专注方向:
自动化流程服务
it咨询
it在线教学
doc
https://kubernetes.io/docs/concepts/services-networking/ingress/
介绍
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.
ingress 暴露了 从 外部 到 集群 内部服务 的 http/https 路由。 流量路由被 ingress 资源定义的规则所控制。
必要条件
You must have an Ingress controller to satisfy an Ingress. Only creating an Ingress resource has no effect.
You may need to deploy an Ingress controller such as ingress-nginx. You can choose from a number of Ingress controllers.
Ideally, all Ingress controllers should fit the reference specification. In reality, the various Ingress controllers operate slightly differently.
你必须拥有一个 ingress 控制器 去满足一个ingress。 仅仅创建一个 ingress 资源 是没有作用的。
你可能 需要部署一个 ingress 控制器, 比如 ingress-nginx。 你能选择一系列的ingress 控制器。
理想情况中,所有的 ingress 控制器 都必须满足 参考规范。 现实中,不同的 ingress 控制器的 操作 拥有 轻微的不同。
验证
配置访问 nginx-lb 服务
k8s\deploy\config\ingress\resource.yaml
配置访问 https openldap 服务
k8s\yamls\openldap\ingress-resource.yaml
参考
k8s\deploy\config\ingress
doc
https://kubernetes.github.io/ingress-nginx/deploy/
获取镜像
host_ip=192.168.31.21 export http_proxy="http://${host_ip}:7890" export https_proxy="http://${host_ip}:7890" export no_proxy="localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local,my-cluster-endpoint.com" imgs=( registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f ) function pull_img(){ ctr -n k8s.io images pull ${1} } for i in ${imgs[@]} do echo "pull: $i" pull_img $i & done
部署
ingress controller
https://kubernetes.github.io/ingress-nginx/deploy/#quick-start
部署控制器,负责将 ingress resource 流量 冲定向 到 内部 service
# https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml cd /git_proj/blogs/k8s/deploy/config/ingress kubectl apply -f deploy.yaml kubectl -n ingress-nginx get svc # NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE # ingress-nginx-controller LoadBalancer 10.109.70.188 192.168.31.226 80:32141/TCP,443:31269/TCP 52m # 访问 nginx controller 192.168.31.241
ingress resource
https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress controller 可以部署在任意的 namespace。
ingress resource 定义的 ingress 对象必须和 被 路由的 服务 位于 相同的 namespace
cd /git_proj/blogs/k8s/deploy/config/ingress kubectl apply -f resource.yaml # 查询 ingress resource list kubectl -n nginx-lb get ingress # NAME CLASS HOSTS ADDRESS PORTS AGE # minimal-ingress nginx * 80 19s # 查询某个 ingress resource 的详细状态 kubectl -n nginx-lb describe ingress minimal-ingress # # 192.168.31.241 # ingress controller http://ingress.dev.inner.ymk.com # my test nginx http://ingress.dev.inner.ymk.com/testpath # dns test nslookup ingress.dev.inner.ymk.com # 服务器: UnKnown # Address: 192.168.31.234 # 名称: ingress.dev.inner.ymk.com # Address: 192.168.31.241
delpoy.yaml
resource.yaml
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: nginx-lb name: minimal-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - http: paths: - path: /testpath pathType: Prefix backend: service: name: nginx-lb port: number: 80
