当前位置：首页 > news >正文

网站通知模板百度百度百度一下

news 2025/7/1 7:11:14

网站通知模板,百度百度百度一下,网站添加icp信息,沈阳开发网站公司Ingress介绍 Kubernetes 集群中，服务（Service）是一种抽象，它定义了一种访问 Pod 的方式，无论这些 Pod 如何变化，服务都保持不变。服务可以被映射到一个静态的 IP 地址（ClusterIP）、一…

Ingress介绍

Kubernetes 集群中，服务（Service）是一种抽象，它定义了一种访问 Pod 的方式，无论这些 Pod 如何变化，服务都保持不变。服务可以被映射到一个静态的 IP 地址（ClusterIP）、一个 NodePort（在集群的每个节点上的特定端口）、一个 LoadBalancer（通过云服务提供商的负载均衡器）或一个外部 IP。
Service的两种服务暴露方式，NodePort 和 LoadBalancer，确存在一些局限性：
- NodePort：当一个服务被配置为 NodePort 类型时，它会在集群的所有节点上的一个静态端口上暴露服务。这种方式的缺点是，如果集群中有大量的服务，那么就需要占用大量的端口，而这些端口资源是有限的。
- LoadBalancer：这种方式通过云服务提供商的负载均衡器来暴露服务。虽然它解决了 NodePort 方式中端口资源有限的问题，但是每个服务都需要一个单独的负载均衡器，这不仅增加了成本，而且管理起来也相对复杂。
为了解决这些问题，Kubernetes 引入了 Ingress 资源对象：
- Ingress 是一种 API 对象，它管理外部访问到集群内服务的 HTTP 和 HTTPS 路由。它提供了一种规则，允许你将外部 HTTP/HTTPS 路由到集群内的多个服务。
- Ingress 可以提供单一的 IP 地址，通过不同的 URL 路径或不同的端口来路由到不同的服务。
- 它只需要一个 NodePort 或者一个 LoadBalancer，就可以将多个服务暴露给外部网络，这样做既节省了资源，又简化了配置。
- Ingress 还支持 SSL/TLS 终止，可以为不同的服务配置 SSL 证书。
- 它允许更复杂的路由规则，比如基于路径、主机名或 HTTP 头部的路由。

实际上，Ingress相当于一个7层的负载均衡器，是kubernetes对反向代理的一个抽象，它的工作原理类似于Nginx，可以理解成在Ingress里建立诸多映射规则，Ingress Controller通过监听这些配置规则并转化成Nginx的反向代理配置 , 然后对外部提供服务。在这里有两个核心概念：
- ingress：kubernetes中的一个对象，作用是定义请求如何转发到service的规则
- ingress controller：具体实现反向代理及负载均衡的程序，对ingress定义的规则进行解析，根据配置的规则来实现请求转发，实现方式有很多，比如Nginx, Contour, Haproxy等等
Ingress（以Nginx为例）的工作原理：
- 定义路由规则：用户通过 Kubernetes API 创建 Ingress 规则，指定域名与集群内服务的映射关系。
- 感知规则变化：Ingress 控制器（如基于 Nginx）实时监控 Kubernetes API，以便发现 Ingress 规则的更新。
- 生成配置：一旦检测到变化，Ingress 控制器自动生成相应的 Nginx 配置，以实现定义的路由规则。
- 更新 Nginx 配置：新生成的 Nginx 配置被应用到运行中的 Nginx 实例，无需重启服务即可动态更新路由规则。
- 流量转发：Nginx 作为反向代理，根据更新的配置，将外部请求转发到集群内正确的服务。
- SSL/TLS 终止（可选）：如果配置了 SSL/TLS，Nginx 还可以在转发前终止加密连接，提高安全性和效率。

Ingress安装部署

[root@k8s-master ~]# vi deploy.yaml
[root@k8s-master ~]# kubectl label node k8s-node1 node-role=ingress
node/k8s-node1 labeled
[root@k8s-master ~]# kubectl label node k8s-node2 node-role=ingress
node/k8s-node2 labeled
[root@k8s-master ~]# kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
daemonset.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
[root@k8s-master ~]# kubectl get pod 
No resources found in default namespace.
[root@k8s-master ~]# kubectl get pod  -n ingress-nginx
NAME                                   READY   STATUS              RESTARTS   AGE
ingress-nginx-admission-create-sgcg6   0/1     ContainerCreating   0          21s
ingress-nginx-admission-patch-2kdw2    0/1     CrashLoopBackOff    1          21s
ingress-nginx-controller-55776         0/1     ContainerCreating   0          21s
ingress-nginx-controller-vm965         0/1     ContainerCreating   0          21s
[root@k8s-master ~]# kubectl get pod  -n ingress-nginx -w
NAME                                   READY   STATUS              RESTARTS   AGE
ingress-nginx-admission-create-sgcg6   0/1     ContainerCreating   0          24s
ingress-nginx-admission-patch-2kdw2    0/1     CrashLoopBackOff    1          24s
ingress-nginx-controller-55776         0/1     ContainerCreating   0          24s
ingress-nginx-controller-vm965         0/1     ContainerCreating   0          24s
ingress-nginx-admission-create-sgcg6   0/1     Completed           0          25s
ingress-nginx-admission-create-sgcg6   0/1     Completed           0          25s
ingress-nginx-admission-patch-2kdw2    1/1     Running             2          28s
ingress-nginx-admission-patch-2kdw2    0/1     Completed           2          29s
ingress-nginx-admission-patch-2kdw2    0/1     Completed           2          29s
ingress-nginx-controller-55776         0/1     Running             0          87s
ingress-nginx-controller-vm965         0/1     Running             0          90s
^C[root@k8s-master ~]# kubectl get pod  -n ingress-nginx 
NAME                                   READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-sgcg6   0/1     Completed   0          95s
ingress-nginx-admission-patch-2kdw2    0/1     Completed   2          95s
ingress-nginx-controller-55776         0/1     Running     0          95s
ingress-nginx-controller-vm965         0/1     Running     0          95s
[root@k8s-master ~]# kubectl get pod  -n ingress-nginx -w
NAME                                   READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-sgcg6   0/1     Completed   0          105s
ingress-nginx-admission-patch-2kdw2    0/1     Completed   2          105s
ingress-nginx-controller-55776         1/1     Running     0          105s
ingress-nginx-controller-vm965         1/1     Running     0          105s

Ingress的HTTP代理

准备service和pod为了后面的实验比较方便，创建如下图所示的模型

[root@k8s-master ~]# vim tomcat-nginx.yaml 
[root@k8s-master ~]# kubectl create ns test 
namespace/test created
[root@k8s-master ~]# kubectl apply -f tomcat-nginx.yaml 
deployment.apps/tomcat-deployment created
service/tomcat-service created[root@k8s-master ~]# kubectl get pod -n test  -w
NAME                                 READY   STATUS              RESTARTS   AGE
tomcat-deployment-7db86c59b7-7zbnc   0/1     ContainerCreating   0          50s
tomcat-deployment-7db86c59b7-r5xsn   0/1     ContainerCreating   0          50s
tomcat-deployment-7db86c59b7-sphwk   0/1     ImagePullBackOff    0          50s
tomcat-deployment-7db86c59b7-sphwk   0/1     ErrImagePull        0          70s
tomcat-deployment-7db86c59b7-sphwk   0/1     ImagePullBackOff    0          82s
tomcat-deployment-7db86c59b7-r5xsn   1/1     Running             0          4m29s
tomcat-deployment-7db86c59b7-7zbnc   1/1     Running             0          4m29s
tomcat-deployment-7db86c59b7-sphwk   1/1     Running             0          5m7s
^C[root@k8s-master ~]# kubectl get deploy,pod -n test 
NAME                                READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/tomcat-deployment   3/3     3            3           6m52sNAME                                     READY   STATUS    RESTARTS   AGE
pod/tomcat-deployment-7db86c59b7-7zbnc   1/1     Running   0          6m52s
pod/tomcat-deployment-7db86c59b7-r5xsn   1/1     Running   0          6m52s
pod/tomcat-deployment-7db86c59b7-sphwk   1/1     Running   0          6m52s

Ingress配置

[root@k8s-master ~]# cat ingress-dep_lb.yaml ---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-ingressnamespace: test
spec:ingressClassName: nginxrules:- host: www.test.comhttp:paths:- path: /pathType: Prefixbackend:service:name: svc-lbport:number: 80- host: tomcat.ctl.comhttp:paths:- path: /pathType: Prefixbackend:service:name: tomcat-serviceport:number: 80[root@k8s-master ~]# kubectl apply -f ingress-dep_lb.yaml 
ingress.networking.k8s.io/nginx-ingress created
[root@k8s-master ~]# kubectl get service,ingress -n test
NAME                     TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/tomcat-service   LoadBalancer   10.96.166.18   <pending>     80:32593/TCP   10mNAME                                      CLASS   HOSTS                         ADDRESS   PORTS   AGE
ingress.networking.k8s.io/nginx-ingress   nginx   www.test.com,tomcat.ctl.com             80      5s
[root@k8s-master ~]# kubectl get service,ingress -n test
NAME                     TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/tomcat-service   LoadBalancer   10.96.166.18   <pending>     80:32593/TCP   10mNAME                                      CLASS   HOSTS                         ADDRESS                         PORTS   AGE
ingress.networking.k8s.io/nginx-ingress   nginx   www.test.com,tomcat.ctl.com   192.168.58.232,192.168.58.233   80      42s[root@k8s-master ~]# kubectl get deploy,pod -n test 
NAME                                READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/tomcat-deployment   3/3     3            3           14mNAME                                     READY   STATUS    RESTARTS   AGE
pod/tomcat-deployment-7db86c59b7-7zbnc   1/1     Running   0          14m
pod/tomcat-deployment-7db86c59b7-r5xsn   1/1     Running   0          14m
pod/tomcat-deployment-7db86c59b7-sphwk   1/1     Running   0          14m
[root@k8s-master ~]# kubectl get deploy,pod -n test  -o wide
NAME                                READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                  SELECTOR
deployment.apps/tomcat-deployment   3/3     3            3           14m   tomcat       tomcat:8.5-jre10-slim   app=tomcat-podNAME                                     READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
pod/tomcat-deployment-7db86c59b7-7zbnc   1/1     Running   0          14m   10.244.36.73     k8s-node1   <none>           <none>
pod/tomcat-deployment-7db86c59b7-r5xsn   1/1     Running   0          14m   10.244.36.72     k8s-node1   <none>           <none>
pod/tomcat-deployment-7db86c59b7-sphwk   1/1     Running   0          14m   10.244.169.131   k8s-node2   <none>           <none>
[root@k8s-master ~]# kubectl get service,ingress -n test
NAME                     TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/tomcat-service   LoadBalancer   10.96.166.18   <pending>     80:32593/TCP   14mNAME                                      CLASS   HOSTS                         ADDRESS                         PORTS   AGE
ingress.networking.k8s.io/nginx-ingress   nginx   www.test.com,tomcat.ctl.com   192.168.58.232,192.168.58.233   80      4m34s
[root@k8s-master ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.58.231 k8s-master
192.168.58.232 k8s-node1
192.168.58.233 k8s-node2
192.168.58.232 www.test.com
192.168.58.233 tomcat.ctl.com

Ingress的HTTPS代理

创建证书和密钥

[root@k8s-master ~]# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=itopenlab.com"
Generating a 2048 bit RSA private key
.................................................................+++
.....+++
writing new private key to 'tls.key'
-----
[root@k8s-master ~]# kubectl create secret tls tls-secret --key tls.key --cert tls.crt
secret/tls-secret created

创建ingress-https.yaml


[root@k8s-master ~]#  vim ingress-https.yaml
[root@k8s-master ~]# kubectl apply -f ingress-https.yaml 
ingress.networking.k8s.io/ingress-https created
[root@k8s-master ~]# kubectl get ing ingress-https -n test
NAME            CLASS    HOSTS                          ADDRESS   PORTS     AGE
ingress-https   <none>   nginx.ctl.com,tomcat.ctl.com             80, 443   8s
[root@k8s-master ~]# kubectl describe ing ingress-https -n test
Name:             ingress-https
Namespace:        test
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:tls-secret terminates nginx.ctl.com,tomcat.ctl.com
Rules:Host            Path  Backends----            ----  --------nginx.ctl.com   /   nginx-service:80 (<error: endpoints "nginx-service" not found>)tomcat.ctl.com  /   tomcat-service:8080 (10.244.169.131:8080,10.244.36.72:8080,10.244.36.73:8080)
Annotations:      <none>
Events:           <none>
[root@k8s-master ~]# cat ingress-https.yaml apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-httpsnamespace: test
spec:tls:- hosts:- nginx.ctl.com- tomcat.ctl.comsecretName: tls-secret # 指定秘钥rules:- host: nginx.ctl.comhttp:paths:- path: /pathType: Prefixbackend:service:name: nginx-serviceport:number: 80- host: tomcat.ctl.comhttp:paths:- path: /pathType: Prefixbackend:service:name: tomcat-serviceport:number: 8080
[root@k8s-master ~]# kubectl get ing ingress-https -n test -o wide
NAME            CLASS    HOSTS                          ADDRESS   PORTS     AGE
ingress-https   <none>   nginx.ctl.com,tomcat.ctl.com             80, 443   105s
[root@k8s-master ~]# kubectl get service,ingress -n test
NAME                     TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/tomcat-service   LoadBalancer   10.96.166.18   <pending>     80:32593/TCP   36mNAME                                      CLASS    HOSTS                          ADDRESS                         PORTS     AGE
ingress.networking.k8s.io/ingress-https   <none>   nginx.ctl.com,tomcat.ctl.com                                   80, 443   2m1s
ingress.networking.k8s.io/nginx-ingress   nginx    www.test.com,tomcat.ctl.com    192.168.58.232,192.168.58.233   80        26m
[root@k8s-master ~]# curl https://nginx.ctl.com
^C
[root@k8s-master ~]# kubectl get service,ingress -n test
NAME                     TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/tomcat-service   LoadBalancer   10.96.166.18   <pending>     80:32593/TCP   37mNAME                                      CLASS    HOSTS                          ADDRESS                         PORTS     AGE
ingress.networking.k8s.io/ingress-https   <none>   nginx.ctl.com,tomcat.ctl.com                                   80, 443   3m37s
ingress.networking.k8s.io/nginx-ingress   nginx    www.test.com,tomcat.ctl.com    192.168.58.232,192.168.58.233   80        27m

查看全文

http://www.wooajung.com/news/28397.html