k8s—ingress应用

一、ingress和ingress-controller

ingress对象：指的是k8s中的⼀个api对象/资源对象，⼀般⽤yaml配置。作⽤是定义请求如何转发到service的规则，可以理解为配置模板。

ingress-controller：具体实现反向代理及负载均衡的程序，对ingress定义的规则进⾏解析，根据配置的规则来实现请求转发；

简单来说，ingress-controller才是负责具体转发的组件，通过各种⽅式将它暴露在集群⼊⼝，外部对集群的请求流量会先到ingress-controller，⽽ingress对象是⽤来告诉ingress-controller该如何转发请求，⽐如哪些域名哪些path要转发到哪些服务等等；

对于不同的URL地址经常对应⽤不同的后端服务或者虚拟服务器，这些应⽤层的转发机制仅通过kubernetes的service机制是⽆法实现的，这种情况我们可以使⽤ingress策略定义和⼀个具体的ingress Controller. Ingress提供七层负载均衡能⼒，可以通过 Ingress 配置提供外部可访问的 URL、负载均衡、SSL、基于名称的虚拟主机等。作为集群流量接⼊层，Ingress 的⾼可靠性显得尤为重要；

这个负载均衡是基于nginx七层反向代理来实现的，ingress⼯作原理如下图：

2）Ingress ⼀般由三个组件组成：

Nginx 反向代理负载均衡器

Ingress Controller 可以理解为控制器，它通过不断的跟 Kubernetes API 交互，实时获取后端Service、Pod 等的变化，⽐如新增、删除等，然后结合 Ingress 定义的规则⽣成配置，然后动态更新上边的 Nginx 负载均衡器，并刷新使配置⽣效，来达到服务⾃动发现的作⽤。

Ingress 则是定义规则，通过它定义某个域名的请求过来之后转发到集群中指定的 Service。它可以通过 Yaml ⽂件定义，可以给⼀个或多个 Service 定义⼀个或多个 Ingress 规则

二、部署Ingress控制器（nginx）

1.下载ingress controller

wget https://github.com/kubernetes/ingress-nginx/archive/nginx-0.30.0.tar.gz

2.解压到/mnt目录下

tar xzvf nginx-0.30.0.tar.gz -C /mnt

3.修改配置文件

[root@k8s-master static]# pwd
/mnt/nginx-0.30.0/deploy/static
[root@k8s-master static]# ls
configmap.yaml mandatory.yaml namespace.yaml provider rbac.yaml with-rbac.yaml
[root@k8s-master static]# vim mandatory.yaml

        #找到已下apiserver 的版本；大概在190行左右

apiVersion: apps/v1

kind: DaemonSet                  # 将原来的 Deployment 修改为 DaemonSet

metadata:

name: nginx-ingress-controller

namespace: ingress-nginx

labels:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/part-of: ingress-nginx

spec:

#replicas: 1         #将这⾥注释

selector:

matchLabels:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/part-of: ingress-nginx

template:

metadata:

labels:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/part-of: ingress-nginx

annotations:

prometheus.io/port: "10254"

prometheus.io/scrape: "true"

spec:

# wait up to five minutes for the drain of connections

terminationGracePeriodSeconds: 300

serviceAccountName: nginx-ingress-serviceaccount

hostNetwork: true                  #添加此配置，共享宿主机⽹络，将下面两行注释掉

# nodeSelector:

# custom/ingress-controller-ready: "true" # 添加此配置

containers:

- name: nginx-ingress-controller

image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0

                 # 提前将镜像拉下来

args:

- /nginx-ingress-controller

4、应用并创建ingress

[root@k8s-master static]# kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
limitrange/ingress-nginx created

5.测试ingress

[root@k8s-master ingress]# vim my-apache.yaml
[root@k8s-master ingress]# cat my-apache.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:name: my-apache
spec:selector:matchLabels:run: my-apachereplicas: 2template:metadata:labels:run: my-apachespec:containers:- name: my-apacheimage: daocloud.io/library/httpd:2.4ports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: my-apachelabels:run: my-apache
spec:#type: NodePortports:- port: 80targetPort: 80#nodePort: 30002selector:run: my-apache[root@k8s-master ingress]# vim my-nginx.yaml
[root@k8s-master ingress]# cat my-nginx.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:name: my-nginx
spec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: daocloud.io/library/nginx:1.7.9ports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: my-nginxlabels:run: my-nginx
spec:#type: NodePortports:- port: 80targetPort: 80#nodePort: 30001selector:run: my-nginx[root@k8s-master ingress]# kubectl apply -f my-apache.yaml 
deployment.apps/my-apache created
service/my-apache created
[root@k8s-master ingress]# kubectl apply -f my-nginx.yaml 
deployment.apps/my-nginx created
service/my-nginx created
[root@k8s-master ingress]# kubectl get svc
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
kubernetes             ClusterIP   10.96.0.1       <none>        443/TCP    2d
my-apache              ClusterIP   10.96.232.20    <none>        80/TCP     22s
my-nginx               ClusterIP   10.109.72.52    <none>        80/TCP     13s
redis-access-service   ClusterIP   10.103.21.164   <none>        6379/TCP   5h50m
redis-service          ClusterIP   None            <none>        6379/TCP   7h33m
[root@k8s-master ingress]# kubectl get pod
NAME                                                READY   STATUS      RESTARTS   AGE
my-apache-7c88db656c-6s7zd                          1/1     Running     0          31s
my-apache-7c88db656c-xvmg8                          1/1     Running     0          31s
my-nginx-5fdc96f9b4-dmsm7                           1/1     Running     0          22s
my-nginx-5fdc96f9b4-pl2w4                           1/1     Running     0          22s

6.配置ingress转发文件

1）宿主机网络模式：hostNetwork

[root@k8s-master ingress]# vim ingress-test.yaml
[root@k8s-master ingress]# cat ingress-test.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: test-ingressnamespace: defaultannotations:nginx.ingress.kubernetes.io/rewrite-target: /
spec:rules:- host: www.ingress.comhttp:paths:- path: /pathType: Prefix backend: service: name: my-apacheport:number: 80
[root@k8s-master ingress]# kubectl apply -f ingress-test.yaml 
ingress.networking.k8s.io/test-ingress created
[root@k8s-master ingress]# kubectl get ingress
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME           CLASS    HOSTS             ADDRESS   PORTS   AGE
test-ingress   <none>   www.ingress.com             80      21s
[root@k8s-master ingress]# vim /etc/hosts# 添加www.ingress.com的域名解析
192.168.22.135 k8s-node1 www.ingress.com
192.168.22.136 k8s-node2 www.ingress.com
[root@k8s-master ingress]# curl www.ingress.com
<html><body><h1>It works!</h1></body></html>

2）nodePort方式

将上述mandatory.yaml文件修改一下，

        #找到已下apiserver的版本；大概在190行左右
apiVersion: apps/v1
kind: Deployment                 #将原来的DaemonSet修改为Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 2         #将这⾥注释取消掉
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
#hostNetwork: true                 #这一行注释掉，将下面两行注释掉
# nodeSelector:
# custom/ingress-controller-ready: "true"
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0#提前将镜像拉下来
args:
- /nginx-ingress-controller

将my-apache.yaml和my-nginx.yaml文件中的type:NodePort这一行的注释取消掉，应用就可以了；

[root@k8s-master ingress]# cat my-apache.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:name: my-apache
spec:selector:matchLabels:run: my-apachereplicas: 2template:metadata:labels:run: my-apachespec:containers:- name: my-apacheimage: daocloud.io/library/httpd:2.4ports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: my-apachelabels:run: my-apache
spec:type: NodePort        #将这一行注释取消掉ports:- port: 80targetPort: 80#nodePort: 30002        #这一行注释不取消掉则会随机指定一个端口号selector:run: my-apache

然后应用即可；

[root@k8s-master nodeport]# kubectl apply -f mandatory.yaml

[root@k8s-master nodeport]# kubectl apply -f my-apache.yml

[root@k8s-master nodeport]# kubectl apply -f my-nginx.yml

[root@k8s-master nodeport]# kubectl apply -f ingress-test.yaml

查看并测试

[root@k8s-master ingress]# kubectl get svc
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes             ClusterIP   10.96.0.1       <none>        443/TCP        2d1h
my-apache              NodePort    10.104.49.58    <none>        80:30002/TCP   72s
my-nginx               NodePort    10.110.73.158   <none>        80:30001/TCP   66s
redis-access-service   ClusterIP   10.103.21.164   <none>        6379/TCP       6h59m
redis-service          ClusterIP   None            <none>        6379/TCP       8h

打开浏览器访问，如果访问不到记得做域名解析；win+r打开运行窗口，输入drivers，打开etc文件中的hosts文件，写入域名解析即可；