K8S 外部访问配置、 Ingress、NodePort

将K8S部署应用提供给外部访问一般有三种方式：

• NodePort 暴露端口到节点，提供了集群外部访问的入口
• LoadBalancer 需要负载均衡器（通常都需要云服务商提供，裸机可以安装 METALLB 测试）
• Ingress 统一管理 svc的外部访问，用于实现用域名的方式访问k8s内部应用，常用类型 Treafik、Nginx
  • 相对 NodePort 来说，Ingress 就实现外部访问的统一管理，类型配置 nginx.conf 一样，根据 域名、路由等转发到不同服务上
  • 可以随时更改配置规则并生效，方便统一管理

NodePort 简单示例：

• spec.ports.nodePort 可以实现一个svc的外部访问配置

apiVersion: v1
kind: Service
metadata:
  labels:
    expose: "true"
    app: device-info
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu
  name: device-info-1
  namespace: xiaoshu
spec:
  type: NodePort
  ports:
    - name: http
      port: 30802         # 服务端口
      targetPort: 8300  # 容器端口
      protocol: TCP
      nodePort: 30802    # 外部访问端口
  selector:
    app: device-info
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu

Ingress 简单示例：

准备了两个简单的jar 服务，服务一 device-info-1 服务端口8001、服务二 device-info-2 服务端口8002

@ApiOperation(value = "测试接口")
@GetMapping("/server")
public String test(){
    return "服务一：192.168.2.207";
}
@ApiOperation(value = "测试接口")
@GetMapping("/server")
public String test(){
    return "服务二：192.168.2.208";
}

yml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: device-info
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu
  name: device-info-1
  namespace: xiaoshu
spec:
  replicas: 1
  selector:
    matchLabels:
      app: device-info
      provider: xiaoshu
      version: "1.0"
      group: com.xiaoshu
  template:
    metadata:
      labels:
        app: device-info
        provider: xiaoshu
        version: "1.0"
        group: com.xiaoshu
    spec:
      containers:
      - name: device-info-1
        image: core.harbor.domain/jar/device-info-1:v1
      nodeName: k8s-1  
---
apiVersion: v1
kind: Service
metadata:
  labels:
    expose: "true"
    app: device-info
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu
  name: device-info-1
  namespace: xiaoshu
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 8001          # 服务端口
      targetPort: 8300  # 容器端口
      protocol: TCP
  selector:
    app: device-info
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: device-info-2
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu
  name: device-info-2
  namespace: xiaoshu
spec:
  replicas: 1
  selector:
    matchLabels:
      app: device-info-2
      provider: xiaoshu
      version: "1.0"
      group: com.xiaoshu
  template:
    metadata:
      labels:
        app: device-info-2
        provider: xiaoshu
        version: "1.0"
        group: com.xiaoshu
    spec:
      containers:
      - name: device-info-2
        image: core.harbor.domain/jar/device-info-2:v1
      nodeName: k8s-1  
---
apiVersion: v1
kind: Service
metadata:
  labels:
    expose: "true"
    app: device-info-2
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu
  name: device-info-2
  namespace: xiaoshu
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 8002        
      targetPort: 8300  # 容器端口
      protocol: TCP
  selector:
    app: device-info-2
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu

Ingress yml

• 根据域名转发到不同的 服务上
• 注意labels 配置，与svc可以匹配

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: device-info-ingress
  namespace: xiaoshu
  annotations:
    #kubernetes.io/ingress.class: "nginx"
    #nginx.ingress.kubernetes.io/rewrite-target: / #路径重写,需要安装NGINX Ingress控制器生效
  labels:
    app: device-info
    provider: xiaoshu
    version: "1.0"
    group: com.xiaoshu
spec:
  rules:
  - host: device.info.ingress1
    http:
      paths:
      - backend:
          service:
            name: device-info-1
            port:
              number: 8001 #服务端口
        path: /device-info/server
        pathType: Prefix  
  - host: device.info.ingress2
    http:
      paths:
      - backend:
          service:
            name: device-info-2
            port:
              number: 8002 #服务端口
        path: /device-info/server
        pathType: Prefix