Ingress Ingress是Kubernetes集群用来暴露内部服务给外部人使用的一种机制,目前。Ingress机制主要由两部分组成:Ingress规则和Ingress Controller。Ingress规则定义了服务的访问规则。在Kubernetes中,Ingress和Service之类的一样,是一个资源。Ingress中定义了具体路径到后端容器的对应关系。Ingress Controller就是对定义Ingress进行响应的组件。以Nginx-Controller举例,Nginx监听某一地址,Nginx-Controller读取Kubernetes中的Ingress,然后把Ingress中定义的信息翻译到Nginx配置文件中,从而达到访问Nginx就可访问内部容器服务的功能。这就是Ingress的用途,监听某一地址,把流量代理到后端的容器。
Ingress搭建 Ingress的搭建需要Default-Backend和Nginx-Controller两个服务,目前这两个服务都已容器化。Default-Backend是Nginx不能正确转发时使用的后端,定义有如404 Not Found等页面。Nginx-Controller我们之前已经介绍过。1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
k8s-app: default-http-backend
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: googlecontainer/defaultbackend:1.0
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10 m
memory: 20 Mi
requests:
cpu: 10 m
memory: 20 Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: kube-system
labels:
k8s-app: default-http-backend
spec:
ports:
- port: 80
targetPort: 8080
selector:
k8s-app: default-http-backend
创建Nginx-Controller的YAML文件如下:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx-ingress-lb
labels:
name: nginx-ingress-lb
namespace: kube-system
spec:
template:
metadata:
labels:
name: nginx-ingress-lb
spec:
terminationGracePeriodSeconds: 60
hostNetwork: true
containers:
- image: googlecontainer/nginx-ingress-controller:0.9.0-beta.8
name: nginx-ingress-lb
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --apiserver-host=http://10.0.2.15:8080
- --default-backend-service=kube-system/default-http-backend
如果使用命令kubectl get pods --namespace=kube-system查看,default-http-backend和nginx-ingress-lb都处在Running状态,那么Ingress环境搭建完毕。1
2
3
4
root@fankang:/home/fankang/app/ingress# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
default-http-backend-3699201686-pvs98 1/1 Running 0 4h
nginx-ingress-lb-17q6d 1/1 Running 0 2m
Ingress创建及使用 我们假设default空间下已存在名为nginx的服务,服务的端口为80。https://github.com/kubernetes/ingress/issues/349。 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx
namespace: default
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: fankang
http:
paths:
- path: /default/nginx
backend:
serviceName: nginx
servicePort: 80
现在我们访问”fankang/default/nginx”就可以访问default下的nginx服务了。1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
root@fankang:/home/fankang/app/ingress# curl fankang/default/nginx
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
todo 如果Nginx-Controller监听的是Neutron的网络中的地址,是否就可以实现Kubernetes Service层的虚拟网络了???