k8s之ingress-nginx详解和部署方案
介绍
Ingress是一个Kubernetes对象,用于管理和公开Kubernetes集群中服务的路由规则。 Ingress不会提供自己的实际负载均衡,相反,它需要一个后端负载均衡器来实现实际路由。
Nginx是一个流行的Web服务器和反向代理服务器。nginx-ingress-controller是一个开源的Ingress控制器,它使用Nginx作为后端负载均衡器。
部署nginx-ingress-controller
部署一个nginx-ingress-controller,需要执行以下步骤:
- 部署使用RBAC的ingress-controller:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: default
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
containers:
- name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --annotations-prefix=nginx.ingress.kubernetes.io
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- Service部署使用:
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-controller
namespace: default
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXX:certificate/XXXXXXX-XXXXXXX-XXXXXXX
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
- 部署所需的ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configuration
data:
ssl-protocols: TLSv1.2 TLSv1.3
部署Ingress
在部署Ingress之前,必须将Ingress控制器作为Kubernetes集群的一部分进行部署,如上。接下来,通过创建Ingress对象来将服务公开。假设有一个名为my-service的服务,可以使用以下Ingress对象将其公开:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-service
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /my-path
pathType: Prefix
backend:
service:
name: my-service
port:
name: http
上面的Ingress对象:
- 接受来自example.com主机的请求。
- 匹配example.com/my-path路径的请求。
- 重写请求的路径以删除/my-path前缀。
- 将请求路由到名为my-service的服务。
示例
1. 部署Ingress
创建Deployment:
apiVersion: v1
kind: Pod
metadata:
name: hello-world-1
labels:
app: hello-world-1
spec:
containers:
- name: hello-world-1
image: gcr.io/google-samples/hello-app:1.0
ports:
- containerPort: 8080
创建Service:
apiVersion: v1
kind: Service
metadata:
name: hello-world-1
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: hello-world-1
创建Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-1
spec:
rules:
- host: hello-world-1.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hello-world-1
port:
name: http
2. 部署多条Ingress
创建Deployment:
apiVersion: v1
kind: Pod
metadata:
name: hello-world-2
labels:
app: hello-world-2
spec:
containers:
- name: hello-world-2
image: gcr.io/google-samples/hello-app:1.0
ports:
- containerPort: 8080
创建Service:
apiVersion: v1
kind: Service
metadata:
name: hello-world-2
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: hello-world-2
创建Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world
spec:
rules:
- host: hello-world.example.com
http:
paths:
- path: /hello-world-1
pathType: Prefix
backend:
service:
name: hello-world-1
port:
name: http
- path: /hello-world-2
pathType: Prefix
backend:
service:
name: hello-world-2
port:
name: http
以上Ingress定义中,根据不同的请求路径,将请求路由到相应的服务中。可以通过访问http://hello-world.example.com/hello-world-1和http://hello-world.example.com/hello-world-2测试是否工作正常。
注意:不同的Ingress对象需要不同的主机名,并且每个主机名都需要在DNS中解析为Ingress控制器的IP地址。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:k8s之ingress-nginx详解和部署方案 - Python技术站
微信扫一扫 
支付宝扫一扫 