标签:tle 平台 one address 配置 ken 好文 led conf
这是容器云平台第四篇,接上一篇继续,本文紧贴第一篇架构图,只介绍Ingress,其余的后续再详细说。。
Ingress 是对集群中服务的外部访问进行管理的 API 对象,典型的访问方式是 HTTP,当然TCP也是可以管理滴。
Ingress 可以提供负载均衡、SSL 终结和基于域名的虚拟托管。
大白话就是:把kubernetes集群生部署的服务暴露出来,让集群外部的用户或者服务能访问到。
能为kubernetes提供ingress的控制器很多,本文就用基于HAProxy的控制器:Haproxy Ingreess。
HAProxy是一个快速可靠的TCP和HTTP反向代理和负载均衡器。
当然,一个kubernetes集群也可以同时部署多种ingress控制器。
HAProxy Ingress 通过监控Kubernetes API,获取services后端的pod状态,动态更新haproxy的配置文件,以实现负载均衡。
它允许每个代理每秒有数千个请求,不管集群的大小,具有非常低的延迟。
简单做个介绍,接下来开始实战。
wget https://haproxy-ingress.github.io/resources/haproxy-ingress.yamlrbac.authorization.k8s.io/v1beta1 改为rbac.authorization.k8s.io/v1,如果不修改会有Warning,但是目前不影响kubectl apply -f haproxy-ingress.yaml
[root@k8s-master001 opt]# kubectl apply -f haproxy-ingress.yaml
namespace/ingress-controller created
serviceaccount/ingress-controller created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/ingress-controller created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/ingress-controller created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/ingress-controller created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/ingress-controller created
configmap/haproxy-ingress created
daemonset.apps/haproxy-ingress created查看部署状态
[root@k8s-master001 opt]# kubectl get all -n ingress-controller
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/haproxy-ingress 0 0 0 0 0 role=ingress-controller 6m2s什么鬼,为什么没有haproxy相关的pod呢?
role=ingress-controller
[root@k8s-master001 opt]# kubectl label node k8s-master003 role=ingress-controller
node/k8s-master003 labeled再来查看下,已经有haproxy-ingress-6mfqr,状态为Running,表示已经部署好了,是不是so easy~~~
[root@k8s-master001 opt]# kubectl get all -n ingress-controlle
NAME READY STATUS RESTARTS AGE
pod/haproxy-ingress-6mfqr 1/1 Running 1 2m40s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/haproxy-ingress 1 1 1 1 1 role=ingress-controller 18m这里使用上一篇部署的nginx作为示例,部署上篇,现在查看下nginx状态
[root@k8s-master001 ~]# kubectl get po,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-0 1/1 Running 0 32h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d2h
service/nginx NodePort 10.106.27.213 <none> 80:30774/TCP 32h可以看到有一个名为nginx的service
[root@k8s-master001 ~]# cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx
annotations:
kubernetes.io/ingress.class: haproxy
spec:
rules:
- host: nginx.ieasou.cn
http:
paths:
- path: /
backend:
serviceName: nginx
servicePort: 80执行部署,会有个Warning,因为kubernetes apiVersion更新,以后会不在支持extensions/v1beta1,这里不影响,先忽略。
[root@k8s-master001 ~]# kubectl apply -f ingress.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/nginx configured查看部署结果
[root@k8s-master001 ~]# kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
nginx <none> nginx.test.cn 80 21m现在,需要自己把nginx.test.cn解析到haproxy-ingresss所在节点的IP,本文haproxy-ingresss部署到了master003(10.26.25.22)
测试的话,直接修改/etc/hosts文件,然后可以访问nginx.test.cn
[root@k8s-master001 ~]# curl -I nginx.text.cn
HTTP/1.1 200 OK
server: nginx/1.19.2
date: Sat, 12 Sep 2020 12:40:01 GMT
content-type: text/html
content-length: 612
last-modified: Tue, 11 Aug 2020 14:50:35 GMT
etag: "5f32b03b-264"
accept-ranges: bytes
strict-transport-security: max-age=15768000从结果可以看到,返回状态码,说明可以访问到部署的nginx服务了。
注:文中图片来源于网络,如有侵权,请联系我及时删除。
Tips: 更多好文章,请关注公*号“菜鸟运维杂谈”!!!
容器云平台No.4~kubernetes 服务暴露之Ingress
标签:tle 平台 one address 配置 ken 好文 led conf
原文地址:https://blog.51cto.com/1648324/2536249
