K8s Ingress 模式简介及示例

时间 2020-03-05

标签 k8s ingress 模式简介示例繁體版

原文原文链接

注：

默认本文读者具有必定的k8s基础，并对k8s的apiserver、service、controller manager等基本概念有所了解。前端

模式简介：

Ingress在service以前加了一层ingress，结构以下:node

ingress ->   service    -> label selector -> pods
                        www.ok1.com -> app1-service -> app1 selector  -> app1 1234
Port：80 or other   ->  www.ok2.com -> app2-service -> app2 selector  -> app2 3456

Ingerss模式的优势

增长了7层的识别能力，能够根据 http header, path 等进行路由转发。

模式缺点

复杂度大为提高。

理解Ingress 实现

Ingress 的实现分为两个部分 Ingress Controller 和 Ingress。
Ingress Controller 是流量的入口，是一个实体软件，通常是Nginx 和 Haproxy（较少使用）。
Ingress 描述具体的路由规则。
Ingress Controller 会监听 api server上的 /ingresses 资源并实时生效。
Ingerss 描述了一个或者多个域名的路由规则，以 ingress 资源的形式存在。
简单说： Ingress 描述路由规则， Ingress Controller 实时实现规则。nginx

示例：

结构图：

完成k8s集群环境搭建

建立后端测试app及service，本例使用ikubernetes/myapp:v2镜像。

more deploy-demo.yaml git

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  ports:
  - name: http
    targetPort: 80
    port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deploy
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: ikubernetes/myapp:v2
        ports:
        - name: http
          containerPort: 80

建立Ingress及Ingress Controller环境。

下载并部署：github

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

default-http-backend默认镜像使用：gcr.io/google_containers/defaultbackend:1.4
因被墙的缘由，改成：registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend:1.4后端

kubectl apply -f mandatory.yaml

检测：

kubectl get pods -n ingress-nginx
NAME                                       READY     STATUS    RESTARTS   AGE
default-http-backend-5ccf4689c5-tc4mr      1/1       Running   0          19m
nginx-ingress-controller-5b6864749-5kcc9   1/1       Running   0          19m

建立service-nodeport

下载并部署：api

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

修改yaml文件，增长nodePort设置，将随机端口固定。
more service-nodeport.yamltomcat

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
    nodePort: 30080
  - name: https
    port: 443
    targetPort: 443
    protocol: TCP
    nodePort: 30443
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

配置Ingress，将服务暴露，完成示例目标。

more ingress-myapp.yaml app

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: www.ok.com
    http:
      paths:
      - path:
        backend:
          serviceName: myapp
          servicePort: 80

测试：
修改本机hosts，访问截图以下：
ide

配置https：

生成证书：

openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.ok.com

转格式:

kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key
kubectl get secret
kubectl describe secret tomcat-ingress-secret

more tomcat-demo.yaml

apiVersion: v1
kind: Service
metadata:
  name: tomcat
  namespace: default
spec:
  selector:
    app: tomcat
    release: canary
  ports:
  - name: http
    targetPort: 8080
    port: 8080
  - name: ajp
    targetPort: 8009
    port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-deploy
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: tomcat
      release: canary
  template:
    metadata:
      labels:
        app: tomcat
        release: canary
    spec:
      containers:
      - name: tomcat
        image: tomcat:latest
        ports:
        - name: http
          containerPort: 8080
        - name: ajp
          containerPort: 8009

more ingress-tomcat-tls.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-tomcat-tls
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - tomcat.ok.com
    secretName: tomcat-ingress-secret
  rules:
  - host: tomcat.ok.com
    http:
      paths:
      - path:
        backend:
          serviceName: tomcat
          servicePort: 8080

测试：

后续可在其前端增长四层或七层负载，完成高可用。

参考连接：

https://github.com/kubernetes/ingress-nginx/tree/master/deploy
https://kubernetes.github.io/ingress-nginx/deploy/
https://www.jianshu.com/p/189fab1845c5

1. 【K8s教程】Nginx Ingress 控制器 Ingress 配置示例介绍
2. k8s之ingress及ingress controller
3. k8s StatefulSet ingress 例子
4. Kubernetes K8S之Ingress详解与示例
5. k8s Ingress和ingress控制器
6. k8s ingress
7. Kubernetes Ingress 简介
8. Kubernetes - - k8s - nginx-ingress
9. k8s的Ingress
10. k8s traefik ingress tls
更多相关文章...
• Thymeleaf+SpringMVC5示例 - Thymeleaf 教程
• Scala 模式匹配 - Scala教程
• 委托模式
• Github 简明教程