Ingress暴露应用
NodePort
NodePort服务是让外部请求直接访问服务的最原始方式(生成30000以上的端口), NodePort是在所有的节点(虚拟机)上开放指定的端口,所有发送到这个端口的请求都会直接转发到服务中的pod里;
这种方式有一个"nodePort"的端口,能在节点上指定开放哪个端口,如果没有指定端口,它会选择一个随机端口,大多数时候应该让Kubernetes随机选择端口。
这种方式的不足:
1.一个端口只能提供一个服务应用;
2.只能使用30000-32767之间的端口;
3.如果节点/虚拟机的IP地址发生变化,需要人工进行处理;
因此生产环境不推荐使用这种方式来直接发布服务,如果不要求运行的服务实时可用,或者用于演示或者临时运行一个应用可以用这种方式;
三种端口说明
ports:
name: http
port: 80
targetPort: 80
nodePort: 30008
protocol: TCPnodePort
外部机器(在windows浏览器)可访问的端口;
比如一个Web应用需要被其他用户访问,那么需要配置type=NodePort,而且配置nodePort=30001,那么其他机器就可以通过浏览器访问schem://node:30001访问到该服务。
targetPort
容器的端口,与制作容器时暴露的端口一致(Dockerfile中EXPOSE),例如docker,io官方的nginx暴露的是80端口。
port
Kubernetes集群中的各个服务之间访问的端口,虽然mysql容器暴露了3306端口,但外部机器不能访问到mysql服务,因为它没有配置NodePort类型,该3306端口是集群内其他容器可以通过3306端口访问该服务;
例如:
kubectl expose deployment tomcat --port=8080 --type=NodePortLoadBalancer
LoadBlancer可以暴露服务,这种方式需要向云平台申请负载均衡器,目前很多云平台都支持,但是这种方式深度耦合了云平台;(相当于购买服务器) ,相当于type=LoadBalancer
从外部的访问通过负载均衡器LoadBlancer转发到后端的Pod,具体如何实现要看云提供商。
Ingress
Ingress即外部请求进入K8S集群必经之口
虽然K8S集群内部的pod、service都有自己的IP,但是却无法提供外网访问,以前我们可以通过监听NodePort的方式暴露服务,但是这种方式并不灵活,生产环境也不建议使用;
Ingress是K8S集群中的一个API资源对象,相当于集群网关,我们可以自定义录用规则来转发、管理、暴露服务(一组pod),比较灵活,生产环境建议使用这种方式;
Ingress不是kubernetes内置的,需要单独安装,而且有多种类型Goole Cloud Load Balancer,Nginx, Contour, Istio等等,我们这里选择官方维护的Ingress Nginx
使用Ingress Nginx的步骤:
1.部署Ingress Nginx
2.配置Ingress Nginx规则
采用Ingress暴露容器化应用(Nginx)
1.部署一个容器化应用(pod), 比如Nginx、SpringBoot程序;
kubectl create deployment nginx --image=nginx2.暴露服务;
kubectl expose deployment nginx --port=80 --target-port=80 --type=NodePort3.部署Ingress Nginx
官网地址:GitHub - kubernetes/ingress-nginx: NGINX Ingress Controller for Kubernetes
Installation Guide - NGINX Ingress Controller (kubernetes.github.io)
ingress-nginx 是使用NGINX作为反向代理和负载均衡器的Kubernetes的Ingress控制器
kubectl apply -f
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml #下载ingress-nginx
[root@master ~]# ll
total 44
-rw-r--r-- 1 root root 267 Jun 5 19:37 10-flannel.conflist
-rw-r--r-- 1 root root 900 Jun 5 20:06 10-kubeadm.conf
-rw-r--r-- 1 root root 0 Jun 5 19:52 admin.conf
-rw-r--r-- 1 root root 18224 Jun 7 16:38 deploy.yaml
-rw-r--r-- 1 root root 4813 Jun 5 21:15 kube-flannel.yml
-rw-r--r-- 1 root root 7591 Jun 6 22:11 recommended.yaml
[root@master ~]# sz deploy.yaml #这个下载命令没有成功
-bash: sz: command not found
[root@master ~]# yum install lrzsz -y # 安装下载的命令
[root@master ~]# sz deploy.yaml #这时下载命令可以执行成功
[root@master ~]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-6cb6fdd64b-5zv7l 0/1 ContainerCreating 0 15s
[root@master ~]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 22h
tomcat 1/1 1 1 22h
[root@master ~]# kubectl get namespace
NAME STATUS AGE
default Active 45h
ingress-nginx Active 105m
kube-node-lease Active 45h
kube-public Active 45h
kube-system Active 45h
kubernetes-dashboard Active 21h
[root@master ~]# kubectl delete deploy ingress-nginx
Error from server (NotFound): deployments.apps "ingress-nginx" not found
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-kqfmm 1/1 Running 3 22h
tomcat-7d987c7694-8sjkd 1/1 Running 2 22h
[root@master ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 45h
nginx NodePort 10.98.160.67 <none> 80:32169/TCP 22h
tomcat NodePort 10.105.92.64 <none> 8080:30513/TCP 22h
[root@master ~]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 22h
tomcat 1/1 1 1 22h
# 上面的下载失败,删除重新安装
[root@master ~]# kubectl get service -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.104.252.40 <none> 80:30431/TCP,443:31425/TCP 61m
ingress-nginx-controller-admission ClusterIP 10.101.184.245 <none> 443/TCP 61m
[root@master ~]# kubectl delete service ingress-nginx-controller-admission -n ingress-nginx
service "ingress-nginx-controller-admission" deleted
[root@master ~]# kubectl delete deploy ingress-nginx-controller -n ingress-nginx
deployment.apps "ingress-nginx-controller" deleted
[root@master ~]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-w7nhn 0/1 Completed 0 66m
ingress-nginx-admission-patch-8xwst 0/1 Completed 2 66m
[root@master ~]# kubectl delete pod ingress-nginx-admission-create-w7nhn -n ingress-nginx
pod "ingress-nginx-admission-create-w7nhn" deleted
[root@master ~]# kubectl delete pod ingress-nginx-admission-patch-8xwst -n ingress-nginx
pod "ingress-nginx-admission-patch-8xwst" deleted
[root@master ~]# kubectl get pod -n ingress-nginx
No resources found in ingress-nginx namespace.
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
--2021-06-07 18:22:30-- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.108.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18224 (18K) [text/plain]
Saving to: ‘deploy.yaml.1’
100%[==========================================================================================================================================>] 18,224 --.-K/s in 0.02s
2021-06-07 18:22:31 (1.05 MB/s) - ‘deploy.yaml.1’ saved [18224/18224]
[root@master ~]# kubectl apply -f deploy.yaml
namespace/ingress-nginx unchanged
serviceaccount/ingress-nginx unchanged
configmap/ingress-nginx-controller configured
clusterrole.rbac.authorization.k8s.io/ingress-nginx unchanged
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged
role.rbac.authorization.k8s.io/ingress-nginx unchanged
rolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged
service/ingress-nginx-controller-admission unchanged
service/ingress-nginx-controller unchanged
deployment.apps/ingress-nginx-controller configured
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission configured
serviceaccount/ingress-nginx-admission unchanged
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
role.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
job.batch/ingress-nginx-admission-create unchanged
job.batch/ingress-nginx-admission-patch unchanged
[root@master ~]# vim deploy.yaml
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
[root@master ~]# kubectl apply -f deploy.yaml#应用这个文件在这里面修改下载的路径,不然会下载不成功
这个的操作是在deploy.yaml文件没有被下载下来时,即wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml这个命令没有成功时,在另外开一台新服务器然后执行这个命令然后把这个deploy.yaml文件下载下来之后,再把这个文件进行下面的修改,修改之后再把这个文件用rz命令拷回master节点
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v0.46.0这里是重新开一个服务器然后去下载deploy.yaml文件进行修改 之后再传到master节点上
4.查看Ingress的状态
kubectl get pods -n ingress-nginx[root@master ~]# kubectl get ns # 查看命名空间
NAME STATUS AGE
default Active 46h
ingress-nginx Active 142m
kube-node-lease Active 46h
kube-public Active 46h
kube-system Active 46h
kubernetes-dashboard Active 22h
[root@master ~]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-566585c55d-zqnwn 1/1 Running 0 12m
[root@master ~]# kubectl get service -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.105.138.193 <none> 80:31176/TCP,443:31539/TCP 76m
ingress-nginx-controller-admission ClusterIP 10.109.137.6 <none> 443/TCP 76m
[root@master ~]# kubectl get deploy -n ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx-controller 1/1 1 1 76m5.创建Ingress规则
kubectl apply -f ingress-nginx-rule.yaml[root@master ~]# rz -y
[root@master ~]# ll
total 68
-rw-r--r-- 1 root root 267 Jun 5 19:37 10-flannel.conflist
-rw-r--r-- 1 root root 900 Jun 5 20:06 10-kubeadm.conf
-rw-r--r-- 1 root root 0 Jun 5 19:52 admin.conf
-rw-r--r-- 1 root root 18193 Jun 7 18:42 deploy.yaml
-rw-r--r-- 1 root root 18224 Jun 7 18:22 deploy.yaml.1
-rw-r--r-- 1 root root 281 Jun 6 20:28 ingress-nginx-rule.yaml
-rw-r--r-- 1 root root 4813 Jun 5 21:15 kube-flannel.yml
-rw-r--r-- 1 root root 7591 Jun 6 22:11 recommended.yaml
[root@master ~]# kubectl apply -f ingress-nginx-rule.yaml
ingress.networking.k8s.io/k8s-ingress created
[root@master ~]# kubectl get ingress #查规则
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-ingress <none> www.abc.com 172.31.197.179 80 2m5s如果执行kubectl apply -f ingress-nginx-rule.yaml出现下面这个错误,则执行图片的命令就行,然后再次执行kubectl apply -f ingress-nginx-rule.yaml
kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admissioningress-nginx-rule.yaml,这个文件也可以直接在Xshell里面创建
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: k8s-ingress
spec:
rules:
- host: www.abc.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: nginx
port:
number: 80
www.abc.com是假设域名需要在本地host进行配置:
地址是:C:\Windows\System32\drivers\etc
问题发现修改了配置文件也无法访问www.abc.com这个页面
需要修改配置项:
[root@master ~]# vim deploy.yaml
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
[root@master ~]# kubectl apply -f deploy.yaml#应用这个文件
[root@master ~]# kubectl get service -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.105.138.193 <none> 80:31176/TCP,443:31539/TCP 148m
ingress-nginx-controller-admission ClusterIP 10.109.137.6 <none> 443/TCP 148m
[root@master ~]# kubectl delete service ingress-nginx-controller-admission -n ingress-nginx
service "ingress-nginx-controller-admission" deleted
[root@master ~]# kubectl delete service ingress-nginx-controller -n ingress-nginx
service "ingress-nginx-controller" deleted
[root@master ~]# kubectl get deploy -n ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx-controller 1/1 1 1 151m
[root@master ~]# kubectl delete deploy ingress-nginx-controller -n ingress-nginx
deployment.apps "ingress-nginx-controller" deleted
[root@master ~]# kubectl get pods -n ingress-nginx
No resources found in ingress-nginx namespace.
[root@master ~]# kubectl apply -f deploy.yaml
还是没有访问成功
Kubernetes集群命令行工具kubectl
1.kubectl概述
kubectl 是kubernetes集群的命令行工具,通过kubectl能够对集群本身进行管理,并能够在集群上进行容器化应用的安装部署。
2.kubectl命令的语法
$kubectl [command] [TYPE] [NAME] [flags](1)comand: 指定要对资源执行的操作,例如create 、get、describe和delete
(2)TYPE:指定资源类型,资源类型是大小写敏感的,开发者能够以单数,复数和搜索的形式。例如:
kubectl get pod pod1
kubectl get pods pod1
kubectl get po pod1(3)NAME:指定资源的名称,名称也大小写敏感的。如果省略名称,则会显示所有的资源,例如“
kubectl get pods(4)flags: 指定可选的参数。例如,可用-s或者-server参数指定Kubernetes API server的地址和端口
3.kubectl help 获取更多信息。
4.kubectl 子命令使用分类
(1)基础命令
基础命令 | create | 通过文件或标准输入创建资源 |
expose | 将一个资源公开为一个新的Service | |
run | 在集群中运行一个特定的镜像 | |
set | 在对象上设置特定的功能 | |
get | 显示一个或多个资源 | |
explain | 文档参考资源 | |
edit | 使用默认的编辑一个资源 | |
delete | 通过文件名,标准输入,资源名称或标签选择器来删除资源 |
(2)部署和集群管理命令
部署命令 | rollout | 管理资源的发布 |
rolling-update | 对给定的复制控制器滚动更新 | |
scale | 扩容或缩容Pod数量,Deployment、ReplicaSet、RC或Job | |
autoscale | 创建一个自动选择扩容或缩容并设置Pod数量 | |
集群管理命令 | certificate | 修改证书资源 |
cluster-info | 显示集群信息 | |
top | 显示资源(CPU/Memory/Storage)使用。需要Heapster进行 | |
cordon | 标记节点不可调度 | |
uncordon | 标记节点可调度 | |
drain | 驱逐节点上的应用,准备下线维护 | |
taint | 修改节点taint标记 |
知识点补充
rz -y # 从本地把文件传上去并进行覆盖
rz #从本地传文件
