ingress controller 和ingress使用实例
ingress controller安装
k8s集群版本:1.15+
官方文档:
https://kubernetes.github.io/ingress-nginx/
创建基础配置
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
Using NodePort:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
以上执行完成后,查看ingress-controller已经运行起来了
[root@k8s-master ~]# kubectl get pods -n ingress-nginx NAME READY STATUS RESTARTS AGE nginx-ingress-controller-689498bc7c-tvhv5 1/1 Running 3 16d [root@k8s-master ~]#
查看service信息,nodeport端口31380,31390
[root@k8s-master ~]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx NodePort 10.108.101.78 <none> 80:31380/TCP,443:31390/TCP 14d [root@k8s-master ~]#
至此ingress-controller安装完成
What is Ingress?
internet
|
[ Ingress ]
--|-----|--
[ Services ]
ingress使用
本次通过安装kubernetes的dashboard来演示ingress的使用
dashboard的安装
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
[root@k8s-master jtdeploy]# cat kubernetes-dashboard.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 ports: - containerPort: 9090 protocol: TCP args: - --enable-skip-login # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTP path: / port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 9090 targetPort: 9090 selector: k8s-app: kubernetes-dashboard [root@k8s-master jtdeploy]#
配置文件修改原模板containerPort 端口
args:
- --enable-skip-login 表示不认证
使用以上配置文件即可创建
查看pods
[root@k8s-master jtdeploy]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE calico-node-2srnw 2/2 Running 8 20d calico-node-ppnjh 2/2 Running 8 20d coredns-86c58d9df4-ptth2 1/1 Running 4 20d coredns-86c58d9df4-wxldx 1/1 Running 4 20d etcd-k8s-master 1/1 Running 4 20d kube-apiserver-k8s-master 1/1 Running 4 20d kube-controller-manager-k8s-master 1/1 Running 4 20d kube-proxy-4kwj6 1/1 Running 4 20d kube-proxy-hfmqn 1/1 Running 4 20d kube-scheduler-k8s-master 1/1 Running 4 20d kubernetes-dashboard-784b868d9d-hc77v 1/1 Running 3 16d tiller-deploy-dbb85cb99-srbch 1/1 Running 4 20d [root@k8s-master jtdeploy]#
查看svc
[root@k8s-master jtdeploy]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE calico-typha ClusterIP 10.105.54.12 <none> 5473/TCP 20d kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 20d kubernetes-dashboard ClusterIP 10.106.65.78 <none> 9090/TCP 16d tiller-deploy ClusterIP 10.97.33.192 <none> 44134/TCP 20d [root@k8s-master jtdeploy]#
这里没有使用nodeport ,所有使用ingress来配置外网访问.
haproxy安装
root@xuliang-PC:~/haproxy# cat docker-compose.yml
version: "2"
services:
haproxy:
image: haproxy:1.8
ports:
- 80:31380
- 443:31390
- 8181:8181
restart: always
volumes:
- /root/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
network_mode: host
# networks:
# # - haproxy_lb
#
# #networks:
# # haproxy_lb:
# # driver: bridge
root@xuliang-PC:~/haproxy#
haproxy配置文件
root@xuliang-PC:~/haproxy# cat haproxy.cfg global stats timeout 30s maxconn 1000 defaults mode tcp option dontlognull retries 3 timeout http-request 30s timeout queue 1m timeout connect 30s timeout client 1m timeout server 1m timeout http-keep-alive 30s timeout check 30s option redispatch option srvtcpka option clitcpka ## HTTP frontend http_front bind *:80 default_backend http_backend backend http_backend server k8s-master 192.168.100.101:31380 check server k8s-node1 192.168.1.102:31380 check #server k8s-node3 192.168.1.103:31380 check ## HTTPS frontend https_front bind *:443 default_backend https_backend backend https_backend server k8s-master 192.168.100.101:31390 check server k8s-node1 192.168.100.102:31390 check #server k8s-node4 192.168.1.103:31390 check # HAProxy stats listen stats bind *:8181 mode http stats enable stats uri / stats realm Haproxy\ Statistics stats auth haproxy:haproxy root@xuliang-PC:~/haproxy#
在本机添加hosts,有域名的可以配置域名解析
root@xuliang-PC:~/haproxy# cat /etc/hosts 192.168.100.29 myapp.test.com root@xuliang-PC:~/haproxy#
测试解析
root@xuliang-PC:~/haproxy# ping myapp.test.com PING myapp.test.com (192.168.100.29) 56(84) bytes of data. 64 bytes from myapp.test.com (192.168.100.29): icmp_seq=1 ttl=64 time=0.024 ms 64 bytes from myapp.test.com (192.168.100.29): icmp_seq=2 ttl=64 time=0.024 ms 64 bytes from myapp.test.com (192.168.100.29): icmp_seq=3 ttl=64 time=0.028 ms ^C --- myapp.test.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2032ms rtt min/avg/max/mdev = 0.024/0.025/0.028/0.004 ms root@xuliang-PC:~/haproxy#
配置ingress
[root@k8s-master ~]# cat ingress-dashboard.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-dashboard namespace: kube-system annotations: kubernetes.io/ingress.class: "nginx" spec: rules: - host: myapp.test.com http: paths: - path: / backend: serviceName: kubernetes-dashboard servicePort: 9090 --- apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP nodePort: 31380 - name: https port: 443 targetPort: 443 protocol: TCP nodePort: 31390 selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx --- [root@k8s-master ~]#
此处注意一定要配置:
annotations:
kubernetes.io/ingress.class: "nginx"
查看ingress
[root@k8s-master dashboard]# kubectl get ingress -n kube-system NAME HOSTS ADDRESS PORTS AGE ingress-dashboard myapp.test.com 10.108.73.126 80 147m [root@k8s-master dashboard]#
至此可以通过域名访问
