部署ingress-nginx訪問(wèn)k8s內(nèi)部pod應(yīng)用服務(wù)

  • 下載官方 nginx 版本
wget -O ingress-deploy.yaml https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml
  • 修改下載后的ingress-deploy.yaml
vim ingress-deploy.yaml
  1. 增加行 replicas: 2 副本數(shù)
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    helm.sh/chart: ingress-nginx-3.10.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.41.2
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/component: controller
  revisionHistoryLimit: 10
  minReadySeconds: 0
  replicas: 2
  template:
image.png
  1. 修改鏡像為國(guó)內(nèi)鏡像
    增加行 hostNetwork: true
    image: pollyduan/ingress-nginx-controller:v0.41.2
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/component: controller
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirst
      containers:
        - name: controller
          image: pollyduan/ingress-nginx-controller:v0.41.2
          #image: k8s.gcr.io/ingress-nginx/controller:v0.41.2@sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                  - /wait-shutdown
image.png

  • 節(jié)點(diǎn)服務(wù)器上添加標(biāo)簽 和 ingress-deploy.yaml 中保持一致否則部署時(shí)會(huì)出現(xiàn)錯(cuò)誤


    image.png
root@master:/home/ljy/桌面# kubectl label nodes master ingress-ready=true
node/master labeled
root@master:/home/ljy/桌面# kubectl label nodes master kubernetes.io/os=linux --overwrite
node/master not labeled
  • 部署 ingress-deploy.yaml
root@master:/home/ljy/桌面# kubectl apply -f ingress-deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
  • 查看運(yùn)行情況
kubectl get pod,service -n ingress-nginx -o wide

root@master:/home/ljy/桌面# kubectl get pods -n ingress-nginx
NAME                                       READY   STATUS    RESTARTS   AGE
ingress-nginx-controller-9f64489f5-7pvwf   1/1     Running   3          3d1h

root@master:/home/ljy/桌面# kubectl get pod,service -n ingress-nginx -o wide
NAME                                           READY   STATUS    RESTARTS   AGE    IP          NODE     NOMINATED NODE   READINESS GATES
pod/ingress-nginx-controller-9f64489f5-7pvwf   1/1     Running   3          3d1h   10.0.2.15   master   <none>           <none>

NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE    SELECTOR
service/ingress-nginx-controller             LoadBalancer   10.103.52.62    <pending>     80:30074/TCP,443:31737/TCP   3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
service/ingress-nginx-controller-admission   ClusterIP      10.97.102.169   <none>        443/TCP                      3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx

如果pod狀態(tài)有異樣請(qǐng)使用kubectl describe pod pod名稱(chēng) -n ingress-nginx 查看詳情

kubectl describe pod ingress-nginx-controller-9f64489f5-7pvwf -n ingress-nginx
  • 解析域名
vim /etc/hosts
10.0.2.15 cloud-test.com
  • 編寫(xiě)請(qǐng)求轉(zhuǎn)發(fā)規(guī)則
    vim nginx-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: cloud  # 命名空間和代理的serviceName 所屬命名空間保存一致,否則訪問(wèn)是會(huì)出現(xiàn)503錯(cuò)誤
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
    # 開(kāi)啟use-regex,啟用path的正則匹配
    nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
  rules:
    - host: cloud-test.com  # 域名
      http:
        paths:
          - path: /common
            backend:
              # 注冊(cè)的服務(wù)名稱(chēng)
              serviceName: cloud-communal-service
              # 服務(wù)端口
              servicePort: 18080
  • 啟動(dòng)規(guī)則
kubectl apply -f nginx-ingress.yaml

root@master:/home/ljy/桌面# kubectl apply -f nginx-ingress.yaml 
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/nginx-ingress created
  • 進(jìn)入容器查看nginx配置信息
kubectl exec -it ingress-nginx-controller-9f64489f5-7pvwf -n ingress-nginx -- /bin/bash
bash-5.0$ cat nginx.conf | grep -A 30 cloud-test.com
image.png

證明 ingress-controller Pod 里面 nginx 配置已經(jīng)生效了

  • 查看 ingress service
kubectl get service -o wide -n ingress-nginx

root@master:/home/ljy/桌面# kubectl get service -o wide -n ingress-nginx
NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE    SELECTOR
ingress-nginx-controller             LoadBalancer   10.103.52.62    <pending>     80:30074/TCP,443:31737/TCP   3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-admission   ClusterIP      10.97.102.169   <none>        443/TCP                      3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx

我們可以看到對(duì)外暴露了 31391 端口,訪問(wèn)任何節(jié)點(diǎn)的 31391 端口即可訪問(wèn)到 Pod服務(wù)。
但該端口是隨機(jī)的,并且重建后會(huì)變化,我們可以直接訪問(wèn)運(yùn)行 ingress-controller Pod 的 80 端口。

  • 測(cè)試
root@master:/home/ljy/桌面# curl cloud-test.com:18080
{"status":200,"message":"請(qǐng)查看API文檔","data":null,"extend":null,"timestamp":"2020-12-21 08:40:46","success":true,"total":null,"description":null}

root@master:/home/ljy/桌面# curl cloud-test.com/common
{"status":200,"message":"請(qǐng)查看API文檔","data":null,"extend":null,"timestamp":"2020-12-21 08:40:46","success":true,"total":null,"description":null}
  • 查看端點(diǎn)endpoint
    kubectl get endpoints --all-namespaces
root@master:/home/ljy/桌面# kubectl get endpoints --all-namespaces
NAMESPACE       NAME                                 ENDPOINTS                                                  AGE
cloud           cloud-communal-service               10.0.2.15:18080                                            33m
default         kubernetes                           10.0.2.15:6443                                             11d
ingress-nginx   ingress-nginx-controller             10.0.2.15:443,10.0.2.15:80                                 3d1h
ingress-nginx   ingress-nginx-controller-admission   10.0.2.15:8443                                             3d1h
kube-system     kube-controller-manager              <none>                                                     11d
kube-system     kube-dns                             10.244.0.47:53,10.244.0.48:53,10.244.0.47:53 + 3 more...   11d
kube-system     kube-scheduler                       <none>                                                     11d

如果沒(méi)有 serviceName: cloud-communal-service 端點(diǎn),訪問(wèn)cloud-test.com/common就會(huì)報(bào)503 服務(wù)不可用

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容