Kubernetes核心-Ingress-metallb
使用一種能感知協議配置的機制來解析 URI、主機名稱、路徑等 Web 概念, 讓你的 HTTP(或 HTTPS)網絡服務可被訪問。 Ingress 概念允許你通過 Kubernetes API 定義的規則將流量映射到不同後端。
部署metallb
MetalLB 是Kubernetes 的一個裸機環境下的負載均衡器,它為LoadBalancer 類型的Service 提供IP 地址分配和對外流量廣播,從而使裸機Kubernetes 集羣也能像雲環境一樣通過外部IP 訪問內部服務
下載部署
# 我可以連接國際網絡,就直接部署了
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yaml
# 網絡不通暢可以使用手動修改鏡像地址
# 下載yaml配置
wget https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yaml
# 修改鏡像地址
# 自行找代理
sed -i "s#quay.io#quay.chenby.cn#g" metallb-native.yaml
cat metallb-native.yaml | grep image
image: quay.chenby.cn/metallb/controller:v0.14.5
image: quay.chenby.cn/metallb/speaker:v0.14.5
# 執行部署
kubectl apply -f metallb-native.yaml查看運行情況
root@k8s-master01:~# kubectl -n metallb-system get all
NAME READY STATUS RESTARTS AGE
pod/controller-6599cd9c46-rr54w 1/1 Running 0 78s
pod/speaker-55j5t 1/1 Running 0 78s
pod/speaker-bcr4j 1/1 Running 0 78s
pod/speaker-p7vgz 1/1 Running 0 78s
pod/speaker-pzvkd 1/1 Running 0 78s
pod/speaker-vcjvr 1/1 Running 0 78s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/metallb-webhook-service ClusterIP 10.106.20.159 <none> 443/TCP 78s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/speaker 5 5 5 5 5 kubernetes.io/os=linux 78s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/controller 1/1 1 1 78s
NAME DESIRED CURRENT READY AGE
replicaset.apps/controller-6599cd9c46 1 1 1 78s
配置VIP的資源池
# 新版本metallb使用了CR(Custom Resources),這裏我們通過IPAddressPool的CR,進行地址池的定義。
# 如果實例中不設置IPAddressPool選擇器L2Advertisement;那麼L2Advertisement默認為該實例所有的IPAddressPool相關聯。
cat > metallb-config-ipaddresspool.yaml << EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 192.168.1.71-192.168.1.75
EOF
# 進行L2關聯地址池的綁定。
cat > metallb-config-L2Advertisement.yaml << EOF
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: example
namespace: metallb-system
spec:
ipAddressPools:
- first-pool
EOF
# 執行部署
kubectl apply -f metallb-config-ipaddresspool.yaml
kubectl apply -f metallb-config-L2Advertisement.yamlIngress安裝
執行部署
# 添加倉庫
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
# 拉取倉庫
helm pull ingress-nginx/ingress-nginx
tar xvf ingress-nginx-4.12.3.tgz
# 查看鏡像地址,若你的環境無法下載這個鏡像,那麼就需要你自行找鏡像 或者更換鏡像地址
[root@k8s-master01 ingress-nginx]# cat values.yaml | grep image | grep -v \#
image:
image:
image: ingress-nginx/controller
image:
image: ingress-nginx/kube-webhook-certgen
image:
image: defaultbackend-amd64
imagePullSecrets: []
[root@k8s-master01 ingress-nginx]#
# 我這裏的環境可以直接拉取 我直接進行了安裝
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress --create-namespace
# 查看完成安裝
[root@k8s-master01 ~]# kubectl get all -n ingress
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-controller-6996967cbb-fplzt 1/1 Running 0 56s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller LoadBalancer 10.109.63.223 192.168.1.71 80:32046/TCP,443:31512/TCP 56s
service/ingress-nginx-controller-admission ClusterIP 10.110.227.191 <none> 443/TCP 56s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 56s
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-6996967cbb 1 1 1 56s
[root@k8s-master01 ~]# 創建測試鏡像
cat > Dockerfile << EOF
FROM nginx
RUN echo 'nginx-v1' > /usr/share/nginx/html/index.html
EOF
docker build -t registry.cn-hangzhou.aliyuncs.com/chenby/cby:nginx-v1 .
cat > Dockerfile << EOF
FROM nginx
RUN echo 'nginx-v2' > /usr/share/nginx/html/index.html
EOF
docker build -t registry.cn-hangzhou.aliyuncs.com/chenby/cby:nginx-v2 .
docker push registry.cn-hangzhou.aliyuncs.com/chenby/cby:nginx-v1
docker push registry.cn-hangzhou.aliyuncs.com/chenby/cby:nginx-v2創建測試應用
cat > ingress-demo-app.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: cby-nginx-v1
spec:
replicas: 2
selector:
matchLabels:
app: cby-nginx-v1
template:
metadata:
labels:
app: cby-nginx-v1
spec:
containers:
- name: cby-nginx-v1
image: registry.cn-hangzhou.aliyuncs.com/chenby/cby:nginx-v1
ports:
- containerPort: 9000
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cby-nginx-v2
name: cby-nginx-v2
spec:
replicas: 2
selector:
matchLabels:
app: cby-nginx-v2
template:
metadata:
labels:
app: cby-nginx-v2
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/chenby/cby:nginx-v2
name: nginx
---
apiVersion: v1
kind: Service
metadata:
labels:
app: cby-nginx-v2
name: cby-nginx-v2
spec:
selector:
app: cby-nginx-v2
ports:
- port: 8000
protocol: TCP
targetPort: 80
---
apiVersion: v1
kind: Service
metadata:
labels:
app: cby-nginx-v1
name: cby-nginx-v1
spec:
selector:
app: cby-nginx-v1
ports:
- port: 8000
protocol: TCP
targetPort: 80
EOF
# 創建路由
cat >> ingress-demo-app-ingress.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-host-bar
spec:
ingressClassName: nginx
rules:
- host: "nginx-v1.chenby.cn"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: cby-nginx-v1
port:
number: 8000
- host: "nginx-v2.chenby.cn"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: cby-nginx-v2
port:
number: 8000
EOF
# 等創建完成後在執行:
kubectl apply -f ingress-demo-app.yaml
kubectl apply -f ingress-demo-app-ingress.yaml
# 查看ING
kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-host-bar nginx nginx-v1.chenby.cn,nginx-v2.chenby.cn 192.168.1.71 80 69m
測試訪問
# 寫入hosts
cat >> /etc/hosts <<EOF
192.168.1.71 nginx-v1.chenby.cn
192.168.1.71 nginx-v2.chenby.cn
EOF
# 訪問 v1 正常
[root@localhost ~]# curl nginx-v1.chenby.cn
nginx-v1
[root@localhost ~]#
# # 訪問 v2 正常
[root@localhost ~]# curl nginx-v2.chenby.cn
nginx-v2
[root@localhost ~]#測試路徑重寫
# 刪除剛建的ingress
kubectl delete -f ingress-demo-app-ingress.yaml
# 寫入新的ingress
cat >> ingress-demo-app-ingress-router.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: ingress-host-bar
spec:
ingressClassName: nginx
rules:
- host: "nginx-v1.chenby.cn"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: cby-nginx-v1
port:
number: 8000
- host: "nginx-v2.chenby.cn"
http:
paths:
- pathType: Prefix
path: "/nginx(/|$)(.*)"
pathType: ImplementationSpecific
backend:
service:
name: cby-nginx-v2
port:
number: 8000
EOF
# 執行部署
kubectl apply -f ingress-demo-app-ingress-router.yaml
# 訪問 v1 返回正常
[root@localhost ~]# curl nginx-v1.chenby.cn
nginx-v1
[root@localhost ~]#
# 訪問 v2 訪問異常
[root@localhost ~]# curl nginx-v2.chenby.cn
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
[root@localhost ~]#
# 訪問時加上URI 訪問正常
[root@localhost ~]# curl nginx-v2.chenby.cn/nginx
nginx-v2
[root@localhost ~]# 測試流量限制
# 刪除剛建的ingress
kubectl delete -f ingress-demo-app-ingress-router.yaml
# 寫入新的ingress
cat >> ingress-demo-app-ingress-limit.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-limit-rate
annotations:
nginx.ingress.kubernetes.io/limit-rps: "1"
spec:
ingressClassName: nginx
rules:
- host: "nginx-v1.chenby.cn"
http:
paths:
- pathType: Exact
path: "/"
backend:
service:
name: cby-nginx-v1
port:
number: 8000
- host: "nginx-v2.chenby.cn"
http:
paths:
- pathType: Exact
path: "/"
backend:
service:
name: cby-nginx-v2
port:
number: 8000
EOF
# 執行部署
kubectl apply -f ingress-demo-app-ingress-limit.yaml
# 訪問過快 會返回 503
[root@localhost ~]# for i in {1..8}; do curl nginx-v1.chenby.cn; done
nginx-v1
nginx-v1
nginx-v1
nginx-v1
nginx-v1
nginx-v1
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>
[root@localhost ~]#
過濾查看ingress端口
上面有安裝metallb組件,所有ingress有自動獲取到地址,我這裏就不修改nodeport了,各位如果沒有metallb組件 就需要修改 nodeport
# 修改為nodeport
kubectl edit svc -n ingress-nginx ingress-nginx-controller
type: NodePort
[root@hello ~/yaml]# kubectl get svc -A | grep ingress
ingress-nginx ingress-nginx-controller LoadBalancer 10.110.161.30 192.168.1.71 80:32480/TCP,443:30195/TCP 12m
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.105.211.217 <none> 443/TCP 12m
[root@hello ~/yaml]#關於
https://www.oiox.cn/
https://www.oiox.cn/index.php/start-page.html
CSDN、GitHub、知乎、開源中國、思否、掘金、簡書、華為雲、阿里雲、騰訊雲、嗶哩嗶哩、今日頭條、新浪微博、個人博客
全網可搜《小陳運維》
文章主要發佈於微信公眾號:《Linux運維交流社區》
