[CKA备考实验][ingress-nginx] 4.2 集群外访问POD

Posted Greyplayground

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[CKA备考实验][ingress-nginx] 4.2 集群外访问POD相关的知识,希望对你有一定的参考价值。

1.创建Deployments

部署方法请参照:
https://blog.csdn.net/qq_33868661/article/details/127505429?spm=1001.2014.3001.5501

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    name: deploy1
  annotations:
    name: deploy1
  name: deploy1
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: deploy1
  strategy: 
  template:
    metadata:
      labels:
        app: deploy1
    spec:
      containers:
      - image: nginx:1.23
        name: nginx
        resources: 

root@node-1:~/service# kubectl get pods -o wide 
NAME                       READY   STATUS    RESTARTS      AGE     IP              NODE     NOMINATED NODE   READINESS GATES
deploy1-5b5f4bd5dd-4bbsm   1/1     Running   1 (44h ago)   7d21h   10.200.139.96   node-3   <none>           <none>
deploy1-5b5f4bd5dd-bjgwq   1/1     Running   1 (44h ago)   7d21h   10.200.139.97   node-3   <none>           <none>
deploy1-5b5f4bd5dd-l7wc7   1/1     Running   2 (43h ago)   7d21h   10.200.247.48   node-2   <none>           <none>

2.根据Deployments创建Service

部署方法请参照:
https://blog.csdn.net/qq_33868661/article/details/127505429?spm=1001.2014.3001.5501

apiVersion: v1
kind: Service
metadata:
  labels:
    name: deploy1
  name: deploy1
  namespace: default
spec:
  clusterIP: 10.96.0.200
  ports:
  - name: 80-80
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: deploy1
  type: ClusterIP

root@node-1:~/service# kubectl get svc -o wide 
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE     SELECTOR
deploy1      ClusterIP   10.96.0.200   <none>        80/TCP         6d22h   app=deploy1

记住这里的Endpoints信息,它们很重要

root@node-1:~/service# kubectl describe deploy1
error: the server doesn't have a resource type "deploy1"
root@node-1:~/service# kubectl describe svc deploy1
Name:              deploy1
Namespace:         default
Labels:            name=deploy1
Annotations:       <none>
Selector:          app=deploy1
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.96.0.200
IPs:               10.96.0.200
Port:              80-80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.200.139.96:80,10.200.139.97:80,10.200.247.48:80
Session Affinity:  None
Events:            <none>

3.借助Service的Endpoints创建Ingress

重要的事情原则:

Ingress并没有将信息交给Service来处理

Ingress并没有将信息交给Service来处理

Ingress并没有将信息交给Service来处理

Ingress只是借助Service生成的Endpoints来获取容器的地址信息,转发的动作还是直接由Ingress施加给Pod

3.1 ingress-controller配置文件修改

创建Ingress之前需要修改ingress-controller的配置文件。修改点在Deployment对象下,与container统计别处增加配置 hostNetwork: true

这个修改的目的在于让ingress-controller获得worker节点的IP地址作为容器的IP地址,这样我们才能在集群外访问容器

# 配置文件的名字:ingress-nginx-140.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.4.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
    spec:
      containers:
      - args:
        - /nginx-ingress-controller
        - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
        ......
      dnsPolicy: ClusterFirst
      hostNetwork: true
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
      - name: webhook-cert
        secret:
          secretName: ingress-nginx-admission

3.2 创建ingerss-controller的容器

$ kubectl apply -f ingress-nginx-140.yaml

此时需要检查一下ingress-controller容器的状态和地址信息,尤其要关注ingress-controller的IP地址是否为其中一个worker节点的IP地址(pod会运行在哪个节点上不好说)

root@node-1:~# kubectl get pod -n ingress-nginx -o wide
NAME                                        READY   STATUS      RESTARTS   AGE   IP               NODE     NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-tjbcx        0/1     Completed   0          18h   10.200.247.56    node-2   <none>           <none>
ingress-nginx-admission-patch-65q84         0/1     Completed   0          18h   10.200.139.103   node-3   <none>           <none>
ingress-nginx-controller-75bb94498d-ltvch   1/1     Running     0          18h   222.1.1.22       node-2   <none>           <none>

从检查结果上看ingress-controller运行在了节点2上,分配到的IP地址为节点2的IP地址,符合预期

3.3 创建一个Ingress实例

创建过程跟pod、deployments、service等其他资源对象大同小异,只要在配置文件中定义kind为Ingress,然后在spec中加入一些7层代理相关的配置

# ingress1.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: deploy1
spec:
  ingressClassName: nginx
  rules:
  - host: ingress.example1.com
    http:
      paths:
      - backend:
          service:
            name: deploy1
            port:
              number: 80
        path: /
        pathType: Exact

注意ingressClassName这个配置需要我们自己添加上去,该配置并没有默认选项

下面着重解释一下rules中的重要配置信息:

  • host:rules中需要定义用于访问的主机名,这里是ingress.example1.com
  • service:这里要关联我们的目标service,再次重申ingress不将请求信息转发给service来处理,它只是借用了service的endpoints
  • path:这个是可以添加在主机名后面的后缀信息,针对不同的后缀,ingress可以将请求转发到指定的Pod(pod地址信息将由service来提供)
  • pathType:这里的Exact表明ingress只能精确匹配host+path做转发,如果是prefix的话则支持“匹配主机名前缀”

kubectl apply -f <ingress.yaml> 来创建ingress实例,随后查询生成的ingress

$ kubectl apply -f ingress1.yaml

root@node-1:~/ingress# kubectl get ingress -o wide
NAME      CLASS   HOSTS                  ADDRESS   PORTS   AGE
deploy1   nginx   ingress.example1.com             80      17h

root@node-1:~/ingress# kubectl describe ingress 
Name:             deploy1
Labels:           <none>
Namespace:        default
Address:      
Ingress Class:    nginx
Default backend:  <default>
Rules:
  Host                  Path  Backends
  ----                  ----  --------
  ingress.example1.com  
                        /   deploy1:80 (10.200.139.96:80,10.200.139.97:80,10.200.247.48:80)
Annotations:            <none>
Events:                 <none>

从ingress的描述信息中可以看出,ingress.example1.com有一个path,也就是’/’ 对应着Service指向的三个地址,这三个地址就是目标pod的IP地址,ingress将直接将请求转发给这些IP地址

3.4 检验ingress的功能

我们的测试环境运行在PC的虚拟机上,需要在PC上增加一个DNS解析条目

增加位置在windows的hosts配置文件中,修改内容如下

增加一条记录

222.1.1.22 ingress.example1.com

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost
222.1.1.24     harbor.example.com
222.1.1.22     ingress.example1.com

现在我们就可以在PC的浏览器上通过域名来访问集群中的Pod了,在地址栏输入http://ingress.example1.com/

以上是关于[CKA备考实验][ingress-nginx] 4.2 集群外访问POD的主要内容,如果未能解决你的问题,请参考以下文章

[CKA备考实验][ingress-nginx] 4.1如何优雅部署自己的ingress-nginx环境

[CKA备考实验][Pod]2.1 Pod的关键属性

[CKA备考实验][BASIC]1.1资源对象的YAML文件模板生成

[CKA备考实验][BASIC]1.1资源对象的YAML文件模板生成

[CKA备考实验][Pod]2.2 Pod的探针类型及其功能演示

[CKA备考实验][Pod]2.2 Pod的探针类型及其功能演示