补充
- 启用ipvs代替iptables做service
# vim /etc/sysconfig/kubelet
KUBE_PROXY_MODE=ipvs
注意:需要装入ip_vs, ip_vs_rr, ip_vs_wrr, ip_vs_sh, nf_conntrack_ipv4等模块
一、Ingress Controller
可选择的ingress controller:
- Nginx
- Envoy
- Traefik
externalLB --> Service --> IngressController --> Ingress --> Service(Pod)
- pull nginx-ingress-controller:0.17.1镜像
# docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
# docker save quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1 -o nginx-ingress-controller.tar
# docker load < nginx-ingress-controller.tar #需要所有节点都导入docker镜像
# docker load < defaultbackend.tar
附:
链接:https://pan.baidu.com/s/1vgx1vnWyPAkkOl2sCiotPQ 提取码:yq9v
链接:https://pan.baidu.com/s/1UQFCAPQaNzkNkkjKOCulXQ 提取码:jucs
- 部署
# wget https://github.com/kubernetes/ingress-nginx/archive/nginx-0.17.1.tar.gz
# tar xf nginx-0.17.1.tar.gz
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/namespace.yaml
# kubectl get namespace
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/configmap.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/tcp-services-configmap.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/udp-services-configmap.yaml
# kubectl get cm -n ingress-nginx
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/rbac.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/default-backend.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/with-rbac.yaml
# kubectl get pods -n ingress-nginx
或者:
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/mandatory.yaml
二、通用代理清单配置示例
- 部署后端
# vim deploy-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp
release: canary
ports:
- name: http
targetPort: 80
port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: dongfeimg/myapp:v2
ports:
- name:
containerPort: 80
# kubectl apply -f deploy-demo.yaml
# kubectl get pods
- 部署service
# vim service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30081
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
selector:
app: ingress-nginxs
# kubectl apply -f service-nodeport.yaml
# kubectl get svc -n ingress-nginx
curl http://:30080
- 部署ingress
# vim ingress-myapp.yaml
apiVersion: extensions/v1beat1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.dongfei.tech
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80
# kubectl apply -f ingress-myapp.yaml
# kubectl get ingress
三、Tomcat代理部署清单示例
- tomcat后端
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
targetPort: 8080
port: 8080
- name: ajp
targetPort: 8009
port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: myapp
image: tomcat:8.5.32-jre8-alpine
ports:
- name: http
containerPort: 8080
- name: ajp
containerPort: 8009
- Ingress
apiVersion: extensions/v1beat1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.dongfei.tech
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
四、Ingress https配置
- 准备证书
# openssl genrsa -out tls.key 2048
# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.dongfei.tech
- 转证书格式
# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key
# kubectl get secret
# kubectl describe secret tomcat-ingress-secret
- 部署https ingress示例
# vim ingress-tomcat-tls.yaml
apiVersion: extensions/v1beat1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- tomcat.dongfei.com
secretName: tomcat-ingress-secret
rules:
- host: tomcat.dongfei.tech
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
原文地址:https://www.cnblogs.com/L-dongf/p/10296722.html
时间: 2024-11-01 18:17:26