Bootstrap

Linux——K8s集群实现外部访问(Ingress)

环境:

masternode01node02
192.168.1.40192.168.1.41192.168.1.42

Ingress

作用:Ingress 是对集群中服务的外部访问进行管理的 API 对象。

在这里插入图片描述

1.创建deployment

PS:创建nginx和httpd

[root@master yaml]# vim nginx.yaml

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: nginx
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app:  nginx
    spec:
      containers:
      - name: nginx
        image:  nginx
---
kind: Service
apiVersion: v1
metadata:
  name: nginx-svc
spec: 
  selector:
    app:  nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    
[root@master yaml]# kubectl  apply  -f  nginx.yaml 
deployment.extensions/nginx created
service/nginx-svc created

[root@master yaml]# vim httpd.yaml

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: httpd
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app:  httpd
    spec:
      containers:
      - name: httpd
        image:  httpd
---
kind: Service
apiVersion: v1
metadata:
  name: httpd-svc
spec: 
  selector:
    app:  httpd
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

[root@master yaml]# kubectl  apply  -f  httpd.yaml  
deployment.extensions/httpd created
service/httpd-svc created
[root@master yaml]# kubectl  get deployments.
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
httpd   3/3     3            3           117s
nginx   3/3     3            3           3m10s
[root@master yaml]# kubectl  get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
httpd-svc    ClusterIP   10.97.134.80   <none>        80/TCP    2m1s
nginx-svc    ClusterIP   10.96.37.85    <none>        80/TCP    3m14s

2.部署Ingress

2.1 下载Ingress文件

[root@master yaml]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.35.0/deploy/static/provider/baremetal/deploy.yaml

2.2 修改yaml文件

[root@master yaml]# vim deploy.yaml
......
spec:
      hostNetwork:  true   #本地网络访问
      dnsPolicy: ClusterFirst
      containers:
        - name: controller
          image: registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.30.0
          imagePullPolicy: IfNotPresent
......
[root@master yaml]# kubectl  apply  -f  deploy.yaml

2.3 查看

PS:namespace为ingress-nginx

[root@master yaml]# kubectl get pod -o wide -n ingress-nginx 
NAME                                        READY   STATUS      RESTARTS   AGE     IP             NODE     NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-qqjz2        0/1     Completed   0          3m30s   10.244.1.9     node02   <none>           <none>
ingress-nginx-admission-patch-7xkk8         0/1     Completed   0          3m30s   10.244.2.7     node01   <none>           <none>
ingress-nginx-controller-6584bf6bc8-hj9zk   1/1     Running     0          3m30s   192.168.1.41   node01   <none>           <none>

[root@master yaml]# kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.97.134.37    <none>        80:31126/TCP,443:31537/TCP   3m23s
ingress-nginx-controller-admission   ClusterIP   10.96.170.183   <none>        443/TCP                      3m23s

2.4 查看Ingress-nginx-controller容器内部详情

PS:它现在已经有一个模板,用来描述Ingress资源能够收集到的信息了

[root@master yaml]# kubectl  exec  -it -n ingress-nginx ingress-nginx-controller-6584bf6bc8-hj9zk sh
/etc/nginx $ cat nginx.conf
......
location / {
			
			set $namespace      "";
			set $ingress_name   "";
			set $service_name   "";
			set $service_port   "";
			set $location_path  "/";
......

3.基于httpd的访问

3.1 创建对应的Ingress规则

[root@master yaml]# vim ingress-httpd.yaml

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name:  web-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: wwww.ingress.com
    http:
      paths:
      - path: /nginx
        backend:
          serviceName:  nginx-svc
          servicePort:  80
      - path: /httpd
        backend:
          serviceName:  httpd-svc
          servicePort:  80

[root@master yaml]# kubectl  apply  -f  ingress-httpd.yaml 
ingress.extensions/web-ingress created

3.2 查看对应规则的详细信息

[root@master yaml]#  kubectl  describe  ingresses. web-ingress
Name:             web-ingress
Namespace:        default
Address:          192.168.1.41
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host             Path  Backends
  ----             ----  --------
  web.ingress.com  
                   /nginx   nginx-svc:80 (10.244.1.2:80,10.244.2.2:80,10.244.2.3:80)
                   /httpd   httpd-svc:80 (10.244.1.3:80,10.244.1.4:80,10.244.2.4:80)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"web-ingress","namespace":"default"},"spec":{"rules":[{"host":"web.ingress.com","http":{"paths":[{"backend":{"serviceName":"nginx-svc","servicePort":80},"path":"/nginx"},{"backend":{"serviceName":"httpd-svc","servicePort":80},"path":"/httpd"}]}}]}}

  nginx.ingress.kubernetes.io/rewrite-target:  /
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  50s   nginx-ingress-controller  Ingress default/web-ingress
  Normal  UPDATE  3s    nginx-ingress-controller  Ingress default/web-ingress

3.3 查看Ingress-nginx-controller容器内部详情

[root@master yaml]# kubectl  exec  -it -n ingress-nginx ingress-nginx-controller-6584bf6bc8-hj9zk sh
/etc/nginx $ cat nginx.conf
......
	location ~* "^/nginx" {
			
			set $namespace      "default";
			set $ingress_name   "web-ingress";
			set $service_name   "nginx-svc";
			set $service_port   "80";
			set $location_path  "/nginx";
......
	location ~* "^/httpd" {
			
			set $namespace      "default";
			set $ingress_name   "web-ingress";
			set $service_name   "httpd-svc";
			set $service_port   "80";
			set $location_path  "/httpd";
......

3.4 访问

PS:有DNS的话可以设置解析,没有的话必须在host文件下添加域名解析才可访问

windows:C:\Windows\System32\drivers\etc\

linux:/etc/hosts

[root@client ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.41 wwww.ingress.com 

在这里插入图片描述
在这里插入图片描述

4.基于http实现虚拟机主机的访问

4.1创建Ingress规则

[root@master yaml]# vim ingress.yaml 

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: ingress1
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: ingress1.web.io
    http:
      paths:
      - path: /nginx
        backend:
          serviceName: nginx-svc
          servicePort: 80
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: ingress2
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: ingress2.web.io
    http:
      paths:
      - path: /httpd
        backend:
          serviceName: httpd-svc
          servicePort: 80

[root@master yaml]# kubectl  apply  -f  ingress.yaml 
ingress.extensions/ingress1 created
ingress.extensions/ingress2 created

4.2 查看对应的Ingress规则

[root@master yaml]# kubectl  describe  ingresses. ingress1 
Name:             ingress1
Namespace:        default
Address:          192.168.1.41
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host             Path  Backends
  ----             ----  --------
  ingress1.web.io  
                   /nginx   nginx-svc:80 (10.244.1.2:80,10.244.2.2:80,10.244.2.3:80)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"ingress1","namespace":"default"},"spec":{"rules":[{"host":"ingress1.web.io","http":{"paths":[{"backend":{"serviceName":"nginx-svc","servicePort":80},"path":"/nginx"}]}}]}}

  nginx.ingress.kubernetes.io/rewrite-target:  /
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  71s   nginx-ingress-controller  Ingress default/ingress1
  Normal  UPDATE  39s   nginx-ingress-controller  Ingress default/ingress1
[root@master yaml]# kubectl  describe  ingresses. ingress2
Name:             ingress2
Namespace:        default
Address:          192.168.1.41
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host             Path  Backends
  ----             ----  --------
  ingress2.web.io  
                   /httpd   httpd-svc:80 (10.244.1.3:80,10.244.1.4:80,10.244.2.4:80)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"ingress2","namespace":"default"},"spec":{"rules":[{"host":"ingress2.web.io","http":{"paths":[{"backend":{"serviceName":"httpd-svc","servicePort":80},"path":"/httpd"}]}}]}}

  nginx.ingress.kubernetes.io/rewrite-target:  /
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  73s   nginx-ingress-controller  Ingress default/ingress2
  Normal  UPDATE  41s   nginx-ingress-controller  Ingress default/ingress2

4.3 访问

[root@node02 ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.41 ingress1.web.io  ingress2.web.io

在这里插入图片描述
在这里插入图片描述

5.基于https的访问

5.1 创建证书

[root@master yaml]# mkdir https
[root@master yaml]# cd https/
[root@master https]# openssl  req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
Generating a 2048 bit RSA private key
.......................................+++
.....................................................+++
writing new private key to 'tls.key'
-----
[root@master https]# ls
tls.crt  tls.key

5.2 用secret创建资源,将证书保存到k8s集群中

[root@master https]# kubectl  create  secret  tls tls-secret --key=tls.key --cert tls.crt 
secret/tls-secret created

5.3 创建Deployment和对应Ingress规则

[root@master https]# vim deploy.yaml 

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: httpds
spec:
  replicas: 2
  template: 
    metadata:
      labels:
        app:  httpd
    spec:
      containers:
      - name: httpd
        image:  httpd
---
kind: Service
apiVersion: v1
metadata:
  name: httpdsvc-1
spec:
  selector: 
    app:  httpd
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80 
[root@master https]# kubectl  apply  -f  deploy.yaml 
deployment.extensions/httpds created
service/httpdsvc-1 created
[root@master https]# vim ingress.yaml

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: https
spec:
  tls:
    - hosts:
      - ingress.httpd.com
      secretName: tls-secret
  rules:
  - host: ingress.httpd.com
    http:
      paths:
      - path: /
        backend:
          serviceName: httpdsvc-1
          servicePort: 80

[root@master https]# kubectl  apply  -f  ingress.yaml 
ingress.extensions/https created

5.4 访问

[root@node02 ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.41 ingress1.web.io  ingress2.web.io  ingress.httpd.com

在这里插入图片描述
在这里插入图片描述

;