一. 引言
k8s 提供了一下四種方式來暴露埠,分別是:
- ClusterIP, 僅供集群內部訪問
- NodePort,埠映射,給node隨機分配埠,然后由service進行代理
- LoadBalancer, 負載均衡模式,一般由云服務商提供負載均衡策略
- Ingress,網關模式,使用自定義的http(s)路由規則對Service進行代理,這也是實際生產中普遍使用的模式,
Ingress 模型如下:
二. 基于minikube的實踐
由于筆者條件有限,這里基于minikube進行實踐
1.啟用ingress插件,檢查驗證 NGINX Ingress 控制器處于運行狀態
# 啟動插件
? ~ minikube addons enable ingress
?? ingress is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub.
You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS
?? After the addon is enabled, please run "minikube tunnel" and your ingress resources would be available at "127.0.0.1"
? Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794
? Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794
? Using image registry.k8s.io/ingress-nginx/controller:v1.7.0
?? Verifying ingress addon...
?? 啟動 'ingress' 插件
# 檢查
? ~ kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-b7gn2 0/1 Completed 0 40s
ingress-nginx-admission-patch-d44xm 0/1 Completed 1 40s
ingress-nginx-controller-6cc5ccb977-4dvhb 1/1 Running 0 402.創建第一個應用
# 部署
? ~ kubectl create deployment web --image=gcr.io/google-samples/hello-app:1.0
deployment.apps/web created
# 使用NodePort暴露服務
? ~ kubectl expose deployment web --type=NodePort --port=8080
service/web exposed
# 查看服務
? ~ kubectl get service web
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
web NodePort 10.100.58.21 <none> 8080:30013/TCP 10s
# 測驗
? ~ minikube service web --url
http://127.0.0.1:51952
? Because you are using a Docker driver on darwin, the terminal needs to be open to run it.訪問 http://127.0.0.1:51952,得到如下資訊:
Hello, world!
Version: 1.0.0
Hostname: web-55b8c6998d-8k5643.創建Ingress
# 創建Ingress
kubectl apply -f https://k8s.io/examples/service/networking/example-ingress.yaml
ingress.networking.k8s.io/example-ingress created
# 查看Ingress
? ingress kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
example-ingress <none> hello-world.info 192.168.49.2 80 68s注意:minikube是不可以直接使用ip (192.168.49.2)訪問的的,我們在另一個視窗打開tunnel服務
? ~ minikube tunnel
? Tunnel successfully started
?? NOTE: Please do not close this terminal as this process must stay alive for the tunnel to be accessible ...
? The service/ingress example-ingress requires privileged ports to be exposed: [80 443]
?? sudo permission will be asked for it.
?? Starting tunnel for service example-ingress.在/etc/hosts 配置域名映射
127.0.0.1 hello-world.info然后訪問 http://hello-world.info/
4.添加更多的Ingress
# 部署
? ~ kubectl create deployment web2 --image=gcr.io/google-samples/hello-app:2.0
deployment.apps/web2 created
# 暴露埠
? ~ kubectl expose deployment web2 --port=8080 --type=NodePort
service/web2 exposed修改之前的Ingress配置,添加如下:
- path: /v2
pathType: Prefix
backend:
service:
name: web2
port:
number: 8080是配置生效:
? ingress kubectl apply -f example-ingress.yaml
ingress.networking.k8s.io/example-ingress configured然后訪問 http://hello-world.info/v2
三.原理
Ingress具體的作業原理如下:
- ingress contronler通過與k8s的api進行互動,動態的去感知k8s集群中ingress服務規則的變化,然后讀取它,并按照定義的ingress規則,轉發到k8s集群中對應的service,
- 而這個ingress規則寫明了哪個域名對應k8s集群中的哪個service,然后再根據ingress-controller中的nginx配置模板,生成一段對應的nginx配置,
- 然后再把該配置動態的寫到ingress-controller的pod里,該ingress-controller的pod里面運行著一個nginx服務,控制器會把生成的nginx配置寫入到nginx的組態檔中,然后reload一下,使其配置生效,以此來達到域名分配置及動態更新的效果
四.總結
本文簡單介紹了Nginx Ingress的基本概念和使用,在實際的生產環境中的配置或許稍有不同,配置也更為復雜,
Ingress的作業原理看起來挺簡單,但是nginx reload的程序是非常復雜的,后續有機會可以仔細解讀其中的細節,
五.參考
https://kubernetes.io/docs/concepts/services-networking/service/
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/ingress-minikube/
https://stackoverflow.com/questions/58561682/minikube-with-ingress-example-not-working
https://blog.csdn.net/weixin_44729138/article/details/105978555
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/555785.html
標籤:其他
上一篇:自動化平臺總結(httprunner+djangorestframework+python3+Mysql+Vue)【基礎構思】
下一篇:返回列表