ingress及Ingress Controller

补充

  • 启用ipvs代替iptables做service
# vim /etc/sysconfig/kubelet
KUBE_PROXY_MODE=ipvs

注意:需要装入ip_vs, ip_vs_rr, ip_vs_wrr, ip_vs_sh, nf_conntrack_ipv4等模块

一、Ingress Controller

可选择的ingress controller:

  • Nginx
  • Envoy
  • Traefik

externalLB --> Service --> IngressController --> Ingress --> Service(Pod)

  • pull nginx-ingress-controller:0.17.1镜像
# docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
# docker save quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1 -o nginx-ingress-controller.tar
# docker load < nginx-ingress-controller.tar  #需要所有节点都导入docker镜像
# docker load < defaultbackend.tar

附:
链接:https://pan.baidu.com/s/1vgx1vnWyPAkkOl2sCiotPQ 提取码:yq9v
链接:https://pan.baidu.com/s/1UQFCAPQaNzkNkkjKOCulXQ 提取码:jucs

  • 部署
# wget https://github.com/kubernetes/ingress-nginx/archive/nginx-0.17.1.tar.gz
# tar xf nginx-0.17.1.tar.gz
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/namespace.yaml
# kubectl get namespace
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/configmap.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/tcp-services-configmap.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/udp-services-configmap.yaml
# kubectl get cm -n ingress-nginx
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/rbac.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/default-backend.yaml
# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/with-rbac.yaml
# kubectl get pods -n ingress-nginx

或者:# kubectl apply -f ingress-nginx-nginx-0.17.1/deploy/mandatory.yaml

二、通用代理清单配置示例

  • 部署后端
# vim deploy-demo.yaml
apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  ports:
  - name: http
    targetPort: 80
    port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deploy
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: dongfeimg/myapp:v2
        ports:
        - name:
          containerPort: 80
# kubectl apply -f deploy-demo.yaml
# kubectl get pods
  • 部署service
# vim service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30081
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app: ingress-nginxs
# kubectl apply -f service-nodeport.yaml
# kubectl get svc -n ingress-nginx

curl http://:30080

  • 部署ingress
# vim ingress-myapp.yaml
apiVersion: extensions/v1beat1
kind: Ingress
metadata:
  name: ingress-myapp
  namespace: default
  annotations:
    kubernets.io/ingress.class: "nginx"
spec:
  rules:
  - host: myapp.dongfei.tech
    http:
      paths:
      - path:
        backend:
          serviceName: myapp
          servicePort: 80
# kubectl apply -f ingress-myapp.yaml
# kubectl get ingress

三、Tomcat代理部署清单示例

  • tomcat后端
apiVersion: v1
kind: Service
metadata:
  name: tomcat
  namespace: default
spec:
  selector:
    app: tomcat
    release: canary
  ports:
  - name: http
    targetPort: 8080
    port: 8080
  - name: ajp
    targetPort: 8009
    port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deploy
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: tomcat
      release: canary
  template:
    metadata:
      labels:
        app: tomcat
        release: canary
    spec:
      containers:
      - name: myapp
        image: tomcat:8.5.32-jre8-alpine
        ports:
        - name: http
          containerPort: 8080
        - name: ajp
          containerPort: 8009
  • Ingress
apiVersion: extensions/v1beat1
kind: Ingress
metadata:
  name: ingress-tomcat
  namespace: default
  annotations:
    kubernets.io/ingress.class: "nginx"
spec:
  rules:
  - host: tomcat.dongfei.tech
    http:
      paths:
      - path:
        backend:
          serviceName: tomcat
          servicePort: 8080

四、Ingress https配置

  • 准备证书
# openssl genrsa -out tls.key 2048
# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.dongfei.tech
  • 转证书格式
# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key
# kubectl get secret
# kubectl describe secret tomcat-ingress-secret
  • 部署https ingress示例
# vim ingress-tomcat-tls.yaml
apiVersion: extensions/v1beat1
kind: Ingress
metadata:
  name: ingress-tomcat-tls
  namespace: default
  annotations:
    kubernets.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - tomcat.dongfei.com
    secretName: tomcat-ingress-secret
  rules:
  - host: tomcat.dongfei.tech
    http:
      paths:
      - path:
        backend:
          serviceName: tomcat
          servicePort: 8080

原文地址:https://www.cnblogs.com/L-dongf/p/10296722.html

时间: 2024-08-30 15:51:49

ingress及Ingress Controller的相关文章

Kubernetes之Ingress和Ingress Controller

目录 Kubernetes之Ingress和Ingress Controller 概念 Ingress资源类型 单Service资源型Ingress Ingress Nginx部署 部署Ingress controller 配置ingress后端服务 部署ingress-nginx service 部署Ingress 增加tomcat服务 总结 构建TLS站点 Kubernetes之Ingress和Ingress Controller 概念 通常情况下,service和pod的IP仅可在集群内部

Kubernetes之(十一)Ingress和Ingress Controller

目录 Kubernetes之(十一)Ingress和Ingress Controller 概念 Ingress资源类型 单Service资源型Ingress Ingress Nginx部署 部署Ingress controller 配置ingress后端服务 部署ingress-nginx service 部署Ingress 增加tomcat服务 总结 构建TLS站点 Kubernetes之(十一)Ingress和Ingress Controller 概念 通常情况下,service和pod的I

七,ingress及ingress cluster

目录 Service 类型 namespace 名称空间 Ingress Controller Ingress Ingress-nginx 进行测试 创建对应的后端Pod和Service 创建 Ingress 查看 Ingress-controller 对应的Pod配置信息 访问测试 模拟测试 Ingress 后端 Tomcat 访问 创建 tomcat 的 Pod 和Service 创建 tomcat-ingress 测试访问 tomcat 模拟测试 Https 自签SSL证书 创建secre

Kubernetes学习之路(十五)之Ingress和Ingress Controller

1.部署Ingress controller (1)下载ingress相关的yaml [[email protected] ~]# mkdir ingress-nginx [[email protected] ~]# cd ingress-nginx/ [[email protected] ingress-nginx]# ll total 0 [[email protected] ingress-nginx]# for file in namespace.yaml configmap.yaml

11. Ingress及Ingress Controller(主nginx ingress controller)

11. Ingress,Ingress Controller拥有七层代理调度能力 什么是Ingress: Ingress是授权入站连接到达集群服务的规则集合 Ingress是一个Kubernetes资源,允许您为在Kubernetes上运行的应用程序配置HTTP负载均衡器,由一个或多个服务代表.这样的负载平衡器是将这些应用程序交付给Kubernetes集群之外的客户端所必需的. Ingress资源支持以下功能:1 基于内容的路由: 基于主机的路由.例如,将具有主机头的请求路由foo.exampl

Kubernetes 学习11 kubernetes ingress及ingress controller

一.上集回顾 1.Service 3种模型:userspace,iptables,ipvs 2.Service类型 ClusterIP,NodePort NodePort:client -> NodeIP:NodePort -> ClusterIP:ServicePort -> PodIP:containerPort LoadBalancer ExternelName No ClusterIP: Hedless Service serviceName -> PodIP 二.ingr

12、kubernetes之ingress及Ingress Controller

一.概念 ClusterIP:例如svc所分配的ip地址 NodePort:k8s集群物理机机通信地址,client --> NodeIP:NodePort --> ClusterIP:ServicePort --> PodIP:containerPort No ClusterIP:Headless Service ,ServiceName --> PodIP Ingress:负责7层调度 二.ingress-nginx部署 # cat mandatory.yaml apiVers

6.Ingress及Ingress控制器

Service是工作在四层,当使用service时,如何实现HTTPS?每个应用服务器是否配置相同的HTTPS证书? 七层负载均衡,七层调度: 创建共享节点网络命名空间的Pod. Client --> 外部LB --> 共享命名空间的Pod --> 后端应用Pod Ingress:一种资源类型. Ingress Controller七层调度控制器: 独立运行的一组Pod资源,不属于Controller Manager的子组件,属于核心附件之一. Nginx  EnVoy Traefik

同一k8s集群中多nginx ingress controller

同一k8s集群中多nginx ingress controller同一k8s集群中,若有多个项目(对应多个namespace)共用一个nginx ingress controller,因此任意注册到ingress的服务有变更都会导致controller配置重载,当更新频率越来越高时,此controller压力会越来越大,理想的解决方案就是每个namespace对应一个nginx ingress controller,各司其职. NGINX ingress controller提供了ingress