
namespace: test #指定namespace
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: test.cheng.com #唯一域名
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
6. 创建资源
[root@kubernetes-master traefik]# kubectl create -f ingress2.yaml
访问ingress查看
7.4 pod直接使用宿主机网络;多个pod的话会出现冲突
[root@kubernetes-master traefik]# cat k8s_pod.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: web
spec:
nodeName: kubernetes-node1 #指定调度到node1
hostNetwork: true #指定使用宿主机网络
containers:
- name: nginx
image: nginx:v1.17
ports:
- containerPort: 80
[root@kubernetes-master traefik]# kubectl create -f k8s_pod.yml
[root@kubernetes-master traefik]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 3m6s
nginx-5f48d5d67b-nrh26 1/1 Running 0 73m
nginx-5f48d5d67b-q6tn6 1/1 Running 0 73m
nginx-5f48d5d67b-vnhg5 1/1 Running 0 73m
[root@kubernetes-node1 ~]# lsof -i:80
lsof: no pwd entry for UID 101
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 9997 root 6u IPv4 464439 0t0 TCP *:http (LISTEN)
lsof: no pwd entry for UID 101
nginx 10081 101 6u IPv4 464439 0t0 TCP *:http (LISTEN)
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献44条内容
所有评论(0)