一、Ingress的作用:对外暴露服务
回顾之前做对外提供访问的方式,NodePort是通过把端口号对外暴露,使得外部通过集群任意节点的NodeIP+端口的方式进行访问。但是NodePort也有不足的地方,意味着每个端口只能使用一次,一个应用就要占用一个端口。
而在实际访问中,都是通过域名的方式来进行的。根据不同的域名来跳转到不同端口的服务中。Ingress就可以实现这种操作。
Ingress作为统一入口,根据域名找到对应的Service,而每个Service关联了一组Pod。外部访问时,通过Ingress到Service,再到相应Pod。
二、Ingress的使用:
1. 首先创建Pod和Service。
[root@master-146 ~]# kubectl create deployment web --image=nginx
deployment.apps/web created
[root@master-146 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
web-5dcb957ccc-lfkq5 1/1 Running 0 37s
[root@master-146 ~]# kubectl expose deploy web --port=80 --target-port=80 --type=NodePort
service/web exposed
[root@master-146 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d17h
nginx ClusterIP None <none> 80/TCP 18h
web NodePort 10.106.6.81 <none> 80:30885/TCP 8s
2. 部署Ingress Controller(里采用官方的nginx控制器)
Ingress控制器非集群自带,需要外部安装,下载官方的Ingress的yaml文件,执行以完成Ingress Controller创建
[root@master-146 ingress]# kubectl apply -f ingress-controller.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
查看Ingress的状态
[root@master-146 ingress]# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-766fb9f77-wrfct 1/1 Running 0 2m59s 192.168.1.144 worker-144 <none> <none>
3. 创建Ingress规则
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- host: example.ingress.com
http:
paths:
- path: /
backend:
serviceName: web
servicePort: 80
执行Ingress规则yaml
[root@master-146 ingress]# kubectl apply -f ingress-rule.yaml
ingress.networking.k8s.io/example-ingress created
[root@master-146 ingress]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
example-ingress <none> example.ingress.com 80 2m59s
可以看到144节点上Ingress的监听情况
[root@worker-144 ~]# netstat -natp | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 19111/nginx: master
tcp 0 0 192.168.1.144:38612 192.168.1.146:6443 ESTABLISHED 2007/kube-proxy
tcp 0 0 192.168.1.144:38598 192.168.1.146:6443 ESTABLISHED 1510/kubelet
tcp 0 0 192.168.1.144:46984 10.96.0.1:443 ESTABLISHED 19087/nginx-ingress
tcp 0 0 192.168.1.144:44482 10.96.0.1:443 ESTABLISHED 2229/flanneld
tcp6 0 0 :::443 :::* LISTEN 19111/nginx: master
[root@worker-144 ~]# netstat -natp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19111/nginx: master
tcp 0 0 127.0.0.1:10246 127.0.0.1:40280 TIME_WAIT -
tcp6 0 0 :::80 :::* LISTEN 19111/nginx: master
此时,在浏览器所在机器配置域名解析,添加以下到hosts文件中,即可在界面访问该Pod应用的服务。
192.168.1.144 example.ingress.com
|