(1). Service暴露应用的不足
由于:LoadBalancer只能在公有云上使用.而NodePort又有以下不足:
- 每创建一个Service,需要在Node上绑定端口,有可能端口会冲突或不足.
- NodePort属于4层(tcp/udp)协议,无法满足某些7层协议(http)的业务工作.
- 可不可以有一个应用,来帮助集群中的所有Pod来做代理.然后这个应用接受请求,并做转发呢?
(2). Ingress
Ingress是在Service暴露应用不足的情况下而诞生,它支持:4层和7层协议.
Service与Ingress是什么关系呢?
- 通过Service与Pod进行关系.
- 通过Ingress(定义规则)与Service进行关系.
- Ingress只能基于域名的访问.
- Ingress Controller实现了Pod的负载均衡.Ingress Controller部署在每个Node节点上.
(3). Ingress Controller部署
Ingerss部署时,会在Node(宿主机上)创建80和443端口
# 防止下载过慢,先在node节点下载镜像
[root@node-1 ~]# docker pull siriuszg/nginx-ingress-controller:0.20.0
[root@node-2 ~]# docker pull siriuszg/nginx-ingress-controller:0.20.0
# 应用配置
[root@master ~]# kubectl apply -f ingress-controller.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
service/ingress-nginx created
# 查看所有的命名空间
[root@master ~]# kubectl get ns
NAME STATUS AGE
default Active 6d
ingress-nginx Active 62s
kube-node-lease Active 6d
kube-public Active 6d
kube-system Active 6d
# 查看ingress pod和service信息
# 因为ingress-nginx是以dameset方式启动的,所以,会在每个Node节点上部署一个节点.
# 也会在每个Node节点创建:80和443端口
[root@master ~]# kubectl get pods,svc -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/nginx-ingress-controller-dngj9 1/1 Running 0 105s
pod/nginx-ingress-controller-kwtc2 1/1 Running 0 105s
# Service模式为:ClusterIP,监听着:80和443端口
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx ClusterIP 10.1.63.82 <none> 80/TCP,443/TCP 105s
# 查看Node是否监听了80和443端口
# **************************** 验证是否在Node上监听了80和443端口****************************
[root@node-2 ~]# netstat -tlnp|grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12812/nginx: master
tcp6 0 0 :::443 :::* LISTEN 12812/nginx: master
[root@node-2 ~]# netstat -tlnp|grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12812/nginx: master
tcp6 0 0 :::80 :::* LISTEN 12812/nginx: master
[root@node-1 ~]# netstat -tlnp|grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12414/nginx: master
tcp6 0 0 :::80 :::* LISTEN 12414/nginx: master
[root@node-1 ~]# netstat -tlnp|grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12414/nginx: master
tcp6 0 0 :::443 :::* LISTEN 12414/nginx: master
(4). 创建ingress规则
# 检查service和端口(hello-world:9090)
[root@master ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/hello-world-5f8d77c9f7-589kd 1/1 Running 6 46h
pod/hello-world-5f8d77c9f7-hg5fx 1/1 Running 7 46h
# service为hello-world,端口为:9090
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/hello-world NodePort 10.1.232.6 <none> 9090:31355/TCP 2d23h
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 6d
# 查看service关联的endpoint
[root@master ~]# kubectl get ep
NAME ENDPOINTS AGE
hello-world 10.244.2.62:9090,10.244.2.63:9090 3d
# 查看pod更多信息()
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
hello-world-5f8d77c9f7-589kd 1/1 Running 6 47h 10.244.2.63 node-2 <none> <none>
hello-world-5f8d77c9f7-hg5fx 1/1 Running 7 47h 10.244.2.62 node-2 <none> <none>
# 创建ingress规则文件
# 访问:http://api.lixin.help/hello下所有的请求,都将转发给:
# http://10.244.2.62:9090/hello
# http://10.244.2.63:9090/hello
# 可以把hello-world service换成一个Gateway,用来进行网关管理.
[root@master ~]# cat hello-world-web-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-world-web
spec:
rules:
- host: "api.lixin.help"
http:
paths:
- backend:
serviceName: hello-world
servicePort: 9090
# 应用ingress配置
[root@master ~]# kubectl apply -f hello-world-web-ingress.yaml
ingress.extensions/hello-world-web created
# 查看所有的ingress
[root@master ~]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
hello-world-web api.lixin.help 80 38s
# 查看ingress详细情况
[root@master ~]# kubectl describe ingress hello-world-web
Name: hello-world-web
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
# *********************************************************************
# 尝试弹性伸缩容器,你会发现:多少个pod就会存在多少个ip.
# 这里的IP是pod的IP
# *********************************************************************
Host Path Backends
---- ---- --------
api.lixin.help
hello-world:9090 (10.244.2.62:9090,10.244.2.63:9090)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"hello-world-web","namespace":"default"},"spec":{"rules":[{"host":"api.lixin.help","http":{"paths":[{"backend":{"serviceName":"hello-world","servicePort":9090}}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 15m nginx-ingress-controller Ingress default/hello-world-web
Normal CREATE 15m nginx-ingress-controller Ingress default/hello-world-web
(5). 测试访问
# 在我的mac添加host与ip映射
lixin-macbook:Desktop lixin$ cat /etc/hosts | grep api.lixin.help
10.211.55.101 api.lixin.help
# 通过domain进行访问
lixin-macbook:Desktop lixin$ curl http://api.lixin.help/hello
Hello World-3.0.0-SNAPSHOT!!!test-hello