Ingress 用于公开从集群外部到集群内服务的的HTPP和HTTPS 路由。流量路由由Ingress资源上定义的规则控制;
Ingress 可为Service提供外部可访问的URL;负责均衡流量;终止SSL/TLS;以及基于名称的虚拟托管。Ingress控制器通常负责负载军更器来实现Ingress;尽管它也可以配置边缘路由器或其他前端来处理流量。
Ingress不会公开任意端口或协议;将HTTP和HTTPS以外的服务公开到Internet时;通常使用Service.Type=nodePort或Service.Type=LoadBalancer类型的Service
ingress controller quickstart
# ingress-nginx controller 1.1.3
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/cloud/deploy.yaml -O ingress-controller.yaml
sed -i ;s/k8s.gcr.io/ingress-nginx/controller:v1.1.3;sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2/willdockerhub/ingress-nginx-controller:v1.1.3;sha256:31f47c1e202b39fadecf822a9b76370bd4baed199a005b3e7d4d1455f4fd3fe2/g; ingress-controller.yaml
sed -i ;s/k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1;sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660/jettech/kube-webhook-certgen:v1.1.0/g; ingress-controller.yaml
kubectl apply -f ingress-controller.yaml
# 将ingress通过NodePort方式暴露出来
apiVersion: v1
kind: Service
metadata:
name: ingress-svc-nodeport
namespace: ingress-nginx
spec:
type: NodePort
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
ports:
- nodePort: 30001
port: 80
targetPort: 80
k delete validatingwebhookconfigurations ingress-nginx-admission
# nginx-deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 8
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: nginx-volume
mountPath: /usr/share/nginx/html
volumes:
- name: nginx-volume
hostPath:
path: ;/var/data;
---
apiVersion: v1
kind: Service
metadata:
name: nginx-deployment-svc
spec:
selector:
app: nginx
ports:
- name: nginx-deployment-svc-http
protocol: TCP
port: 80
targetPort: 80
# nginx-deployment-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-deployment-svc-ing
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: yuanxi.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-deployment-svc
port:
number: 80
apiVersion: v1
kind: Service
metadata:
name: tomcat-headless-svc
labels:
app: tomcat
spec:
ports:
- port: 8080
name: tomcat-headless-svc
targetPort: 8080
clusterIP: None
selector:
app: tomcat
---
# tomcat-statefulset-service.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
labels:
app: tomcat
spec:
selector:
app: tomcat
ports:
- port: 8080
targetPort: 8080
protocol: TCP
# tomcat-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: tomcat-statefulset
spec:
serviceName: tomcat-svc
replicas: 5
selector:
matchLabels:
app: tomcat
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: tomcat
ports:
- containerPort: 8080
name: tomcat-web
volumeMounts:
- name: tomcat-statefulset-pvc
mountPath: /usr/local/tomcat/webapps
volumeClaimTemplates:
- metadata:
name: tomcat-statefulset-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: nfs-client
# tomcat-statefulset-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tomcat-statefulset-svc-ing
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
defaultBackend:
service:
name: tomcat-svc
port:
number: 8080
rules:
- host: tomcatliyuan.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
可以看到这里无论是我们创建出来的ingress address为空;即未被分配ip地址
ingress-nginx-controller external-ip处于pending状态
因为Kubernetes默认不支持Type为LoadBalancer的服务;因此我们需要手动安装Service LoadBalancer
Kubernetes Ingress Controller
由于Kubernetes本身并不提供LoadBalaner Ingress Controller, 因此通常使用云平台本身的loadBalancer;如果你是自己在裸机上搭建Kubernetes;需要手动搭建LoadBalancer Ingress Controller
MetalLB Installation
wget https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-frr.yaml -O metallb.yaml
kubectl apply -f metallb.yaml
# 用于为Service分配IP
kubectl apply -f - <<EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 192.168.1.240-192.168.1.250
EOF
# L2 network mode
kubectl apply -f - <<EOF
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
namespace: metallb-system
name: metallbl2
spec:
ipAddressPools:
- first-pool
EOF
#
kubectl apply -f - <<EOF
apiVersion: metallb.io/v1beta1
kind: BGPAdvertisement
metadata:
namespace: metallb-system
name: metallbbgp
EOF
部署LoadBalancer完成后;ingress-nginx-controller就有了external-ip;重新删除部署应用的ingress配置即可生效
若等待2min该ingress依旧未被分配address地址;请查看ingress-controller Pod日志
因为我们已经通过NodePort Service暴露了ingress-nginx service;因此可直接通过ip:nodeport访问;可以看出;这就是一个nginx应用
# 不难看出;其实nginx只是通过Header中的Host来转发至不同的Service
curl http://192.168.31.175:30001 -H ;Host:yuanxi.com;
配置ip域名映射
由于在tomcat-statefulset-ingress.yaml中配置了defaultBackend;因此找不到host映射的host会默认转发到该service;
Service Mesh Isito
Kubernetes Ingress
MetalLB LoadBalancer
Ingress controller quickstart
基于centos7.9二进制部署kubernetes1.25.4
VMware下centos7安装k8s(Kubernetes)多master集群
