玉樹營銷網(wǎng)站建設(shè)十大營銷策劃公司排名
需求:
k8s 配置好之后除了 nodeport 以外都是對集群內(nèi)部的行為
使用nodeport 并不是很友好,要自己處理很多的端口管理
使用ingress 可以更好的整合配置服務(wù)
進(jìn)程:
下載ingress-nginx 的yaml 文件
https://github.com/kubernetes/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml安裝
kubectl create -f mandatory.yaml安裝的時候會有一些warning 影響不大
查看 ingress-nignx 的配置啟動情況
kubectl get all -n ingress-nginx如果controller 沒有ready 需要找一下原因
查看 這個pod 的狀態(tài)
kubectl get pod -n ingress-nginx --show-labels
果然是有問題了,controller 狀態(tài)是crash查看pod 的狀態(tài)信息簡介
kubectl describe pod nginx-ingress-controller-54b86f8f7b-bk8s4 -n ingress-nginx
查看pod 的啟動日志
kubectl logs nginx-ingress-controller-54b86f8f7b-bk8s4 -n ingress-nginx
看起來是網(wǎng)絡(luò)不通暢
修改下載下來的mandatory.yaml 在第214 行加上 hostNetwork: true 重新執(zhí)行apply 可執(zhí)行文件在最下方
做一個端口輸入service
apiVersion: v1
kind: Service
metadata:name: ingress-nginx-svcnamespace: ingress-nginx #和controller 保持一致
spec:type: NodePort #必須是這個ports:- name: httpport: 80targetPort: 80protocol: TCPnodePort: 32080 #http 80 映射到32080- name: httpsport: 443targetPort: 443protocol: TCPnodePort: 32443 #https 443 映射到底32443selector: #內(nèi)容參考controller 的metadataapp.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginxapply 之后查看網(wǎng)址內(nèi)容
404 表示能連通,但是沒有服務(wù) ingress 安裝完成
進(jìn)程2:
安裝完成之后做一個測驗
配置一個可啟動的服務(wù) deployment 和 service 的配置信息不明白的可以看k8s pod deployment service ingress 關(guān)系
apiVersion: apps/v1
kind: Deployment
metadata:name: myappnamespace: default
spec:replicas: 1selector:matchLabels:app: myapptemplate:metadata:namespace: defaultlabels:app: myappspec:containers:- name: myappimage: ikubernetes/myapp:v1---
apiVersion: v1
kind: Service
metadata:name: myappnamespace: default
spec:selector:app: myappports:- name: httpport: 80targetPort: 80創(chuàng)建完成之后再創(chuàng)建一個ingress 來做反向代理
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: ingress-myappnamespace: defaultannotations:kubernetes.io/ingress.class: "nginx"
spec:rules:- host: www.firstdemo.comhttp:paths:- path: /backend:serviceName: myappservicePort: 80apply 之后在要測試服務(wù)的機器上做一個端口映射
#hosts 文件
192.168.197.135 www.firstdemo.com打開網(wǎng)站www.firstdemo.com:32080 會看到一個已經(jīng)啟動了的服務(wù)
拓展:
mandatory.yaml
apiVersion: v1
kind: Namespace
metadata:name: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---kind: ConfigMap
apiVersion: v1
metadata:name: nginx-configurationnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: tcp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
kind: ConfigMap
apiVersion: v1
metadata:name: udp-servicesnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: v1
kind: ServiceAccount
metadata:name: nginx-ingress-serviceaccountnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:name: nginx-ingress-clusterrolelabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- endpoints- nodes- pods- secretsverbs:- list- watch- apiGroups:- ""resources:- nodesverbs:- get- apiGroups:- ""resources:- servicesverbs:- get- list- watch- apiGroups:- ""resources:- eventsverbs:- create- patch- apiGroups:- "extensions"- "networking.k8s.io"resources:- ingressesverbs:- get- list- watch- apiGroups:- "extensions"- "networking.k8s.io"resources:- ingresses/statusverbs:- update---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:name: nginx-ingress-rolenamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
rules:- apiGroups:- ""resources:- configmaps- pods- secrets- namespacesverbs:- get- apiGroups:- ""resources:- configmapsresourceNames:# Defaults to "<election-id>-<ingress-class>"# Here: "<ingress-controller-leader>-<nginx>"# This has to be adapted if you change either parameter# when launching the nginx-ingress-controller.- "ingress-controller-leader-nginx"verbs:- get- update- apiGroups:- ""resources:- configmapsverbs:- create- apiGroups:- ""resources:- endpointsverbs:- get---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:name: nginx-ingress-role-nisa-bindingnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: nginx-ingress-role
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:name: nginx-ingress-clusterrole-nisa-bindinglabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: nginx-ingress-clusterrole
subjects:- kind: ServiceAccountname: nginx-ingress-serviceaccountnamespace: ingress-nginx---apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionshostNetwork: trueterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linuxcontainers:- name: nginx-ingress-controllerimage: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0args:- /nginx-ingress-controller- --configmap=$(POD_NAMESPACE)/nginx-configuration- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services- --udp-services-configmap=$(POD_NAMESPACE)/udp-services- --publish-service=$(POD_NAMESPACE)/ingress-nginx- --annotations-prefix=nginx.ingress.kubernetes.iosecurityContext:allowPrivilegeEscalation: truecapabilities:drop:- ALLadd:- NET_BIND_SERVICE# www-data -> 101runAsUser: 101env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespaceports:- name: httpcontainerPort: 80protocol: TCP- name: httpscontainerPort: 443protocol: TCPlivenessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 10readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPperiodSeconds: 10successThreshold: 1timeoutSeconds: 10lifecycle:preStop:exec:command:- /wait-shutdown---apiVersion: v1
kind: LimitRange
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:limits:- min:memory: 90Micpu: 100mtype: Container