k8s Ingress Controller 之 Nginx 部署

介绍

Ingress

在Kubernetes中可以通过对Ingress资源对象的配置， 将不同 URL的访问请求转发到后端不同的 Service上。
Kubernetes 将 一个Ingress资源对象的定义和一个具体的 Ingress Controller 相结合来实现7层负载均衡器。
Ingress Controller 在转发客户端请求到后端服务时，将跳过 kube-proxy 提供的4层负载均衡器的功能，直接转发到Service的后端 Pod（Endpoints），以提高网络转发效率。

ingress-nginx

开源项目： https://github.com/kubernetes/ingress-nginx
主要工作机制： 通过监听用户设置的Ingeress策略，自动完成Nginx相关的upstream配置的生成和在线更新。

部署

部署文件： https://github.com/linuxhub/kubernetes/tree/master/install/ingress-nginx

部署 nginx-ingress-controller

文件: mandatory.yaml　

$ kubectl create -f https://raw.githubusercontent.com/linuxhub/kubernetes/master/install/ingress-nginx/mandatory.yaml
namespace "ingress-nginx" created
configmap "nginx-configuration" created
configmap "tcp-services" created
configmap "udp-services" created
serviceaccount "nginx-ingress-serviceaccount" created
clusterrole.rbac.authorization.k8s.io "nginx-ingress-clusterrole" created
role.rbac.authorization.k8s.io "nginx-ingress-role" created
rolebinding.rbac.authorization.k8s.io "nginx-ingress-role-nisa-binding" created
clusterrolebinding.rbac.authorization.k8s.io "nginx-ingress-clusterrole-nisa-binding" created
deployment.apps "nginx-ingress-controller" created

查看状态

$ kubectl -n ingress-nginx get all
NAME                                            READY     STATUS    RESTARTS   AGE
pod/nginx-ingress-controller-647c75c997-4mbv4   1/1       Running   0          4m
pod/nginx-ingress-controller-647c75c997-5pvk5   1/1       Running   0          4m
pod/nginx-ingress-controller-647c75c997-mc5x6   1/1       Running   0          4m

NAME                                       DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-ingress-controller   3         3         3            3           4m

NAME                                                  DESIRED   CURRENT   READY     AGE
replicaset.apps/nginx-ingress-controller-647c75c997   3         3         3         4m

部署 service-nodeport

文件: service-nodeport.yaml

$ kubectl apply -f https://raw.githubusercontent.com/linuxhub/kubernetes/master/install/ingress-nginx/service-nodeport.yaml
service "ingress-nginx" created

状态

$  kubectl -n ingress-nginx get service
NAME            TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx   NodePort   10.254.60.59   <none>        80:60080/TCP,443:60443/TCP   28s

使用

应用 Demo： http://www.linuxhub.cn/2019/04/18/deploy-k8s-java.html

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ing-nginx-test
  namespace: default

  # 默认使用 nginx 控制器
  #annotations: 
  #  kubernets.io/ingress.class: nginx
  
spec:
  rules:
  - host: demo.linuxhub.cn
    http:
      paths:
      - path: /
        backend:
          serviceName: linuxhub-web-svc
          servicePort: 8088

应用

$ kubectl apply -f https://raw.githubusercontent.com/linuxhub/kubernetes/master/install/ingress-nginx/demo.linuxhub.cn.yaml "demo.linuxhub.cn.yam
ingress.extensions "ing-nginx-test" created

状态

$ kubectl get ing
NAME             HOSTS              ADDRESS   PORTS     AGE
ing-nginx-test   demo.linuxhub.cn             80        30s

集群内 访问

root@zeze-jenkins-5858489467-lwfcc:/# ping -c 2 10.254.60.59 
PING 10.254.60.59 (10.254.60.59) 56(84) bytes of data.
64 bytes from 10.254.60.59: icmp_seq=1 ttl=64 time=0.088 ms
64 bytes from 10.254.60.59: icmp_seq=2 ttl=64 time=0.084 ms
--- 10.254.60.59 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.084/0.086/0.088/0.002 ms

root@zeze-jenkins-5858489467-lwfcc:/# echo "10.254.60.59 demo.linuxhub.cn" >> /etc/hosts
root@zeze-jenkins-5858489467-lwfcc:/# curl http://demo.linuxhub.cn/index
Hello Linuxhub!

root@zeze-jenkins-5858489467-lwfcc:/# curl http://demo.linuxhub.cn/hello
Hello World!

集群外 访问

可通过Haproyx或Nginx代理到k8s工作节点暴露的端口
访问:　http://demo.linuxhub.cn/index