南北向网络ingress详解

1. 为什么需要ingress

上一节讲了对外暴露service的方式,但无论哪种方案,每个service都需要有一个负载均衡服务,这样既浪费资源又难以管理。因此需要一个全局的负载均衡器,做南北向流量的入口,转发流量给后端的service

2. ingress的实现方式

k8s在ingress这层做了一个统一的抽象,实际使用中,需要从社区选择一个具体的ingress controller,把它部署到k8s集群里。这里以常用的nginx ingress controller来说明。部署方式比较简单,在kubeadm搭建中有说明ingress的安装,这里不做过多说明。

安装完成后,可以看到在集群中跑了一个nginx的pod,进入该pod可以看到,实质是通过www-data用户启动了nginx,/usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf。

[root@k8s-master ~]# kubectl get pods -n ingress-nginx -o wide
NAME                                        READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
nginx-ingress-controller-6889cffb4d-dz2x4   1/1     Running   0          20d   172.253.67.150   k8s-node2   <none>           <none>

[root@k8s-master ~]# kubectl exec -it nginx-ingress-controller-6889cffb4d-dz2x4 -n ingress-nginx /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
/etc/nginx $ ps -ef|grep nginx
    1 www-data  0:00 /usr/bin/dumb-init -- /nginx-ingress-controller --configmap=ingress-nginx/nginx-configuration --tcp-services-configmap=ingress-nginx/tcp-services --udp-services-configmap=ingress-nginx/udp-services --publish-service=ingress-nginx/ingress-nginx --annotations-prefix=nginx.ingress.kubernetes.io
    6 www-data 16h36 /nginx-ingress-controller --configmap=ingress-nginx/nginx-configuration --tcp-services-configmap=ingress-nginx/tcp-services --udp-services-configmap=ingress-nginx/udp-services --publish-service=ingress-nginx/ingress-nginx --annotations-prefix=nginx.ingress.kubernetes.io
   29 www-data  0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
  758 www-data  0:00 nginx: worker process
  759 www-data  0:00 nginx: worker process
  760 www-data  0:00 nginx: worker process
  761 www-data  0:00 nginx: worker process
  762 www-data  0:00 nginx: cache manager process
  903 www-data  0:00 grep nginx
/etc/nginx $ 

继续用hostnames说明,创建yaml文件,host只支持域名的方式,这里用ykai.hostnames.com,并在本地的host文件配置ip。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-hostnames
  namespace: default
  annotations: 
    kubernets.io/ingress.class: "nginx"
spec:
  rules:
  - host: ykai.hostnames.com
    http:
      paths:
      - path: /hostnames
        backend:
          serviceName: hostnames
          servicePort: 80
#host文件配置
172.253.67.150      ykai.hostnames.com  

本地访问http://ykai.hostnames.com/hostnames
在这里插入图片描述

以上是建立在nginx的pod启动在172.253.67.150上,才能被访问到,但nginx有可能飘到其他节点上,要解决该问题,需要对nginx的service暴露为nodePort方式。

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
  type: NodePort
Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐