92、K8s之ingress下集

ops/2024/10/21 3:19:28/

一、ingress

1.1、两种部署方式

1、ingress------------deployment + nodeport

​ daemonset + hostnetwork----每台设备只能有一个pod,因为直接使用宿主机的端口,所以只能开启一个pod。

2、ingress------svc------deployment里面的pod,这种可以有多个pod。

1.2、ingess的权限控制:

访问页面的时候,输入账号密码才可以访问页面。

basicAuth:可以创建访问密码

traefik ingress controller

专门为了部署k8s微服务开发的http方向代理和负载均衡工具。

自动发现匹配的后端pod的变化,同时有可视化的页面

自动感知变化,实现服务的自动发现

daemonset + hostnetwork 适用于大集群

deployment + nodeport 适用内部访问,性能较低

1.3、ingress-traefik和ingress-nginx之间的区别。

igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。

动态实现nginx的配置修改。

ingress-traefik:

本身就能和k8s的api的交互,感知后端的service以及pod的变化。

traefik更简单,更方便。

go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。

二、试验操作

1、访问页面的时候,输入账号密码才可以访问页面。

basicAuth:可以创建访问密码

[root@master01 opt]# cd ingress/
[root@master01 ingress]# htpasswd -c auth zhailiming
New password: 
Re-type new password: 
Adding password for user zhailiming
[root@master01 ingress]# ls
auth   ingress-nginx1.yaml  service-nodeport.yaml
https  mandatory.yaml
[root@master01 ingress]# kubectl create secret generic basic-auth --from-file=auth 
secret/basic-auth created[root@master01 ingress]# vim ingress-nginx1.yaml annotations:
#设置认证的类型::nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'[root@master01 ingress]# kubectl apply -f ingress-nginx1.yaml [root@master01 ingress]# kubectl get pod -o wide -n ingress-nginx 
NAME                             READY   STATUS    RESTARTS   AGE   IP               NODE       NOMINATED NODE   READINESS GATES
nginx-ingress-controller-44ktd   1/1     Running   0          18h   192.168.168.83   node02     <none>           <none>
nginx-ingress-controller-ksjkr   1/1     Running   0          18h   192.168.168.81   master01   <none>           <none>
nginx-ingress-controller-z4lrr   1/1     Running   0          18h   192.168.168.82   node01     <none>           <none>##进入虚拟机终端浏览器

在这里插入图片描述

在这里插入图片描述
在这里插入图片描述

2、重定向-----rewrite-target:

实现从www.zlm.com跳转www.xy102.com

[root@master01 ingress]# vim ingress-nginx1.yamlannotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:tls:- hosts:- www.zlm.comsecretName: tls.secret
#指定加密通信的域名,上下文一直,指定secret加密的名称,获取私钥和证
书rules:- host: www.zlm.comhttp:[root@master01 ingress]# vim /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.168.81 master01 www.xy102.com www.zlm.com

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

3、ingress-traefik和ingress-nginx之间的区别。

igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。

动态实现nginx的配置修改。

ingress-traefik:

本身就能和k8s的api的交互,感知后端的service以及pod的变化。

traefik更简单,更方便。

go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。

DaemonSet+hostPort:

[root@master01 ingress]# vim mandatory.yaml apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:
#  replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionsterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linuxhostNetwork: true
#      nodeSelector:
#        ingress: "true"
---------------------------------------------------

ingress-traefik

[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik----------------
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月  11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月  11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root  788 9月  11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root  471 9月  11 10:27 ui.yaml[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
[root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        15d
traefik-ingress-service   NodePort    10.96.27.248   <none>        80:30789/TCP,8080:31818/TCP   71s
traefik-web-ui            ClusterIP   10.96.45.60    <none>        80/TCP                        61s[root@master01 traefik]# cd ..
[root@master01 ingress]# kubectl delete -f mandatory.yaml[root@master01 ingress]# cp ingress-nginx1.yaml traefik/traefik-nginx1.yaml
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth   ingress-nginx1.yaml  service-nodeport.yaml
https  mandatory.yaml       traefik
[root@master01 ingress]# kubectl delete -f ingress-nginx1.yaml [root@master01 traefik]# vim traefik-nginx1.yaml apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfs-pvc
spec:accessModes:- ReadWriteManystorageClassName: nfs-client-storageclassresources:requests:storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-traefiklabels:app1: nginx1
spec:replicas: 3selector:matchLabels:app1: nginx1template:metadata:labels:app1: nginx1spec:containers:- name: nginx1image: nginx:1.22ports:- containerPort: 80volumeMounts:- name: nfs-pvcmountPath: /usr/share/nginx/htmlvolumes:- name: nfs-pvcpersistentVolumeClaim:claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:name: nginx-traefik-svc
spec:type: ClusterIPports:- protocol: TCPport: 80targetPort: 80selector:app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-traefik-ingressannotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
#    nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:rules:- host: www.xy102.comhttp:paths:- path: /pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2backend:
#匹配的svc的名称----podservice:name: nginx-traefik-svcport:number: 80[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml [root@k8s5 k8s]# cd default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace/
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 0
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 4
-rw-r--r--. 1 root root 4 9月  11 10:52 index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# [root@master01 traefik]# kubectl get pod -o wide
NAME                             READY   STATUS    RESTARTS   AGE    IP             NODE       NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl             1/1     Running   0          5d1h   10.244.2.173   node02     <none>           <none>
nginx-traefik-7c5f68df5b-9zxqc   1/1     Running   0          44m    10.244.1.242   node01     <none>           <none>
nginx-traefik-7c5f68df5b-fx46k   1/1     Running   0          44m    10.244.0.29    master01   <none>           <none>
nginx-traefik-7c5f68df5b-zjlzt   1/1     Running   0          44m    10.244.2.242   node02     <none>           <none>[root@master01 traefik]# curl 10.244.1.242
123[root@master01 traefik]# kubectl get svc -o wide -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE    SELECTOR
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        15d    k8s-app=kube-dns
traefik-ingress-service   NodePort    10.96.27.248   <none>        80:30789/TCP,8080:31818/TCP   134m   k8s-app=traefik-ingress-lb
traefik-web-ui            ClusterIP   10.96.45.60    <none>        80/TCP                        134m   k8s-app=traefik-ingress-lb
[root@master01 traefik]# curl www.xy102.com:30789
123

在这里插入图片描述

4、Deployment+nodeport----四个yaml文件都执行

[root@master01 ingress]# vim mandatory.yaml apiVersion: apps/v1
kind: Deployment
#kind: DaemonSet
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionsterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linux
#      hostNetwork: true
#      nodeSelector:
#        ingress: "true"[root@master01 ingress]# kubectl apply -f mandatory.yaml [root@master01 ingress]# vim service-nodeport.yaml apiVersion: v1
kind: Service
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:type: NodePortports:- name: httpport: 80targetPort: 80protocol: TCP- name: httpsport: 443targetPort: 443protocol: TCPselector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx[root@master01 ingress]# kubectl apply -f service-nodeport.yaml[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik----------------
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月  11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月  11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root  788 9月  11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root  471 9月  11 10:27 ui.yaml[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
[root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# vim traefik-nginx1.yaml kind: Deployment
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfs-pvc
spec:accessModes:- ReadWriteManystorageClassName: nfs-client-storageclassresources:requests:storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-traefiklabels:app1: nginx1
spec:replicas: 3selector:matchLabels:app1: nginx1template:metadata:labels:app1: nginx1spec:containers:- name: nginx1image: nginx:1.22ports:- containerPort: 80volumeMounts:- name: nfs-pvcmountPath: /usr/share/nginx/htmlvolumes:- name: nfs-pvcpersistentVolumeClaim:claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:name: nginx-traefik-svc
spec:type: ClusterIPports:- protocol: TCPport: 80targetPort: 80selector:app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-traefik-ingressannotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
#    nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:rules:- host: www.xy102.comhttp:paths:- path: /pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2backend:
#匹配的svc的名称----podservice:name: nginx-traefik-svcport:number: 80[root@master01 traefik]# kubectl get pod -o wide
NAME                             READY   STATUS    RESTARTS   AGE    IP             NODE       NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl             1/1     Running   0          5d3h   10.244.2.173   node02     <none>           <none>
nginx-traefik-849b6f9457-5cj9x   1/1     Running   0          16m    10.244.1.244   node01     <none>           <none>
nginx-traefik-849b6f9457-jmznh   1/1     Running   0          16m    10.244.0.31    master01   <none>           <none>
nginx-traefik-849b6f9457-kj2rx   1/1     Running   0          16m    10.244.2.245   node02     <none>   [root@master01 traefik]# kubectl get svc -o wide -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE     SELECTOR
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        15d     k8s-app=kube-dns
traefik-ingress-service   NodePort    10.96.27.248   <none>        80:30789/TCP,8080:31818/TCP   3h15m   k8s-app=traefik-ingress-lb
traefik-web-ui            ClusterIP   10.96.45.60    <none>        80/TCP                        3h14m   k8s-app=traefik-ingress-lb[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月  11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# [root@master01 traefik]# curl www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl www.xy102.com:30789
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月  11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# ls
[root@k8s5 test2]# echo 789 > index.html[root@master01 traefik]# curl -L www.xy102.com:30733
123
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# vim traefik-nginx1.yaml 
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml 
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   16d
traefik-ingress-service   ClusterIP   10.96.231.58   <none>        80/TCP,8080/TCP          21m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                   21m
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml 
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.231.58   <none>        80:31767/TCP,8080:32510/TCP   22m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                        22m
[root@master01 traefik]# curl -L www.xy102.com:31767
123
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
789

在这里插入图片描述

在这里插入图片描述

三、ingress的总结+项目部署

ingress: 对外提供访问:

ingress----根据servicename选择service-----service把服务把请求根据匹配的标签转发pod。

支持http 80 https 443

deployment+NodePort

daemonset+hostnetwork

ingress-traefik

ingress-nginx

四、作业

1、Deployment+nodeport----四个yaml文件都执行

[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# vim traefik-
[root@master01 traefik]# vim traefik-deployment.yaml 
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# vim traefik-nginx1.yaml 
[root@master01 traefik]# ls
traefik-deployment.yaml  traefik-nginx1.yaml  ui.yaml
traefik-ds.yaml          traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.231.58   <none>        80:31767/TCP,8080:32510/TCP   71m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                        71m
[root@master01 traefik]# kubectl get pod -o wide
NAME                   READY   STATUS    RESTARTS   AGE    IP             NODE     NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl   1/1     Running   0          5d5h   10.244.2.173   node02   <none>           <none>
[root@master01 traefik]# vim traefik-nginx1.yaml 
[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth  https  ingress-nginx1.yaml  mandatory.yaml  service-nodeport.yaml  traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml 
persistentvolumeclaim/nfs-pvc created
deployment.apps/nginx-traefik created
service/nginx-traefik-svc created
ingress.networking.k8s.io/nginx-traefik-ingress created
[root@master01 traefik]# kubectl get pod -o wide
NAME                             READY   STATUS    RESTARTS   AGE    IP             NODE       NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl             1/1     Running   0          5d5h   10.244.2.173   node02     <none>           <none>
nginx-traefik-64f4cf4c65-cr6m8   1/1     Running   0          7s     10.244.1.251   node01     <none>           <none>
nginx-traefik-64f4cf4c65-ls2j8   1/1     Running   0          7s     10.244.0.38    master01   <none>           <none>
nginx-traefik-64f4cf4c65-qxmt7   1/1     Running   0          7s     10.244.2.254   node02     <none>           <none>
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.231.58   <none>        80:31767/TCP,8080:32510/TCP   76m
traefik-web-ui            ClusterIP   10.96.119.46   <none>        80/TCP                        76m
[root@master01 traefik]# curl www.xy102.com
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月  11 15:57 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777/
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# ls
index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# echo 789 > index.html[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com:31767
123
[root@master01 traefik]# curl www.xy102.com:31767/test1
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
789

2、DaemonSet+hostPort----三个yaml文件都执行

[root@master01 traefik]# vim traefik-nginx1.yaml apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfs-pvc
spec:accessModes:- ReadWriteManystorageClassName: nfs-client-storageclassresources:requests:storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-traefiklabels:app1: nginx
spec:replicas: 3selector:matchLabels:app1: nginxtemplate:metadata:labels:app1: nginxspec:containers:- name: nginximage: nginx:1.22ports:- containerPort: 80volumeMounts:- name: nfs-pvcmountPath: /usr/share/nginx/htmlvolumes:- name: nfs-pvcpersistentVolumeClaim:claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:name: nginx-traefik-svc
spec:type: ClusterIPports:- protocol: TCPport: 80targetPort: 80selector:app1: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-traefik-ingressannotations:
#设置认证的类型::
#    nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
#    nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
#    nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
#    nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:rules:- host: www.xy102.comhttp:paths:- path: /pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2backend:
#匹配的svc的名称----podservice:name: nginx-traefik-svcport:number: 80[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
[root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.251.209   <none>        80:31552/TCP,8080:30058/TCP   3m33s
traefik-web-ui            ClusterIP   10.96.71.175    <none>        80/TCP                        23s[root@master01 traefik]# curl -L www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:31552
123
[root@master01 traefik]# curl -L www.xy102.com:31552/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接

在这里插入图片描述

[root@master01 traefik]# kubectl apply -f traefik-ds.yaml [root@master01 traefik]# kubectl apply -f traefik-rbac.yaml [root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   16d
traefik-ingress-service   ClusterIP   10.96.201.30   <none>        80/TCP,8080/TCP          39s
traefik-web-ui            ClusterIP   10.96.71.175   <none>        80/TCP                   16m
[root@master01 traefik]# curl -L www.xy102.com:30023/test1
curl: (7) Failed connect to www.xy102.com:30023; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com
123##发现只要apply-------traefik-ds.yaml----------traefik-rbac.yaml-----------------ui.yaml

3、Deployment+nodeport

[root@master01 traefik]# kubectl apply -f traefik-ds.yaml 
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service unchanged
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml 
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml 
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml 
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP        16d
traefik-ingress-service   NodePort    10.96.201.30   <none>        80:31318/TCP,8080:32115/TCP   9m38s
traefik-web-ui            ClusterIP   10.96.71.175   <none>        80/TCP                        25m
[root@master01 traefik]# curl -L www.xy102.com
123
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com:31318
123
[root@master01 traefik]# curl -L www.xy102.com:31318/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2
789

is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.201.30 80:31318/TCP,8080:32115/TCP 9m38s
traefik-web-ui ClusterIP 10.96.71.175 80/TCP 25m
[root@master01 traefik]# curl -L www.xy102.com
123
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com:31318
123
[root@master01 traefik]# curl -L www.xy102.com:31318/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2
789

http://www.ppmy.cn/ops/111023.html

相关文章

①MongoDB基本知识①

①MongoDB基本知识①

MongDB属于非关系型数据库一派&#xff0c;没有固定的数据格式存储&#xff0c;是一个具备高性能、高拓展的文档型数据库&#xff0c;数据以BSON(JSON的二进制)的格式存储。 特点: 基于对象模型&#xff0c;关系简单。没有外键的约束&#xff0c;也没有强连接表的关系&#x…
阅读更多...
【Kubernetes】常见面试题汇总(十六)

【Kubernetes】常见面试题汇总(十六)

目录 48.简述 Kubernetes PodsecurityPolicy 机制能实现哪些安全策略&#xff1f; 49.简述 Kubernetes 网络模型&#xff1f; 50.简述 Kubernetes CNl 模型&#xff1f; 48.简述 Kubernetes PodsecurityPolicy 机制能实现哪些安全策略&#xff1f; 在 PodSecurityPolicy 对象…
阅读更多...
使用PyTorch进行图像风格迁移:基于VGG19实现

使用PyTorch进行图像风格迁移:基于VGG19实现

图像风格迁移&#xff08;Neural Style Transfer, NST&#xff09;是深度学习中一个令人着迷的应用&#xff0c;它能够将一张图像的风格应用到另一张图像上。例如&#xff0c;能够将梵高的画风应用到一张普通照片上。本文将详细解释如何使用PyTorch进行风格迁移&#xff0c;逐步…
阅读更多...
黑链、黑帽、明链分别是什么意思

黑链、黑帽、明链分别是什么意思

一、黑链 • 定义&#xff1a;黑链是指通过非法手段&#xff08;如黑客入侵等&#xff09;获取的隐藏链接。这些链接通常被隐藏在网站页面中&#xff0c;普通用户在浏览网页时难以察觉&#xff0c;但搜索引擎可以抓取到。 • 危害&#xff1a;黑链的存在会影响搜索引擎的公正…
阅读更多...
从OracleCloudWorld和财报看Oracle的转变

从OracleCloudWorld和财报看Oracle的转变

2024年9月9-12日Oracle Cloud World在美国拉斯维加斯盛大开幕 押注AI和云 Oracle 创始人Larry Ellison做了对Oracle战略和未来愿景的主旨演讲&#xff0c;在演讲中Larry将AI技术和云战略推到了前所未有的高度&#xff0c;从新的Oracle 23c改名到Oracle23ai&#xff0c;到Oracl…
阅读更多...
SQL server 日常运维命令

SQL server 日常运维命令

一、基础命令 查看当前数据库的版本 SELECT VERSION;查看服务器部分特殊信息 select SERVERPROPERTY(Nedition) as Edition --数据版本&#xff0c;如企业版、开发版等,SERVERPROPERTY(Ncollation) as Collation --数据库字符集,SERVERPROPERTY(Nservername) as Serve…
阅读更多...
C语言-数据结构 有向图拓扑排序TopologicalSort(邻接表存储)

C语言-数据结构 有向图拓扑排序TopologicalSort(邻接表存储)

拓扑排序算法的实现还是比较简单的&#xff0c;我们需要用到一个顺序栈辅助&#xff0c;采用邻接表进行存储&#xff0c;顶点结点存储入度、顶点信息、指向邻接结点的指针&#xff0c;算法过程是&#xff1a;我们先将入度为0的顶点入栈&#xff0c;然后弹出栈顶结点&#xff0c…
阅读更多...
Android 蓝牙服务启动

Android 蓝牙服务启动

蓝牙是Android设备中非常常见的一个feature&#xff0c;设备厂家可以用BT来做RC、连接音箱、设备本身做Sink等常见功能。如果一些设备不需要BT功能&#xff0c;Android也可以通过配置来disable此模块&#xff0c;方便厂家为自己的设备做客制化。APP操作设备的蓝牙功能&#xff…
阅读更多...
最新文章

Copyright @ 2022~2023