k8s的入门教程4 --对外发布服务nodePort和Ingress
对外发布服务
可以让集群外访问集群内部的服务,服务可能来自第三方或者其他团队,无法把所有服务都放入集群内部,这时候我们就需要集群内部和集群外部的服务能够实现互访
-对外提供服务:nodePort
-对外提供服务:ingress
nodePort发布服务
语法格式:
kubectl expose 资源类型 资源名称 --type=NodePort --port=80 --target-port=80 --name=服务名称
[root@kubemaseter ~]# vim t6.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-apache
spec:
replicas: 1
template:
metadata:
labels:
app: my-apache
spec:
containers:
- image: 192.168.1.100:5000/myos:httpd
name: my-apache
volumeMounts:
- mountPath: /etc/httpd/conf/httpd.conf
name: config
subPath: httpd.conf
- mountPath: /var/www/html
name: site-data
volumes:
- name: config
configMap:
name: my-httpd
- name: site-data
persistentVolumeClaim:
claimName: pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: apche
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
app: my-apache
type: NodePort
[root@kubemaseter ~]# kubectl create -f t6.yaml
deployment.extensions "my-apache" created
service "apche" created
[root@kubemaseter ~]# kubectl get service #查看服务可以看出80端口转到了32587端口,我们可以访问32578端口
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apche NodePort 10.254.0.197
[root@kubemaseter ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE
my-apache-75644bd6d9-t9v7m 1/1 Running 0 5m 10.254.95.5 kubenode1
[root@nfs ~]# curl http://192.168.1.21:31245 #注意pod阶段开在那个阶段就使用那个节点的ip访问,端口访问的是32578端口
hello world
hello world
hello world
Ingress介绍
ingress公开了从集群外部到集群内service路由,可以将Ingress配置为提供服务外部可访问的URL,负载均衡流量
Ingress控制器通常由负载均衡器来实现,必须具有Ingress控制器才能满足Ingress的要求,仅创建资源无效
Ingress安装
安装控制器:把镜像导入到私有仓库
[root@registry ~]# curl http://192.168.1.100:5000/v2/_catalog
{"repositories":["defaultbackend","k8s-dns-dnsmasq-nanny-amd64","k8s-dns-kube-dns-amd64","k8s-dns-sidecar-amd64","kubernetes-dashboard-amd64","myos","nginx-ingress-controller","pod-infrastructure"]}
"defaultbackend" 默认后端服务:backend.tar
"nginx-ingress-controller" 控制器
[root@kubemaseter ~]# vim mandatory.yaml (全部文件在最后面有展示)
34 image: defaultbackend:1.4
295 image: nginx-ingress-controller:0.19.0
298 - --apiserver-host=http://192.168.1.20:8080 #master的ip
[root@kubemaseter ingress]# kubectl create -f mandatory.yaml
[root@kubemaseter ingress]# kubectl -n ingress-nginx get pod
NAME READY STATUS RESTARTS AGE
default-http-backend-7bb586c89c-fgjqg 1/1 Running 3 17d
nginx-ingress-controller-77c5c7ddbb-jbgk5 1/1 Running 4 17d
验证服务
[root@kubemaseter ~]# kubectl -n ingress-nginx get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend ClusterIP 10.254.99.194
ingress-nginx ClusterIP 10.254.142.63
[root@kubemaseter ~]# kubectl -n ingress-nginx get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE
default-http-backend-7bb586c89c-fgjqg 1/1 Running 3 17d 10.254.95.3 kubenode1
nginx-ingress-controller-77c5c7ddbb-jbgk5 1/1 Running 4 17d 192.168.1.23 kubenode3
当控制器pod绑定对应的kubenode3的时候,直接访问kubenode3就可以了,但是我们直接访问绑定的节点的信息的时候,但是访问的时候会有404错误,这个时候需要创建资源控制器.控制器的比较详细的模板会暂时在最后.
[root@kubenode3 ~]# curl http://192.168.1.23
default backend - 404
[root@kubemaseter ingress]# cat ingress-app.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-app
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: apache #后端服务定义
servicePort: 80 #后端端口定义
[root@kubemaseter ingress]# kubectl create -f ingress-app.yaml #创建控制器
ingress.extensions "my-app" created
[root@kubemaseter ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
my-app * 80 9s
[root@kubemaseter ingress]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
my-app * 192.168.1.23 80 16m
[root@nfs ~]# curl http://192.168.1.23 如果是生产环境,直接把对应的ip和公网绑定即可对外发布
hello world
hello world
hello world
mandatory.yaml的配置文件
---
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
---apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
namespace: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: default-http-backend
template:
metadata:
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissible as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
image: defaultbackend:1.4
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app: ingress-nginx
---apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: ingress-nginx
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
ports:
- port: 80
targetPort: 8080
selector:
app.kubernetes.io/name: default-http-backend
---kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---kind: ConfigMap
apiVersion: v1
metadata:
name: udp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "- "
# Here: "- "
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
spec:
serviceAccountName: nginx-ingress-serviceaccount
hostNetwork: true
dnsPolicy: "ClusterFirstWithHostNet"
containers:
- name: nginx-ingress-controller
image: nginx-ingress-controller:0.19.0
args:
- /nginx-ingress-controller
- --apiserver-host=http://192.168.1.20:8080
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --annotations-prefix=nginx.ingress.kubernetes.io
- --report-node-internal-ip-address
#- --publish-service=$(POD_NAMESPACE)/ingress-nginx
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
ingress-appp.yaml 配置文件
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-app
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: apache.tedu.local
http:
paths:
- path: /
backend:
serviceName: web-apache
servicePort: 80
- host: nginx.tedu.local
http:
paths:
- path: /
backend:
serviceName: web-nginx
servicePort: 80