Ingress服务
一.Ingress服务简介
-
一种全局的、为了代理不同后端 Service 而设置的负载均衡服务,就是 Kubernetes 里的Ingress 服务。
-
Ingress由两部分组成:Ingress controller和Ingress服务。
-
Ingress Controller 会根据你定义的 Ingress 对象,提供对应的代理能力。业界常用的各种反向代理项目,比如 Nginx、HAProxy、Envoy、Traefik 等,都已经为Kubernetes 专门维护了对应的 Ingress Controller。
-
ingress服务的使用必须在策略网络中才能实现,如calico网络
ingress相当于一个7层的负载均衡器,是k8s对反向代理的一个抽象。大概的工作原理也确实类似于Nginx,可以理解成在 Ingress 里建立一个个映射规则 , ingress Controller 通过监听 Ingress这个api对象里的配置规则并转化成 Nginx 的配置(kubernetes声明式API和控制循环) , 然后对外部提供服务。ingress包括:ingress controller和ingress resources
ingress controller:核心是一个deployment,实现方式有很多,比如nginx, Contour, Haproxy, trafik, Istio,需要编写的yaml有:Deployment, Service, ConfigMap, ServiceAccount(Auth),其中service的类型可以是NodePort或者LoadBalancer。
ingress resources:这个就是一个类型为Ingress的k8s api对象了,这部分则是面向开发人员。
二.ingress部署
官网下载镜像及安装文件,将镜像上传至集群使用的harbor仓库
执行安装脚本
kubectl apply -f deploy.yaml
查看ingress服务,部署成功
[root@server1 ingress]# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.104.84.227 <none> 80:31015/TCP,443:32169/TCP 16h
ingress-nginx-controller-admission ClusterIP 10.106.177.206 <none> 443/TCP 16h
三.域名访问+ingeress-nginx
修改ingress-nginx-controller配置type: LoadBalancer
[root@server1 ingress]# kubectl -n ingress-nginx edit svc ingress-nginx-controller
service/ingress-nginx-controller edited
可以看到loadbalancer分配ip 172.25.3.10
[root@server1 ingress]# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.104.84.227 172.25.3.10 80:31015/TCP,443:32169/TCP 16h
ingress-nginx-controller-admission ClusterIP 10.106.177.206 <none> 443/TCP 16h
创建pod:nginx myapp
[root@server1 ~]# cat deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: myapp:v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deployment
labels:
app: myapp
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:v2
查看pod
[root@server1 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-deployment-67f8c948cf-45h6n 1/1 Running 0 105m
myapp-deployment-67f8c948cf-hq9xg 1/1 Running 0 105m
myapp-deployment-67f8c948cf-rr9bz 1/1 Running 0 105m
nginx-deployment-6456d7c676-8jsrd 1/1 Running 2 19h
nginx-deployment-6456d7c676-bcx9b 1/1 Running 2 19h
nginx-deployment-6456d7c676-kwqfr 1/1 Running 2 19h
创建service
[root@server1 ~]# cat svc.yml
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: nginx
---
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myapp
查看service
[root@server1 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d18h
myapp-svc ClusterIP 10.109.211.64 <none> 80/TCP 124m
nginx-svc ClusterIP 10.103.119.38 <none> 80/TCP 124m
ingress.yml下赋予域名匹配,用于匹配service
[root@server1 ingress]# cat ingress.yml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
spec:
rules:
- host: www1.westos.org
http:
paths:
- path: /
backend:
serviceName: nginx-svc
servicePort: 80
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
spec:
rules:
- host: www2.westos.org
http:
paths:
- path: /
backend:
serviceName: myapp-svc
servicePort: 80
查看ingress信息
[root@server1 ingress]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-myapp <none> www2.westos.org 172.25.3.2 80 117m
ingress-nginx <none> www1.westos.org 172.25.3.2 80 117m
设置本地解析
vim /etc/hosts
172.25.3.10 www1.westos.org www2.westos.org
域名访问测试,访问到对应service
[root@server1 ingress]# curl www2.westos.org
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@server1 ingress]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
负载均衡测试,成功 myapp-svc
[root@server1 ingress]# curl www1.westos.org/hostname.html
nginx-deployment-6456d7c676-8jsrd
[root@server1 ingress]# curl www1.westos.org/hostname.html
nginx-deployment-6456d7c676-8jsrd
[root@server1 ingress]# curl www1.westos.org/hostname.html
nginx-deployment-6456d7c676-bcx9b
[root@server1 ingress]# curl www1.westos.org/hostname.html
nginx-deployment-6456d7c676-kwqfr
[root@server1 ingress]# curl www1.westos.org/hostname.html
nginx-deployment-6456d7c676-bcx9b
查看详细内容,可以看到www2.westos.org 对应 nginx-svc:80,nginx-svc下有三个pod 的ip用于均衡访问
kubectl describe ingress ingress-nginx
[root@server1 ingress]# kubectl describe ingress ingress-nginx
Name: ingress-nginx
Namespace: default
Address: 172.25.3.2
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
www1.westos.org
/ nginx-svc:80 (10.244.179.71:80,10.244.179.72:80,10.244.22.6:80)
Annotations: <none>
Events: <none>