在之前的Ingress Controller介绍中,我们已经知道了Ingress用途。我们开始准备ingress使用和配置,资源清单包括之前所述的apiVersion,kind,metadata,spec等,在spec中较为特别:其中rules调度的是host或者http,如果是https则是tls。在http中是paths路径调度,或者之前的host调度backend指明后端pod数量。FIELDS中serviceName,servicePort便是定义的service,即后端pod资源,pod变化则service变化,service变化则ingress变化,最后动态反应到集群中。这里只是记录环境的安装和定义一个简单的Ingress servie
准备ingress环境
在github中找到ingress-nginx,而后克隆下来。假如克隆太慢,也可以单独下载:如下:
namespace.yaml : 名称空间创建
configmap.yaml : 注入配置功能
rbac.yaml : rbac角色
with-rbac.yaml : rbac角色的功能等
tcp-services-configmap.yaml
udp-services-configmap.yamlfor file in namespace.yaml configmap.yaml rbac.yaml tcp-services-configmap.yaml with-rbac.yaml udp-services-configmap.yaml;do wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/$file; done当然,我喜欢一把嗦
[root@linuxea ~]# git clone https://github.com/kubernetes/ingress-nginx.git
Cloning into 'ingress-nginx'...
remote: Counting objects: 63206, done.
remote: Compressing objects: 100% (52/52), done.
remote: Total 63206 (delta 35), reused 50 (delta 26), pack-reused 63124
Receiving objects: 100% (63206/63206), 71.39 MiB | 91.00 KiB/s, done.
Resolving deltas: 100% (33101/33101), done.此时可切入目录直接执行kubectl apply -f ./启动所有的(你可能需要删除目录下的yaml文件并且执行两次,也就是说你需要重启,因为存在创建顺序依赖)。甚至可以只下载mandatory.yaml即可
[root@linuxea ~]# cd ingress-nginx/deploy/
[root@linuxea ~]# cd ingress-nginx/deploy/
[root@linuxea deploy]# kubectl apply -f ./此刻在ingrees-nginx在下载(image镜象可以单独的pull docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0)。完成后已经是running状态。其中backend后端和nginx-ingress的七层pod
[root@linuxea deploy]# kubectl get pods -n ingress-nginx -w
NAME READY STATUS RESTARTS AGE
default-http-backend-6586bc58b6-n9qbt 1/1 Running 0 13m
nginx-ingress-controller-6bd7c597cb-krz4m 1/1 Running 0 13m[root@linuxea deploy]# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
default-http-backend-6586bc58b6-n9qbt 1/1 Running 0 13m 172.16.4.209 linuxea.node-2.com <none>
nginx-ingress-controller-6bd7c597cb-krz4m 1/1 Running 0 13m 172.16.5.71 linuxea.node-3.com <none>ingress-nginx service定义
在ingress-nginx的网站提供了service-nodeport的文件。以便于区别,修改端口nodePort: 30088和nodePort: 30443,这些端口修改完成后便会通过添加到node节点端口进行访问,分别来调度http和httpshttp
port: 80 # service端口
targetPort: 80 # 容器端口
nodePort: 30088 # node节点端口https
targetPort: 443 # service端口
nodePort: 30443 # 容器端口
protocol: TCP # node节点端口service资源清单如下:其中namespcae需要指明ingress-nginx
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30088
protocol: TCP
- name: https
port: 443
targetPort: 443
nodePort: 30443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx[root@linuxea deploy]# kubectl apply -f service-nodeport.yaml
service/ingress-nginx createdapply之后,80已经映射到node 30088端口,443映射到30443端口,在后面的nginx代理中虚拟主机则是使用域名加端口进行测试
[root@linuxea deploy]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend ClusterIP 10.100.45.45 <none> 80/TCP 38m
ingress-nginx NodePort 10.96.216.35 <none> 80:30088/TCP,443:30443/TCP 49s集群外部试图访问一次curl 10.10.240.203:30088,此刻没有定义backend(后端)所以响应404。能够响应404,可见service调度已经成功
[root@linuxea-VM-Node_10_0_1_61 ~]# curl 10.10.240.203:30088
default backend - 404
