k8s学习笔记-Ingress资源
Ingress Controller
代理
Nginx
Traefik
Envoy
https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md
https://github.com/kubernetes/ingress-nginx/tree/master/deploy
下载mandatory.yaml 这个文件
kubectl apply -f mandatory.yaml
或
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
[root@k8s-master ingress]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-689498bc7c-zj6jl 1/1 Running 0 20h
默认访问这个POD 是一个404
[root@k8s-master ingress]# curl 10.244.2.64
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.10</center>
</body>
</html>
[root@k8s-master ingress]# kubectl get pods -n ingress-nginx --show-labels|awk '{print $NF}'
LABELS
app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/part-of=ingress-nginx,pod-template-hash=689498bc7c
vim ingress-Service-Node.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
app.kubernetes.io/name: ingress-nginx
可以参看节点对应的端口,当然也可以指定端口
[root@k8s-master ingress]# kubectl get svc -n ingress-nginx
NAME TYPE LUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 0.106.107.139 <none> 80:30857/TCP,443:32021/TCP 18h
然后在浏览器或者客户端访问任意节点的服务
Mac@~ $curl http://10.211.55.12:30857
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.10</center>
</body>
</html>
接下来测试ingress
vim myapp-deploy.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
selector:
app: myapp
release: canary
ports:
- name: http
targetPort: 80
port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: http
containerPort: 80
kubectl explain ingress.spec
kubectl explain ingress.spec.rules
vim ingress-app.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.doudou.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80
kubectl apply -f myapp-deploy.yaml ingress-app.yaml
[root@k8s-master ingress]# kubectl get pods -o wide
[root@k8s-master ingress]# kubectl get ingress
NAME HOSTSADDRESS PORTS AGE
ingress-myapp myapp.doudou.com 80 63m
kubectl exec -it -n ingress-nginx nginx-ingress-controller-689498bc7c-zj6jl -- /bin/bash
www-data@nginx-ingress-controller-689498bc7c-zj6jl:/etc/nginx$ cat nginx.conf|egrep doudou
## start server myapp.doudou.com
server_name myapp.doudou.com ;
## end server myapp.doudou.com
然后绑定hosts测试
10.211.55.12 myapp.doudou.com
Mac@~ $curl http://myapp.doudou.com:30857/hostname.html
myapp-deploy-6b56d98b6b-rtvsg
Mac@~ $curl http://myapp.doudou.com:30857/hostname.html
myapp-deploy-6b56d98b6b-nfpdq
Mac@~ $curl http://myapp.doudou.com:30857/hostname.html
myapp-deploy-6b56d98b6b-xwfdz
按同样的方式测试tomcat应用这边不测试了
cat tomcat-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
targetPort: 8080
port: 8080
- name: ajp
targetPort: 8009
port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: tomcat:8.5.32-alpine
ports:
- name: http
containerPort: 8080
- name: ajp
containerPort: 8009
cat tomcat-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.doudou.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
HTTPS 相关的配置,因为涉及到证书,这边就自签一个
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Bejjing/O=DevOps/CN=tomcat.dodou.com
生成两个文件
[root@k8s-master ingress]# ls tls.*
tls.crt tls.key
kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key
[root@k8s-master ingress]# kubectl get secret
NAME TYPE DATA AGE
default-token-zzm2j kubernetes.io/service-account-token 3 42d
tomcat-ingress-secret kubernetes.io/tls 2 62m
vim tomcat-ingress-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- tomcat.doudou.com
secretName: tomcat-ingress-secret
rules:
- host: tomcat.doudou.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
kubectl apply -f tomcat-ingress-tls.yaml
[root@k8s-master ingress]# kubectl get ingress
NAME HOSTSADDRESS PORTS AGE
ingress-myapp myapp.doudou.com 80 87m
ingress-tomcat tomcat.doudou.com 80 73m
ingress-tomcat-tls tomcat.doudou.com 80, 443 60m
kubectl describe ingress ingress-tomcat-tls
绑定HOSTS 测试
