国产无码综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

【云原生系列之kubernetes】--Ingress使用

2年前作者：優(yōu)質(zhì)&青年分類：Toy博客閱讀(20)違法舉報(bào)

這篇具有很好參考價(jià)值的文章主要介紹了【云原生系列之kubernetes】--Ingress使用。希望對(duì)大家有所幫助。如果存在錯(cuò)誤或未考慮完全的地方，請(qǐng)大家不吝賜教，您也可以點(diǎn)擊"舉報(bào)違法"按鈕提交疑問。

service的缺點(diǎn)：

不支持基于URL等機(jī)制對(duì)HTTP/HTTPS協(xié)議進(jìn)行高級(jí)路由、超時(shí)、重試、基于流量的灰度等高級(jí)流量治理機(jī)制
難以將多個(gè)service流量統(tǒng)一管理

1.1ingress的概念

【云原生系列之kubernetes】--Ingress使用,云原生,kubernetes,容器

ingress是k8s中的一個(gè)對(duì)象，作用是如何將請(qǐng)求轉(zhuǎn)發(fā)到service的規(guī)則
ingress controller是實(shí)現(xiàn)反向代理以及負(fù)載均衡的程序，對(duì)ingress定義的規(guī)則進(jìn)行解析，根據(jù)配置的規(guī)則來實(shí)現(xiàn)請(qǐng)求轉(zhuǎn)發(fā)，實(shí)現(xiàn)方式多種，如nginx、haproxy等

10.2ingress工作原理

【云原生系列之kubernetes】--Ingress使用,云原生,kubernetes,容器

編寫ingress規(guī)則，說明請(qǐng)求域名對(duì)應(yīng)kubernetes集群中的那個(gè)service
Ingress控制器動(dòng)態(tài)感知Ingress服務(wù)規(guī)則的變化，然后生成一段對(duì)應(yīng)的nginx反向代理配置
Ingress控制器會(huì)將生成的nginx配置寫入到一個(gè)運(yùn)行nginx的服務(wù)中并動(dòng)態(tài)更新

1.3 Ingress實(shí)驗(yàn)環(huán)境的準(zhǔn)備

1.3.1 部署Ingress controller

root@k8s-master1:/app/yaml/ingress# cat ingress-control.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx

---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx
  namespace: ingress-nginx
automountServiceAccountToken: true
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
data:
---
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
  name: ingress-nginx
rules:
  - apiGroups:
      - ''
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ''
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
  name: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
subjects:
  - kind: ServiceAccount
    name: ingress-nginx
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx
  namespace: ingress-nginx
rules:
  - apiGroups:
      - ''
    resources:
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ''
    resources:
      - configmaps
      - pods
      - secrets
      - endpoints
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - configmaps
    resourceNames:
      - ingress-controller-leader
    verbs:
      - get
      - update
  - apiGroups:
      - ''
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - create
      - patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
subjects:
  - kind: ServiceAccount
    name: ingress-nginx
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
spec:
  type: ClusterIP
  ports:
    - name: https-webhook
      port: 443
      targetPort: webhook
      appProtocol: https
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/component: controller
  revisionHistoryLimit: 10
  minReadySeconds: 0
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/component: controller
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirst
      containers:
        - name: controller
          image: registry.cn-beijing.aliyuncs.com/kole_chang/controller:v1.0.0
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                  - /wait-shutdown
          args:
            - /nginx-ingress-controller
            - --election-id=ingress-controller-leader
            - --controller-class=k8s.io/ingress-nginx
            - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
            - --validating-webhook=:8443
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key
            - --watch-ingress-without-class=true
          securityContext:
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
            runAsUser: 101
            allowPrivilegeEscalation: true
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: LD_PRELOAD
              value: /usr/local/lib/libmimalloc.so
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
            - name: https
              containerPort: 443
              protocol: TCP
            - name: webhook
              containerPort: 8443
              protocol: TCP
          volumeMounts:
            - name: webhook-cert
              mountPath: /usr/local/certificates/
              readOnly: true
          resources:
            requests:
              cpu: 100m
              memory: 90Mi
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
        - name: webhook-cert
          secret:
            secretName: ingress-nginx-admission
---
# Source: ingress-nginx/templates/controller-ingressclass.yaml
# We don't support namespaced ingressClass yet
# So a ClusterRole and a ClusterRoleBinding is required
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: nginx
  namespace: ingress-nginx
spec:
  controller: k8s.io/ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  name: ingress-nginx-admission
webhooks:
  - name: validate.nginx.ingress.kubernetes.io
    matchPolicy: Equivalent
    rules:
      - apiGroups:
          - networking.k8s.io
        apiVersions:
          - v1
        operations:
          - CREATE
          - UPDATE
        resources:
          - ingresses
    failurePolicy: Fail
    sideEffects: None
    admissionReviewVersions:
      - v1
    clientConfig:
      service:
        namespace: ingress-nginx
        name: ingress-nginx-controller-admission
        path: /networking/v1/ingresses
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ingress-nginx-admission
  namespace: ingress-nginx
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ingress-nginx-admission
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
rules:
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
    verbs:
      - get
      - update
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ingress-nginx-admission
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
subjects:
  - kind: ServiceAccount
    name: ingress-nginx-admission
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ingress-nginx-admission
  namespace: ingress-nginx
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
rules:
  - apiGroups:
      - ''
    resources:
      - secrets
    verbs:
      - get
      - create
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ingress-nginx-admission
  namespace: ingress-nginx
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
subjects:
  - kind: ServiceAccount
    name: ingress-nginx-admission
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
  annotations:
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
spec:
  template:
    metadata:
      name: ingress-nginx-admission-create
      labels:
        helm.sh/chart: ingress-nginx-4.0.1
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/version: 1.0.0
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: admission-webhook
    spec:
      containers:
        - name: create
          image: registry.cn-beijing.aliyuncs.com/kole_chang/kube-webhook-certgen:v1.0
          imagePullPolicy: IfNotPresent
          args:
            - create
            - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
            - --namespace=$(POD_NAMESPACE)
            - --secret-name=ingress-nginx-admission
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
      restartPolicy: OnFailure
      serviceAccountName: ingress-nginx-admission
      nodeSelector:
        kubernetes.io/os: linux
      securityContext:
        runAsNonRoot: true
        runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
  annotations:
    helm.sh/hook: post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-4.0.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
spec:
  template:
    metadata:
      name: ingress-nginx-admission-patch
      labels:
        helm.sh/chart: ingress-nginx-4.0.1
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/version: 1.0.0
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: admission-webhook
    spec:
      containers:
        - name: patch
          image: registry.cn-beijing.aliyuncs.com/kole_chang/kube-webhook-certgen:v1.0
          imagePullPolicy: IfNotPresent
          args:
            - patch
            - --webhook-name=ingress-nginx-admission
            - --namespace=$(POD_NAMESPACE)
            - --patch-mutating=false
            - --secret-name=ingress-nginx-admission
            - --patch-failure-policy=Fail
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
      restartPolicy: OnFailure
      serviceAccountName: ingress-nginx-admission
      nodeSelector:
        kubernetes.io/os: linux
      securityContext:
        runAsNonRoot: true
        runAsUser: 2000
        
        
        
 #驗(yàn)證
 root@k8s-master1:/app/yaml/ingress# kubectl get pod -n ingress-nginx
NAME                                      READY   STATUS      RESTARTS       AGE
ingress-nginx-admission-create--1-9p52c   0/1     Completed   0              26h
ingress-nginx-admission-patch--1-mhbl8    0/1     Completed   1              26h
ingress-nginx-controller-74ngs            1/1     Running     1 (19h ago)    26h
ingress-nginx-controller-dcql8            1/1     Running     1 (4h7m ago)   26h
ingress-nginx-controller-nd555            1/1     Running     2 (19h ago)    26h
ingress-nginx-controller-wtb4f            1/1     Running     1 (19h ago)    26h
ingress-nginx-controller-x7c9l            1/1     Running     1 (19h ago)    26h

10.3.2 部署tomcat服務(wù)

root@k8s-master1:/app/yaml/ingress# cat tomcat-app1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: webwork-tomcat-app1-deploy-label
  name: webwork-tomcat-app1-deploy
  namespace: webwork
spec:
  replicas: 1
  selector:
    matchLabels:
      app: webwork-tomcat-app1
  template:
    metadata:
      labels:
        app: webwork-tomcat-app1
    spec:
      containers:
      - name: webwork-tomcat-app1-container
        image: harbor.qiange.com/tomcat/tomcat-app1:v1
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
          protocol: TCP
          name: http
        env:
        - name: "password"
          value: "123456"
        - name: "name"
          value: "wengsq"
        - name: "age"
          value: "18"
        resources:
          limits:
            cpu: 1
            memory: "512Mi"
          requests:
            cpu: 500m
            memory: "512Mi"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: webwork-tomcat-app1-service-label
  name: webwork-tomcat-app1-service
  namespace: webwork
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
    nodePort: 30066
  selector:
    app: webwork-tomcat-app1

root@k8s-master1:/app/yaml/ingress# cat tomcat-app2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: webwork-tomcat-app2-deploy-label
  name: webwork-tomcat-app2-deploy
  namespace: webwork
spec:
  replicas: 1
  selector:
    matchLabels:
      app: webwork-tomcat-app2
  template:
    metadata:
      labels:
        app: webwork-tomcat-app2
    spec:
      containers:
      - name: webwork-tomcat-app1-container
        image: harbor.qiange.com/tomcat/tomcat-app2:v1
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
          protocol: TCP
          name: http
        env:
        - name: "password"
          value: "123456"
        - name: "name"
          value: "wengsq"
        - name: "age"
          value: "18"
        resources:
          limits:
            cpu: 1
            memory: "512Mi"
          requests:
            cpu: 500m
            memory: "512Mi"
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: webwork-tomcat-app2-service-label
  name: webwork-tomcat-app2-service
  namespace: webwork
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
    nodePort: 30067
  selector:
    app: webwork-tomcat-app2

#驗(yàn)證
root@k8s-master1:/app/yaml/ingress# kubectl get pod -n webwork -o wide
webwork-nginx-app1-deploy-68f5f5588c-zsr8d    1/1     Running   0               3h43m   10.200.107.252   172.17.1.109   <none>           <none>
webwork-nginx-app2-deploy-8699cb49dd-s7s87    1/1     Running   0               3h43m   10.200.36.84     172.17.1.107   <none>           <none>
webwork-tomcat-app1-deploy-854545898b-j7b9q   1/1     Running   0               147m    10.200.107.197   172.17.1.109   <none>           <none>
webwork-tomcat-app2-deploy-75bc95cc54-vznlw   1/1     Running   0               146m    10.200.107.198   172.17.1.109   <none>           <none>

root@k8s-master1:/app/yaml/ingress# kubectl get svc -n webwork
NAME                          TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
webwork-nginx-app1-service    NodePort   10.100.188.84    <none>        80:30068/TCP   3h41m
webwork-nginx-app2-service    NodePort   10.100.157.154   <none>        80:30069/TCP   3h40m
webwork-tomcat-app1-service   NodePort   10.100.128.159   <none>        80:30066/TCP   144m
webwork-tomcat-app2-service   NodePort   10.100.123.243   <none>        80:30067/TCP   143m

root@k8s-master1:/app/yaml/ingress# kubectl get ep -n webwork
NAME                          ENDPOINTS             AGE
webwork-nginx-app1-service    10.200.107.252:80     3h44m
webwork-nginx-app2-service    10.200.36.84:80       3h43m
webwork-tomcat-app1-service   10.200.107.197:8080   147m
webwork-tomcat-app2-service   10.200.107.198:8080   147m


#進(jìn)入pod中驗(yàn)證svc是否配置成功
root@k8s-master1:/app/yaml/ingress# kubectl exec -it webwork-tomcat-app1-deploy-854545898b-j7b9q sh -n webwork
sh-4.2# curl webwork-tomcat-app2-service.webwork.svc.cluster.local/app2/index.jsp
<h1>This is  tomcat app2 web page</h1>

#測(cè)試tomcat服務(wù)是否能被訪問
root@k8s-master1:/app/yaml/ingress# curl 172.17.1.88:30066/app1/index.jsp
<h1>This is  tomcat app1 web page</h1>
root@k8s-master1:/app/yaml/ingress# curl 172.17.1.88:30067/app2/index.jsp
<h1>This is  tomcat app2 web page</h1>

1.4Ingress實(shí)驗(yàn)

1.4.1 單tomcat主機(jī)配置

root@k8s-master1:/app/yaml/ingress# cat ingress-tomcat1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: webwork
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的類型
    nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定義的path可以使用正則表達(dá)式
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##連接超時(shí)時(shí)間,默認(rèn)為5s
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服務(wù)器回轉(zhuǎn)數(shù)據(jù)超時(shí)時(shí)間,默認(rèn)為60s
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服務(wù)器響應(yīng)超時(shí)時(shí)間,默認(rèn)為60s
    nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客戶端上傳文件，最大大小，默認(rèn)為20m
    #nginx.ingress.kubernetes.io/rewrite-target: / ##URL重寫
    nginx.ingress.kubernetes.io/app-root: /index.html 
spec:
  rules:
  - host: www.wengsq.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webwork-tomcat-app1-service
            port:
              number: 80
              
root@k8s-master1:/app/yaml/ingress# kubectl apply -f ingress-tomcat1.yaml
ingress.networking.k8s.io/nginx-web created
root@k8s-master1:/app/yaml/ingress# kubectl get ingress -n webwork   #一般要等幾十秒IP才能獲取到
NAME        CLASS    HOSTS            ADDRESS   PORTS   AGE
nginx-web   <none>   www.wengsq.com             80      7s
root@k8s-master1:/app/yaml/ingress# kubectl get ingress -n webwork
NAME        CLASS    HOSTS            ADDRESS                                                            PORTS   AGE
nginx-web   <none>   www.wengsq.com   172.17.1.101,172.17.1.102,172.17.1.103,172.17.1.107,172.17.1.109   80      9s

#驗(yàn)證
root@k8s-master1:/app/yaml/ingress# curl www.wengsq.com/app1/index.jsp
<h1>This is  tomcat app1 web page</h1>

1.4.2 多個(gè)tomcat主機(jī)配置

root@k8s-master1:/app/yaml/ingress# cat ingress-tomcat2.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: webwork
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的類型
    nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定義的path可以使用正則表達(dá)式
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##連接超時(shí)時(shí)間,默認(rèn)為5s
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服務(wù)器回轉(zhuǎn)數(shù)據(jù)超時(shí)時(shí)間,默認(rèn)為60s
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服務(wù)器響應(yīng)超時(shí)時(shí)間,默認(rèn)為60s
    nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客戶端上傳文件，最大大小，默認(rèn)為20m
    nginx.ingress.kubernetes.io/app-root: /index.html
spec:
  rules:
  - host: www.wengsq.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webwork-tomcat-app1-service
            port:
              number: 80
  - host: app.wengsq.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webwork-tomcat-app2-service
            port:
              number: 80

1.4.3 根據(jù)URL匹配service

root@k8s-master1:/app/yaml/ingress# cat ingress-tomcat3.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tomcat-web
  namespace: webwork
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的類型
    nginx.ingress.kubernetes.io/use-regex: "true" ##指定后面rules定義的path可以使用正則表達(dá)式
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" ##連接超時(shí)時(shí)間,默認(rèn)為5s
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600" ##后端服務(wù)器回轉(zhuǎn)數(shù)據(jù)超時(shí)時(shí)間,默認(rèn)為60s
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ##后端服務(wù)器響應(yīng)超時(shí)時(shí)間,默認(rèn)為60s
    nginx.ingress.kubernetes.io/proxy-body-size: "50m" ##客戶端上傳文件，最大大小，默認(rèn)為20m
    nginx.ingress.kubernetes.io/app-root: /index.html
#    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: app.wsq.com
    http:
      paths:
      - pathType: Prefix
        path: "/app1"
        backend:
          service:
            name: webwork-tomcat-app1-service
            port:
              number: 80
      - pathType: Prefix
        path: "/app2"
        backend:
          service:
            name: webwork-tomcat-app2-service
            port:
              number: 80
  
#驗(yàn)證
root@k8s-master1:/app/yaml/ingress# kubectl get ingress -n webwork
NAME         CLASS    HOSTS            ADDRESS                                                            PORTS   AGE
nginx-web    <none>   www.wengsq.com   172.17.1.101,172.17.1.102,172.17.1.103,172.17.1.107,172.17.1.109   80      8m8s
tomcat-web   <none>   app.wsq.com      172.17.1.101,172.17.1.102,172.17.1.103,172.17.1.107,172.17.1.109   80      34s
root@k8s-master1:/app/yaml/ingress# curl app.wsq.com/app2/index.jsp
<h1>This is  tomcat app2 web page</h1>
root@k8s-master1:/app/yaml/ingress# curl app.wsq.com/app1/index.jsp
<h1>This is  tomcat app1 web page</h1>

1.4.4 單域名SSL證書掛載

#簽發(fā)證書
root@k8s-master1:/app/yaml/ingress# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt
root@k8s-master1:/app/yaml/ingress# ll
total 80
drwxr-xr-x 2 root root  4096 Feb 20 12:04 ./
drwxr-xr-x 9 root root   107 Feb 19 10:15 ../
-rw-r--r-- 1 root root  1245 Feb 20 11:45 tls.crt  #簽發(fā)的證書
-rw------- 1 root root  1704 Feb 20 11:45 tls.key

#進(jìn)行secret資源存儲(chǔ)
root@k8s-master1:/app/yaml/ingress#kubectl create secret tls tls-secret --key tls.key --cert tls.crt -n webwork
#驗(yàn)證
root@k8s-master1:/app/yaml/ingress# kubectl get secrets -n webwork
NAME                  TYPE                                  DATA   AGE
default-token-lvmvm   kubernetes.io/service-account-token   3      26d
tls-secret            kubernetes.io/tls                     2      117m
root@k8s-master1:/app/yaml/ingress# kubectl describe secrets tls-secret -n webwork
Name:         tls-secret
Namespace:    webwork
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/tls

Data
====
tls.crt:  1245 bytes
tls.key:  1704 bytes

#配置單域名SSL證書掛載
root@k8s-master1:/app/yaml/ingress# cat ingress-https-tomcat1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: webwork
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的類型
    nginx.ingress.kubernetes.io/ssl-redirect: 'true' #SSL重定向，即將http請(qǐng)求強(qiáng)制重定向至https，等于nginx中的全站https
spec:
  tls:
  - hosts:
    - ttt.wengsq.com
    secretName: tls-secret

  rules:
  - host: ttt.wengsq.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webwork-tomcat-app1-service
            port:
              number: 80

1.4.5 多域名SSL證書掛載

root@k8s-master1:/app/yaml/ingress# cat ingress-https-tomcat2.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web
  namespace: webwork
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的類型
    nginx.ingress.kubernetes.io/ssl-redirect: 'true' #SSL重定向，即將http請(qǐng)求強(qiáng)制重定向至https，等于nginx中的全站https
spec:
  tls:
  - hosts:
    - ttt.wengsq.com
    - aaa.wengsq.com
    secretName: tls-secret

  rules:
  - host: ttt.wengsq.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webwork-tomcat-app1-service
            port:
              number: 80
  - host: aaa.wengsq.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: webwork-tomcat-app2-service
            port:
              number: 80

總結(jié)：

1、當(dāng)Ingress訪問域名出現(xiàn)問題時(shí)，進(jìn)入某個(gè)pod，curl 后端SVC看能否訪問：curl svc-name.namespace.svc.cluster.local

2、Ingress配置根據(jù)URL匹配后端service時(shí)要注意重定向文章來源地址http://www.zghlxwxcb.cn/news/detail-833162.html

到了這里，關(guān)于【云原生系列之kubernetes】--Ingress使用的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！

本文來自互聯(lián)網(wǎng)用戶投稿，該文觀點(diǎn)僅代表作者本人，不代表本站立場(chǎng)。本站僅提供信息存儲(chǔ)空間服務(wù)，不擁有所有權(quán)，不承擔(dān)相關(guān)法律責(zé)任。如若轉(zhuǎn)載，請(qǐng)注明出處：如若內(nèi)容造成侵權(quán)/違法違規(guī)/事實(shí)不符，請(qǐng)點(diǎn)擊違法舉報(bào)進(jìn)行投訴反饋，一經(jīng)查實(shí)，立即刪除！

分享到：

領(lǐng)支付寶紅包贊助服務(wù)器費(fèi)用

【云原生 | Kubernetes 系列】K8s 實(shí)戰(zhàn) 如何給應(yīng)用注入數(shù)據(jù) II 將pod數(shù)據(jù)傳遞給容器
在上一篇文章中，我們學(xué)習(xí)了針對(duì)容器設(shè)置啟動(dòng)時(shí)要執(zhí)行的命令和參數(shù)、定義相互依賴的環(huán)境變量、為容器設(shè)置環(huán)境變量，三種設(shè)置方式，本篇文章，我們將繼續(xù)學(xué)習(xí)數(shù)據(jù)的傳遞。有兩種方式可以將 Pod 和 Container 字段傳遞給運(yùn)行中的容器：環(huán)境變量卷文件這兩種呈現(xiàn) Pod
2024年01月25日
瀏覽(526)
容器和云原生（三）：kubernetes搭建與使用
? ? ? ? 目錄單機(jī)K8S docker containerd image依賴 kubeadm初始化驗(yàn)證 crictl工具 K8S核心組件上文安裝單機(jī)docker是很簡(jiǎn)單docker，但是生產(chǎn)環(huán)境需要多個(gè)主機(jī)，主機(jī)上啟動(dòng)多個(gè)docker容器，相同容器會(huì)綁定形成1個(gè)服務(wù)service，微服務(wù)場(chǎng)景中多個(gè)service會(huì)互相調(diào)用，那么就需要保證多個(gè)servi
2024年02月11日
瀏覽(28)
【kubernetes系列】Kubernetes之Ingress
從前面的學(xué)習(xí)，我們可以了解到Kubernetes暴露服務(wù)的方式目前常見的只有三種：LoadBlancer Service、NodePort Service、Ingress；而我們需要將集群內(nèi)服務(wù)提供外界訪問就會(huì)面臨以下幾個(gè)問題： Pod 漂移問題 Kubernetes 具有強(qiáng)大的副本控制能力，能保證在任意副本（Pod）掛掉時(shí)自動(dòng)啟動(dòng)一個(gè)
2024年02月16日
瀏覽(21)
Kubernetes系列-Ingress
Kubernetes 對(duì)外暴露服務(wù)（Service）主要有兩種方式： NodePort ， LoadBalance ，此外? externalIps ?也可以使各類 service 對(duì)外提供服務(wù)，但是當(dāng)集群服務(wù)很多的時(shí)候，NodePort方式最大的缺點(diǎn)是會(huì)占用很多集群機(jī)器的端口；LB方式最大的缺點(diǎn)則是每個(gè)Service一個(gè)LB又有點(diǎn)浪費(fèi)和麻煩，并且需
2024年02月14日
瀏覽(18)
【云原生】kubernetes在Pod中init容器的作用和使用
目錄 Pod 中 init 容器 1 init 容器特點(diǎn) 2 使用 init 容器 Pod 中 init 容器 Init 容器是一種特殊容器，在Pod 內(nèi)的應(yīng)用容器啟動(dòng)之前運(yùn)行。Init 容器可以包括一些應(yīng)用鏡像中不存在的實(shí)用工具和安裝腳本。 1 init 容器特點(diǎn) init 容器與普通的容器非常像，除了如下幾點(diǎn)：它們總是運(yùn)行到完
2024年02月14日
瀏覽(31)
云原生之深入解析Kubernetes中如何使用臨時(shí)容器進(jìn)行故障排查
容器及其周圍的生態(tài)系統(tǒng)改變了工程師部署、維護(hù)和排查工作負(fù)載故障的方式。但是，在 Kubernetes 集群上調(diào)試應(yīng)用程序有時(shí)可能會(huì)很困難，因?yàn)榭赡茉谌萜髦姓也坏剿璧恼{(diào)試工具。許多工程師使用基于精簡(jiǎn)、發(fā)行版構(gòu)建無(wú)發(fā)行版的基礎(chǔ)鏡像，其中甚至沒有包管理器或shell，
2024年02月05日
瀏覽(28)
云原生之深入解析如何正確計(jì)算Kubernetes容器CPU使用率
使用 Prometheus 配置 kubernetes 環(huán)境中 Container 的 CPU 使用率時(shí)，會(huì)經(jīng)常遇到 CPU 使用超出 100%，現(xiàn)在來分析一下： container_spec_cpu_period：當(dāng)對(duì)容器進(jìn)行 CPU 限制時(shí)，CFS 調(diào)度的時(shí)間窗口，又稱容器 CPU 的時(shí)鐘周期通常是 100000 微秒 container_spec_cpu_quota：是指容器的使用 CPU 時(shí)間周期總量
2024年02月10日
瀏覽(37)
云原生Kubernetes系列 | Job和CronJob使用
?? Kubernetes官網(wǎng)-Job和CronJob使用手冊(cè) ?? 傳統(tǒng)運(yùn)行的pod，比如 Deployment 管理的Pod，或手工管理的Pod，只要?jiǎng)?chuàng)建好Pod該P(yáng)od會(huì)一致運(yùn)行下去。Pod里面運(yùn)行的是一個(gè) daemon 守護(hù)進(jìn)程。Pod沒有問題的情況下可以長(zhǎng)期運(yùn)行。 ?? 但有時(shí)候想臨時(shí)做一件事情，比如測(cè)試等，執(zhí)行個(gè)腳本等
2024年02月03日
瀏覽(20)
【kubernetes系列】k8s ingress配置websocket支持
背景：公司的后端同事在代碼調(diào)試過程中需要上傳一個(gè)文件，調(diào)用的websocket接口瀏覽器上傳文件一直卡主，通過瀏覽器調(diào)試模式發(fā)現(xiàn)無(wú)法正常獲取websocket的連接 websocket的接口訪問可以通過wscat命令（需單獨(dú)安裝）測(cè)試。瀏覽器訪問報(bào)錯(cuò)如下： WebSocket connection to ‘ws://*******
2024年02月06日
瀏覽(27)
【云原生 | Kubernetes 系列】K8s 實(shí)戰(zhàn) 使用 Kustomize 對(duì) Kubernetes 對(duì)象進(jìn)行聲明式管理
Kustomize 是一個(gè)用來定制 Kubernetes 配置的工具。它提供以下功能特性來管理應(yīng)用配置文件：從其他來源生成資源為資源設(shè)置貫穿性（Cross-Cutting）字段組織和定制資源集合 ConfigMap 和 Secret 包含其他 Kubernetes 對(duì)象（如 Pod）所需要的配置或敏感數(shù)據(jù)。 ConfigMap 或 Secret 中數(shù)據(jù)的來
2024年01月17日
瀏覽(103)