Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-1160.45.1.el7.x86_64
我正在使用外部負載平衡器 HAProxy 和 Keepalived。我的虛擬 IP 172.24.16.6。如果我使用 NodePort 創建服務,那么我可以從外部連接到 pod。這是負載均衡器的 IP 可用于我的集群的前提。
我通過此指令安裝了 NGINX 入口控制器https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
我也申請$ kubectl apply -f service/loadbalancer.yaml了這樣的引數:
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
externalTrafficPolicy: Local
type: LoadBalancer
externalIPs:
- 172.24.16.6
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
targetPort: 443
protocol: TCP
name: https
selector:
app: nginx-ingress
結果,它看起來像這樣:
]$ kubectl get all -o wide -n nginx-ingress
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-ingress-768698d9df-c2wlx 1/1 Running 0 27m 192.168.105.197 srv-dev-k8s-worker-05 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/nginx-ingress LoadBalancer 10.104.239.149 172.24.16.6 80:30053/TCP,443:30021/TCP 22m app=nginx-ingress
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/nginx-ingress 1/1 1 1 28m nginx-ingress nginx/nginx-ingress:2.0.2 app=nginx-ingress
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/nginx-ingress-6454cfbc49 0 0 0 28m nginx-ingress nginx/nginx-ingress:2.0.2 app=nginx-ingress,pod-template-hash=6454cfbc49
replicaset.apps/nginx-ingress-768698d9df 1 1 1 27m nginx-ingress nginx/nginx-ingress:2.0.2 app=nginx-ingress,pod-template-hash=768698d9df
nginx 入口 pod:
$ kubectl -n nginx-ingress get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-768698d9df-c2wlx 1/1 Running 0 72m 192.168.105.197 srv-dev-k8s-worker-05 <none> <none>
該netstat節目是80和443埠是開放的,必然172.24.16.6:
$ netstat -tulpn
(No info could be read for "-p": geteuid()=1002 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 172.24.16.6:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 172.24.16.6:443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:43707 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:32000 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:30021 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:30053 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9098 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9099 0.0.0.0:* LISTEN -
tcp 0 0 172.24.25.141:2379 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6444 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6444 0.0.0.0:* LISTEN -
tcp 0 0 172.24.25.141:2380 0.0.0.0:* LISTEN -
tcp6 0 0 :::10256 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::31231 :::* LISTEN -
tcp6 0 0 :::5473 :::* LISTEN -
tcp6 0 0 :::10250 :::* LISTEN -
tcp6 0 0 :::6443 :::* LISTEN -
udp 0 0 127.0.0.1:323 0.0.0.0:* -
udp 0 0 0.0.0.0:4789 0.0.0.0:* -
udp 0 0 0.0.0.0:58191 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp6 0 0 ::1:323 :::* -
但是iptables不要打開任何埠https://pastebin.com/BvV32sjD
請幫助我從外部訪問。
uj5u.com熱心網友回復:
是的,我將入口添加到命名空間 for-only-test。
$ kubectl get all -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-deployment-559d658b74-6p4tb 1/1 Running 0 179m 192.168.240.70 srv-dev-k8s-worker-08 <none> <none>
pod/nginx-deployment-559d658b74-r96s9 1/1 Running 0 179m 192.168.240.71 srv-dev-k8s-worker-08 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/nginx-deployment ClusterIP 10.108.39.147 <none> 80/TCP 178m app=nginx
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/nginx-deployment 2/2 2 2 3h1m nginx nginx:1.16.1 app=nginx
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/nginx-deployment-559d658b74 2 2 2 179m nginx nginx:1.16.1 app=nginx,pod-template-hash=559d658b74
然后創建入口:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-for-nginx-deployment
annotations:
# kubernetes.io/ingress.class: "nginx"
# nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: k8s.domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-deployment
port:
number: 80
$ kubectl get ingress -o wide
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-for-nginx-deployment nginx k8s.domain.com 80 7s
uj5u.com熱心網友回復:
負載均衡器型別的服務需要連接到外部負載均衡器。AWS 和其他云提供商在本機上執行此操作,但在本地集群上,您需要為此使用入口控制器和入口。
在這里,您似乎沒有可用的外部負載均衡器來為您的負載均衡器型別的服務提供流量。為了做到這一點,我們安裝了 nginx 入口控制器并創建了一個入口資源,然后它將與您的負載均衡器服務對話
所以只需根據您的需要自定義下面的入口資源,然后部署它就可以作業了。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-wildcard-host
spec:
rules:
- host: "foo.bar.com"
http:
paths:
- pathType: Prefix
path: "/bar"
backend:
service:
name: service1
port:
number: 80
所以在你的本地集群流量就像:nginx-ingress-controller -> Ingress -> Loadbalancer service
雖然在 AWS 上的流量是這樣的:AWS ELB -> Loadbalancer 服務
(這里 aws 為每種負載均衡器型別的服務自動配置 ELB。)
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/331127.html
標籤:Kubernetes 代理 nginx-ingress