k8s

k8s ingress的部署

axing
2023-08-25 / 0 评论 / 7 阅读 / 正在检测是否收录...
温馨提示:
本文最后更新于2024年09月29日,已超过115天没有更新,若内容或图片失效,请留言反馈。

一、储备知识:

ingress有3种部署方案(到底用k8s中的哪种控制器资源来进行管理有何区别)
    按照是否需要为ingress的pod创建svc来区分,可以分为两大方案
    1、需要创建(非hostNetwork网络模式)
    depoyment来部署ingress的pod(pod的网络不是hostNetwork) + svc(type为LoadBalancer)
    depoyment来部署ingress的pod(pod的网络不是hostNetwork) + svc(type为NodePort)
    2、不需要创建(用hostNetwork网络模式)转发路径更短,效率更高
    Daemonset来部署ingress的pod(pod的网络就是hostNetwork)

二、先部署depoyment来部署ingress的pod(pod的网络不是hostNetwork) + svc(type为NodePort)
先部署ingress

查看部署好的ingress

[root@k8s-master-01 test2]# kubectl -n ingress-nginx get pods
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-2pz6l        0/1     Completed   0          90s
ingress-nginx-admission-patch-m7zkg         0/1     Completed   0          90s
ingress-nginx-controller-8698cc7676-2lth6   1/1     Running     0          90s
[root@k8s-master-01 test2]# kubectl -n ingress-nginx get deployments.apps
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
ingress-nginx-controller   1/1     1            1           2m7s

[root@k8s-master-01 test2]# kubectl -n ingress-nginx get svc
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.111.188.71   <none>        80:32593/TCP,443:32318/TCP   4m46s
ingress-nginx-controller-admission   ClusterIP   10.108.110.90   <none>        443/TCP     

创建微服务和对应的svc

[root@k8s-master-01 test2]# kubectl apply -f gowebip-svc.yaml 
deployment.apps/gowebip created
service/gowebip created
[root@k8s-master-01 test2]# kubectl apply -f gowebhost-svc.yaml 
deployment.apps/gowebhost created
service/gowebhost created
[root@k8s-master-01 test2]# kubectl get pods
NAME                         READY   STATUS    RESTARTS      AGE
busybox1                     1/1     Running   3 (20m ago)   7h56m
busybox2                     1/1     Running   3 (20m ago)   7h56m
gowebhost-5d6cf777b6-f2h9f   1/1     Running   0             10s
gowebhost-5d6cf777b6-trdt6   1/1     Running   0             10s
gowebip-f647fbd59-25dnc      1/1     Running   0             14s
gowebip-f647fbd59-4xp9r      1/1     Running   0             14s

3. 部署ingress的pods

[root@k8s-master-01 test2]# kubectl get ingress
No resources found in default namespace.
[root@k8s-master-01 test2]# kubectl apply -f ingress-test1.yaml 
ingress.networking.k8s.io/ingress-test created
[root@k8s-master-01 test2]# kubectl get ingress
NAME           CLASS   HOSTS              ADDRESS   PORTS   AGE
ingress-test   nginx   test.ingress.com             80      2s
[root@k8s-master-01 test2]# kubectl get ingress -w
NAME           CLASS   HOSTS              ADDRESS   PORTS   AGE
ingress-test   nginx   test.ingress.com             80      6s
^C[root@k8s-master-01 test2]# ^C
[root@k8s-master-01 test2]# kubectl get ingress
NAME           CLASS   HOSTS              ADDRESS   PORTS   AGE
ingress-test   nginx   test.ingress.com             80      44s
[root@k8s-master-01 test2]# kubectl get ingress -w
NAME           CLASS   HOSTS              ADDRESS   PORTS   AGE
ingress-test   nginx   test.ingress.com             80      46s
ingress-test   nginx   test.ingress.com   192.168.110.213   80      47s

4. 查看

[root@k8s-master-01 test2]# curl 10.244.2.144
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


[root@k8s-master-01 test2]# kubectl -n ingress-nginx get svc
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.111.188.71   <none>        80:32593/TCP,443:32318/TCP   118m
ingress-nginx-controller-admission   ClusterIP   10.108.110.90   <none>        443/TCP                      118m


[root@k8s-master-01 test2]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.110.97:32318 rr
  -> 10.244.1.188:443             Masq    1      0          0         
TCP  192.168.110.97:32593 rr
  -> 10.244.1.188:80              Masq    1      0          1         
TCP  10.96.0.1:443 rr
  -> 192.168.110.97:6443          Masq    1      2          0         
TCP  10.96.0.10:53 rr
  -> 10.244.0.28:53               Masq    1      0          0         
  -> 10.244.1.171:53              Masq    1      0          0         
TCP  10.96.0.10:9153 rr
  -> 10.244.0.28:9153             Masq    1      0          0         
  -> 10.244.1.171:9153            Masq    1      0          0         
TCP  10.98.113.34:443 rr
  -> 10.244.2.132:10250           Masq    1      0          0         
TCP  10.108.110.90:443 rr
  -> 10.244.1.188:8443            Masq    1      0          0         
TCP  10.110.213.242:9999 rr
  -> 10.244.1.190:80              Masq    1      0          0         
  -> 10.244.2.144:80              Masq    1      0          0         
TCP  10.110.238.126:8888 rr
  -> 10.244.1.189:80              Masq    1      0          0         
  -> 10.244.2.143:80              Masq    1      0          0         
TCP  10.111.188.71:80 rr
  -> 10.244.1.188:80              Masq    1      0          0         
TCP  10.111.188.71:443 rr
  -> 10.244.1.188:443             Masq    1      0          0         
TCP  10.244.0.0:32318 rr
  -> 10.244.1.188:443             Masq    1      0          0         
TCP  10.244.0.0:32593 rr
  -> 10.244.1.188:80              Masq    1      0          0         
TCP  10.244.0.1:32318 rr
  -> 10.244.1.188:443             Masq    1      0          0         
TCP  10.244.0.1:32593 rr
  -> 10.244.1.188:80              Masq    1      0          0         
UDP  10.96.0.10:53 rr
  -> 10.244.0.28:53               Masq    1      0          0         
  -> 10.244.1.171:53              Masq    1      0          0         
[root@k8s-master-01 test2]# 
[root@k8s-master-01 test2]# 
[root@k8s-master-01 test2]# kubectl -n ingress-nginx get pods -o wide(这里只有一个pod可以修改yaml文件扩成3个)
NAME                                        READY   STATUS      RESTARTS   AGE    IP             NODE          NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-2pz6l        0/1     Completed   0          126m   10.244.1.187   k8s-node-01   <none>           <none>
ingress-nginx-admission-patch-m7zkg         0/1     Completed   0          126m   10.244.2.142   k8s-node-02   <none>           <none>
ingress-nginx-controller-8698cc7676-2lth6   1/1     Running     0          126m   10.244.1.188   k8s-node-01   <none>   

5. 给微服务里面添加内容然后curl测试

[root@k8s-master-01 test2]kubectl exec -it gowebip-f647fbd59-4xp9r -- /bin/sh -c "mkdir -p /usr/share/nginx/html/ip && echo 111112222 > /usr/share/nginx/html/ip/test.html"

[root@k8s-master-01 test2]kubectl exec -it gowebip-f647fbd59-25dnc -- /bin/sh -c "mkdir -p /usr/share/nginx/html/ip && echo 11111 > /usr/share/nginx/html/ip/test.html"
[root@k8s-master-01 test2]curl 10.244.2.143/ip/test.html
11111

6. 在集群外部访问

host文件改好 win路径 C:\Windows\System32\drivers\etc
192.168.110.97   test.ingress.com

C:\Users\MIKU>curl http://test.ingress.com:32593/ip/test.html
11111

C:\Users\MIKU>curl http://test.ingress.com:32593/ip/test.html
11111

C:\Users\MIKU>curl http://test.ingress.com:32593/ip/test.html
111112222222

C:\Users\MIKU>curl http://test.ingress.com:32593/ip/test.html
111112222222

m09k4ybd.png



7. 不需要创建(用hostNetwork网络模式)转发路径更短,效率更高
Daemonset来部署ingress的pod(pod的网络就是hostNetwork)

如果是上面那个实验做过的,这里要先把之前的deploy.yaml文件删了

kubectl delete -f deploy.yaml

kubectl apply -f daemonset.yaml

部署ingress的规则可以ssl连接

cat ingress-test1-ssl.yaml
apiVersion: networking.k8s.io/v1  # kubectl explain ingress.apiVersion
kind: Ingress
metadata:
  name: ingress-test
  namespace: default
  annotations:
    #kubernetes.io/ingress.class: "nginx"
    # 开启use-regex,启用path的正则匹配 
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  tls:
    - hosts:
      - test.ingress.com
      secretName: ingress-tls
  ingressClassName: nginx
  rules:
    # 定义域名
    - host: test.ingress.com
      http:
        paths:
          # 不同path转发到不同端口
          - path: /ip
            pathType: Prefix
            backend:
              service:
                name: gowebip
                port: 
                  number: 8888
          - path: /host
            pathType: Prefix
            backend:
              service:
                name: gowebhost
                port: 
                  number: 9999
#可以把之前残留的给删了
kubectl delete -f ingress-test.yaml

8. 查看端口

[root@k8s-master-01 test2]# netstat -an |grep 80
tcp        0      0 192.168.110.97:2380     0.0.0.0:*               LISTEN     
tcp        0      0 10.244.0.1:48756        10.244.0.29:8080        TIME_WAIT  
tcp        0      0 127.0.0.1:36480         127.0.0.1:2379          ESTABLISHED
tcp        0      0 127.0.0.1:2379          127.0.0.1:36380         ESTABLISHED
tcp        0      0 127.0.0.1:2379          127.0.0.1:36480         ESTABLISHED
tcp        0      0 127.0.0.1:36380         127.0.0.1:2379          ESTABLISHED
tcp        0      0 10.244.0.1:50044        10.244.0.29:8080        TIME_WAIT  
unix  2      [ ACC ]     STREAM     LISTENING     24356    /run/containerd/s/c259f4f33d1f76cfc9d27ea0ff86080e5d837adbeb3f2836dd63df79a862f5c3
unix  2      [ ACC ]     STREAM     LISTENING     24360    /run/containerd/s/0f8e770aec32fad8b31af9ccee9b8e7875778093b9418014071d704e81f5e24f
unix  3      [ ]         STREAM     CONNECTED     25883    /run/containerd/s/c259f4f33d1f76cfc9d27ea0ff86080e5d837adbeb3f2836dd63df79a862f5c3
unix  3      [ ]         STREAM     CONNECTED     25865    /run/containerd/s/0f8e770aec32fad8b31af9ccee9b8e7875778093b9418014071d704e81f5e24f
unix  3      [ ]         STREAM     CONNECTED     28039    /run/containerd/containerd.sock.ttrpc
unix  3      [ ]         STREAM     CONNECTED     24802    
unix  3      [ ]         STREAM     CONNECTED     28038    
unix  3      [ ]         STREAM     CONNECTED     28032    
unix  3      [ ]         STREAM     CONNECTED     23411    /run/containerd/s/0f8e770aec32fad8b31af9ccee9b8e7875778093b9418014071d704e81f5e24f
unix  3      [ ]         STREAM     CONNECTED     23407    /run/containerd/s/c259f4f33d1f76cfc9d27ea0ff86080e5d837adbeb3f2836dd63df79a862f5c3
unix  3      [ ]         STREAM     CONNECTED     22680    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     28064    /run/containerd/s/f7d5f17994654e129e8b4fee26256945ccd2a09eb22254e4cdd5bcea83781192
unix  3      [ ]         STREAM     CONNECTED     25809    
[root@k8s-master-01 test2]# kubectl -n ingress-nginx get pods -o wide
NAME                             READY   STATUS        RESTARTS   AGE    IP               NODE            NOMINATED NODE   READINESS GATES
ingress-nginx-controller-78pdk   0/1     Terminating   0          5m9s   192.168.110.97   k8s-master-01   <none>           <none>
[root@k8s-master-01 test2]# kubectl -n ingress-nginx get pods -o wide
NAME                                   READY   STATUS      RESTARTS   AGE   IP                NODE            NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-ttrj5   0/1     Completed   0          9s    10.244.1.199      k8s-node-01     <none>           <none>
ingress-nginx-admission-patch-bgrp8    0/1     Completed   1          9s    10.244.1.200      k8s-node-01     <none>           <none>
ingress-nginx-controller-2h2dt         0/1     Running     0          9s    192.168.110.2     k8s-node-02     <none>           <none>
ingress-nginx-controller-cjwtb         0/1     Running     0          9s    192.168.110.213   k8s-node-01     <none>           <none>
ingress-nginx-controller-jxwkf         0/1     Running     0          9s    192.168.110.97    k8s-master-01   <none>           <none>
[root@k8s-master-01 test2]# kubectl -n ingress-nginx get pods -o wide
NAME                                   READY   STATUS      RESTARTS   AGE   IP                NODE            NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-ttrj5   0/1     Completed   0          46m   10.244.1.199      k8s-node-01     <none>           <none>
ingress-nginx-admission-patch-bgrp8    0/1     Completed   1          46m   10.244.1.200      k8s-node-01     <none>           <none>
ingress-nginx-controller-2h2dt         1/1     Running     0          46m   192.168.110.2     k8s-node-02     <none>           <none>
ingress-nginx-controller-cjwtb         1/1     Running     0          46m   192.168.110.213   k8s-node-01     <none>           <none>
ingress-nginx-controller-jxwkf         1/1     Running     0          46m   192.168.110.97    k8s-master-01   <none>           <none>

9. 生成证书

openssl genrsa -out tls.key 2048
openssl req -x509 -key tls.key -out tls.crt -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=test.ingress.com"
kubectl -n default create secret tls ingress-tls --cert=tls.crt --key=tls.key

m09kznwy.png
m09kzsvu.png

10. 一些查询

[root@k8s-master-01 test2]kubectl get svc
NAME         TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)     AGE
gowebhost    ClusterIP      10.99.181.85     <none>          9999/TCP    5m12s
gowebip      ClusterIP      10.100.100.184   <none>          8888/TCP    4m59s
kubernetes   ClusterIP      10.96.0.1        <none>          443/TCP     16d
my-service   ExternalName   <none>           www.baidu.com   <none>      19h
mysql-k8s    ClusterIP      None             <none>          13306/TCP   19h

[root@k8s-master-01 test2]kubectl get ingress 
NAME           CLASS   HOSTS              ADDRESS   PORTS   AGE
ingress-test   nginx   test.ingress.com             80      5m21s

kubectl get secrets #查看证书
kubectl get deployments
kubectl delete deployment <deployment-name>
kubectl delete service <service-name>

[root@k8s-master-01 test2]kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.100.138.120   <none>        80:31220/TCP,443:30969/TCP   34m
ingress-nginx-controller-admission   ClusterIP   10.97.181.161    <none>        443/TCP                      34m

删除限制
[root@k8s-master-01 test2]kubectl describe node k8s-master-01 | grep Taints
Taints:             node-role.kubernetes.io/control-plane:NoSchedule

[root@k8s-master-01 test2]kubectl describe node k8s-master-01 | grep Taints
Taints:             <none>
0

评论 (0)

取消