Kubernetes - 配置Nginx-Ingress 作为服务发现
- 添加 Kubernetes ConfigMap配置来自定义端口与服务的映射关系
- 配置文件, 有二个在默认空间下web服务和api服务分别映射到自定义端口 9001, 9002
1 apiVersion: v1 2 kind: ConfigMap 3 metadata: 4 name: mysite-configmap 5 data: 6 9000: "default/web:8080" 7 9001: "default/api:8080"
- 在kubernetes Master服务器应用 ConfigMap 配置
kubectl apply -f mysite-configmap.yml
- 配置文件, 有二个在默认空间下web服务和api服务分别映射到自定义端口 9001, 9002
- 配置 Default Backend
-
kind: Deployment apiVersion: extensions/v1beta1 metadata: name: default-http-backend spec: revisionHistoryLimit: 10 replicas: 1 template: metadata: labels: app: default-http-backend spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend # Any image is permissable as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint image: defaultbackend:1.0 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 8080 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mikubectl apply -f default-backend-deployment.yml
--- apiVersion: v1 kind: Service metadata: name: default-http-backend labels: app: default-http-backend spec: ports: - port: 8080 protocol: TCP targetPort: 8080 selector: app: default-http-backendkubectl apply -f default-backend-service.yml
-
- 配置Ingress
- 配置 Ingress Deployment, 暴露自定义的端口, 并指定 tcp-services-configmap 来导入我们在上一步配置的端口映射
- 配置文件,
1 apiVersion: extensions/v1beta1 2 kind: Deployment 3 metadata: 4 name: nginx-ingress-deployment 5 labels: 6 k8s-app: nginx-ingress-lb 7 spec: 8 revisionHistoryLimit: 10 9 replicas: 1 10 template: 11 metadata: 12 labels: 13 k8s-app: nginx-ingress-lb 14 name: nginx-ingress-lb 15 spec: 16 terminationGracePeriodSeconds: 60 17 containers: 18 - image: nginx-ingress-controller:0.8.3 19 name: nginx-ingress-lb 20 imagePullPolicy: Always 21 readinessProbe: 22 httpGet: 23 path: /healthz 24 port: 10254 25 scheme: HTTP 26 livenessProbe: 27 httpGet: 28 path: /healthz 29 port: 10254 30 scheme: HTTP 31 initialDelaySeconds: 10 32 timeoutSeconds: 1 33 # use downward API 34 env: 35 - name: POD_NAME 36 valueFrom: 37 fieldRef: 38 fieldPath: metadata.name 39 - name: POD_NAMESPACE 40 valueFrom: 41 fieldRef: 42 fieldPath: metadata.namespace 43 ports: 44 - containerPort: 9000 45 protocol: TCP 46 - containerPort: 9001 47 protocol: TCP 48 49 args: 50 - /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend 51 - --tcp-services-configmap=$(POD_NAMESPACE)/mysite-configmap - 应用配置
kubectl apply -f nginx-ingress-deployment.yml
- 配置文件,
- 配置 Ingress Service, 配置自定义端口与ConfigMap的端口映射关系及服务名称
- 配置文件
1 --- 2 3 apiVersion: v1 4 kind: Service 5 metadata: 6 name: nginx-ingress-lb 7 labels: 8 k8s-app: nginx-ingress-lb 9 spec: 10 type: NodePort 11 ports: 12 - port: 9000 13 protocol: TCP 14 targetPort: 9000 15 nodePort: 30005 16 name: web 17 - port: 9001 18 protocol: TCP 19 targetPort: 9001 20 nodePort: 30006 21 name: api 22 23 selector: 24 k8s-app: nginx-ingress-lb
- 应用配置
kubectl apply -f nginx-ingress-service.yml
- 配置文件
- 配置 Ingress Deployment, 暴露自定义的端口, 并指定 tcp-services-configmap 来导入我们在上一步配置的端口映射
- 配置Nginx 反向代理
- 添加 Upstream 配置
1 upstream web { 2 server my-server-1:3005 max_fails=1 fail_timeout=10s; 3 server my-server-2:3005 max_fails=1 fail_timeout=10s; 4 } 5 6 upstream api { 7 server my-server-1:3006 max_fails=1 fail_timeout=10s; 8 server my-server-2:3006 max_fails=1 fail_timeout=10s; 9 } 10 11 server { 12 listen 80; 13 listen 443 ssl; 14 15 ssl_certificate /etc/nginx/conf.d/cert/wildcard.mysite.pem; 16 ssl_certificate_key /etc/nginx/conf.d/cert/wildcard.mysite.key; 17 location / { 18 proxy_pass http://web; 19 proxy_set_header X-Forwarded-Host $host; 20 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 21 } 22 23 location ~^/(api) { 24 proxy_pass http://api; 25 proxy_set_header X-Forwarded-Host $host; 26 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 27 28 if ($http_origin ~* (^(https?://(?:.+\.)?mysite\.com)$)) { 29 set $cors "CORS"; 30 set $cors_method "${cors}_${request_method}"; 31 } 32 33 if ($cors_method = "CORS_OPTIONS") { 34 add_header 'Access-Control-Allow-Origin' '$http_origin'; 35 add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; 36 # 37 # Custom headers and headers various browsers *should* be OK with but aren't 38 # 39 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; 40 # 41 # Tell client that this pre-flight info is valid for 20 days 42 # 43 add_header 'Access-Control-Max-Age' 1728000; 44 add_header 'Content-Type' 'text/plain charset=UTF-8'; 45 add_header 'Content-Length' 0; 46 return 204; 47 } 48 49 if ($cors = "CORS") { 50 add_header 'Access-Control-Allow-Origin' '$http_origin'; 51 add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; 52 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; 53 } 54 } 55 }
- 添加 Upstream 配置
