➜
Ingress 其实就是从 Kuberenets 集群外部访问集群的一个入口,将外部的请求转发到集群内不同的 Service 上,其实就相当于 nginx、haproxy 等负载均衡代理服务器,可能你会觉得我们直接使用 nginx 就实现了,但是只使用 nginx 这种方式有很大缺陷,每次有新服务加入的时候怎么改 Nginx 配置?不可能让我们去手动更改或者滚动更新前端的 Nginx Pod 吧?那我们再加上一个服务发现的工具比如 consul 如何?貌似是可以,对吧?Ingress 实际上就是这样实现的,只是服务发现的功能自己实现了,不需要使用第三方的服务了,然后再加上一个域名规则定义,路由信息的刷新依靠 Ingress Controller 来提供。
Ingress Controller 可以理解为一个监听器,通过不断地监听 kube-apiserver,实时的感知后端 Service、Pod 的变化,当得到这些信息变化后,Ingress Controller 再结合 Ingress 的配置,更新反向代理负载均衡器,达到服务发现的作用。其实这点和服务发现工具 consul、 consul-template 非常类似。
image.png
NGINX Ingress Controller 是使用 Kubernetes Ingress 资源对象构建的,用 ConfigMap 来存储 Nginx 配置的一种 Ingress Controller 实现。
要使用 Ingress 对外暴露服务,就需要提前安装一个 Ingress Controller,我们这里就先来安装 NGINX Ingress Controller,由于 nginx-ingress 所在的节点需要能够访问外网,这样域名可以解析到这些节点上直接使用,所以需要让 nginx-ingress 绑定节点的 80 和 443 端口,所以可以使用 hostPort 来进行访问,当然对于线上环境来说为了保证高可用,一般是需要运行多个 nginx-ingress 实例的,然后可以用一个 nginx/haproxy 作为入口,通过 keepalived 来访问边缘节点的 vip 地址。
➜ 下载资源清单
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm fetch ingress-nginx/ingress-nginx
tar -xvf ingress-nginx-3.15.2.tgz
#指定k8s-node-1节点部署 具体看自己指定k8s-master-1都可以
kubectl label nodes k8s-node-1 Ingress=nginx
kubectl get nodes k8s-node-1 --show-labels
➜ 修改内容
# values.yaml
controller:
name: controller
image:
repository: cnych/ingress-nginx #修改此处
tag: "v0.41.2"
digest: #修改此处
dnsPolicy: ClusterFirstWithHostNet #修改此处
hostNetwork: true #新增此处
publishService: # hostNetwork 模式下设置为false,通过节点IP地址上报ingress status数据
enabled: false #修改此处
kind: DaemonSet #修改此处
nodeSelector:
role: lb # 这里要注意:如果是生产可以lb模式 如果是测试的话填写: Ingress: nginx 即可 #修改此处
service: # HostNetwork 模式不需要创建service
enabled: false #修改此处
defaultBackend:
enabled: true #修改此处
name: defaultbackend
image:
repository: cnych/ingress-nginx-defaultbackend #修改此处
tag: "1.5"
➜
kubectl create ns ingress-nginx
helm install --namespace ingress-nginx ingress-nginx ./ingress-nginx -f ./ingress-nginx/values.yaml
NAME: ingress-nginx
LAST DEPLOYED: Fri Apr 2 15:54:49 2021
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller'
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
➜ 注: ingress-nginx 部署成功。
POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -n ingress-nginx -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -n ingress-nginx -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v0.41.2
Build: d8a93551e6e5798fc4af3eb910cef62ecddc8938
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.4
-------------------------------------------------------------------------------
kubectl get pod,service,ingress
➜ 创建一个 nginx 应用创建一个 Ingress 资源试试。
[17:13:35root@k8s-master-1 ~/test]#cat ngdemo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
replicas: 5
selector:
matchLabels:
app: my-nginx
template:
metadata:
labels:
app: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
app: my-nginx
spec:
ports:
- port: 80
protocol: TCP
name: http
selector:
app: my-nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: ngdemo.qikqiak.com # 将域名映射到 my-nginx 服务
http:
paths:
- path: /
backend:
serviceName: my-nginx # 将所有请求发送到 my-nginx 服务的 80 端口
servicePort: 80 # 不过需要注意大部分Ingress controller都不是直接转发到Service
# 而是只是通过Service来获取后端的Endpoints列表,直接转发到Pod,这样可以减少网络跳转,提高性能
注意:我们在 Ingress 资源对象中添加了一个 annotations:kubernetes.io/ingress.class: "nginx",这就是指定让这个 Ingress 通过 nginx-ingress 来处理。
kubectl get pod,service,ingress -o wide -A
kubectl get ingress -o wide --all-namespaces
➜ 验证域名
echo "192.168.73.136 ngdemo.qikqiak.com" >> /etc/hosts
image.png
后端api-demo部署
[root@k8s-master-1 demo]# cat demo-deploy-service-ingress.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-demo
namespace: spring-test-demo-api
labels:
name: k8s-demo
spec:
replicas: 2
selector:
matchLabels:
name: k8s-demo
template:
metadata:
labels:
name: k8s-demo
spec:
containers:
- name: k8s-demo
image: jackylovelk/demo:v2.0
ports:
- containerPort: 8080
imagePullPolicy: Always
---
kind: Service
apiVersion: v1
metadata:
name: k8s-demo
namespace: spring-test-demo-api
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
selector:
name: k8s-demo
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: k8s-demo
namespace: spring-test-demo-api
spec:
rules:
- host: ngdemo-api.qikqiak.com
http:
paths:
- path: /
backend:
serviceName: k8s-demo
servicePort: 8080
image.png
