Kubernetes 中暴露服務的方式有三種
- Loadbalancer 這種方式往往需要雲供應商支持,或者本地F5等設備支持
- NodePort 這種方式調用方通過NodeIP:NodePort 的方式訪問服務,無法應對Pod發生遷移時的場景
- Ingress Ingress是Kubernetes中的一種資源,通過這種資源提供了外部訪問內部服務的通路,實現上是通過一個Pod加NodePort來實現的。通過Ingress,方便我們自己定義負載均衡。現在有很多種的Ingress支持,本文主要介紹Nginx的方案。
Kubernetes社區和Nginx公司都發布了一款叫做Nginx-ingress的Controller,它們之間的不同可以參考 Difference between two nginx-ingress本文基於 Nginx-ingress Controller 做的實驗。版本為 1.3.0。
Kubernetes 社區方案
安裝
[root@devops-101 ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml namespace/ingress-nginx created configmap/nginx-configuration created serviceaccount/nginx-ingress-serviceaccount created clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created role.rbac.authorization.k8s.io/nginx-ingress-role created rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created deployment.extensions/nginx-ingress-controller created [root@devops-101 ~]# kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch NAMESPACE NAME READY STATUS RESTARTS AGE ingress-nginx nginx-ingress-controller-664f488479-pr87w 0/1 ContainerCreating 0 5s ingress-nginx nginx-ingress-controller-664f488479-pr87w 0/1 Running 0 11s ingress-nginx nginx-ingress-controller-664f488479-pr87w 1/1 Running 0 16s [root@devops-101 ~]# kubectl get all -n ingress-nginx NAME READY STATUS RESTARTS AGE pod/nginx-ingress-controller-664f488479-pr87w 1/1 Running 0 2m NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/nginx-ingress-controller 1 1 1 1 2m NAME DESIRED CURRENT READY AGE replicaset.apps/nginx-ingress-controller-664f488479 1 1 1 2m
安裝文件mandatory,需要增加hostNetwork屬性,否則訪問的時候總是有問題。
配置tomcat和httpd
從我的Github上下載tomcat-deploy\httpd-deploy\tomcat-service\httpd-service幾個文件,並分別部署。
再下載tomcat-ingress.yaml文件,進行部署。
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: tomcat-ingress # namespace: nginx-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: ingressweb.com http: paths: - path: / backend: serviceName: tomcat-service servicePort: 8080 - path: /httpd backend: serviceName: httpd-service servicePort: 80
驗證
上面的例子中,我配置的域名為 ingressweb.com ,在本地修改host,指向ingress-controller運行的節點,通過瀏覽器訪問 http://ingressweb.com 可以看到 tomcat 的界面,通過 http://ingressweb.com/httpd 可以看到httpd的It Works!界面。
Nginxinc 的方案
看一下Nginx Ingress Controller的示意圖
Nginx Ingress Controller 支持的功能
- 暴露服務,一般有兩種方式,通過不同的主機名(如 serviceA.com,serviceB.com)或者通過不同的URL(如 /serviceA 和 /serviceB)。
- 配置SSL支持
- TCP負載均衡
- Url 重寫
安裝
首先需要有一個可以正常運行的Kubernetes環境,如果還沒有,可以參考我的安裝步驟 kubeadm安裝kubernetes V1.11.1 集群
[root@devops-101 ~]# kubectl apply -f ingress-install.yaml namespace/nginx-ingress created serviceaccount/nginx-ingress created secret/default-server-secret created configmap/nginx-config created clusterrole.rbac.authorization.k8s.io/nginx-ingress configured clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress configured deployment.extensions/nginx-ingress created [root@devops-101 ~]# kubectl get pods -n nginx-ingress NAME READY STATUS RESTARTS AGE nginx-ingress-767cc6477f-flj2f 1/1 Running 5 4m
實例
沒有規則配置的時候,對於所有的請求默認都返回404狀態。
[root@devops-101 ~]# kubectl apply -f cafe-example.yaml deployment.extensions/coffee created service/coffee-svc created deployment.extensions/tea created service/tea-svc created secret/cafe-secret created ingress.extensions/cafe-ingress created [root@devops-101 ~]# IC_IP=192.168.0.102 [root@devops-101 ~]# IC_HTTPS_PORT=31586 [root@devops-101 ~]# curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/tea --insecure Server address: 172.16.1.138:80 Server name: tea-7d57856c44-jxpvt Date: 22/Oct/2018:11:37:47 +0000 URI: /tea Request ID: 796e79e0280a27743cb682b8e893d6e9
分享到:
