Shulou(Shulou.com)06/01 Report--

This article mainly explains "the installation method of ingress in K8s". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "the installation method of ingress in K8s".

In Kubernetes, the IP addresses of services and Pod can only be used within the cluster network, and are not visible to applications outside the cluster. In order to enable external applications to access services within the cluster, the following solutions are currently provided in Kubernetes:

1.NodePort

NodePort services are the most primitive way to expose services. As the name implies, NodePort opens a specific port on all nodes (VM), and any traffic sent to that port is forwarded to the service. This approach mainly has the following disadvantages:

There can be only one service per port

By default, you can only use ports 30000-32767.

For the above reasons, I do not recommend exposing services in this way in a production environment. You can use this method if the service you are running is not required to be available all the time, or is cost-sensitive. The best example of such an application is the demo application, or some temporary application.

2.LoadBalancer

LoadBalancer services are the standard way to expose services to internet. This method will launch a Network Load Balancer, which will give you a separate IP address and forward all traffic to your service.

If you want to expose the service directly, this is the default. All traffic to your specified port will be forwarded to the corresponding service. It has no filtering conditions, no routing, etc. This means that you can send almost any kind of traffic to the service, such as HTTP,TCP,UDP,Websocket,gRPC or any other kind.

The biggest disadvantage of this approach is that every service exposed with LoadBalancer will have its own IP address, and each LoadBalancer used will have to pay for it, which will be very expensive.

3.Ingress

Unlike all the above examples, Ingress is not actually a type of service. Instead, it is at the front end of multiple services, acting as an "intelligent routing" or cluster portal.

You can use Ingress to do many different things, and different types of Ingress controllers have different capabilities.

The default ingress controller is to start a HTTP (S) Load Balancer [3]. It allows you to route traffic to back-end services based on paths or subdomains. For example, you can direct any traffic to the domain name foo.yourdomain.com to the foo service and the traffic to the path yourdomain.com/bar/path to the bar service.

Based on the above, it is recommended that you still use Ingress. The following is my installation practice based on version 1.20

Step 1:

The main purpose of downloading mandatory.yaml and service-nodeport.yaml,mandatory.yaml is to install nginx-ingress-controller (the program that implements reverse proxy and load balancing, parses the rules defined by ingress, and forwards requests according to the configured rules). Service-nodeport.yaml is mainly responsible for providing external services, and you don't have to download them if you don't need them. (service-nodeport is actually a simple service service. You need to activate a nodePort to allow external access to K8s internal services. We'll talk about it later.)

Download mandatory.yaml from https://github.com/kubernetes/ingress-nginx/tree/nginx-0.30.0/deploy/static

After the download is complete, we need to make simple changes to mandatory.yaml.

1. Replace rbac.authorization.k8s.io/v1beta1 in the file with rbac.authorization.k8s.io/v1 because version 1.20 of v1beta1 has expired, so it is best to change it to v1 or it will cause alarm or error.

2. Set k8s to use host network (optional)

It should be noted that if it is your own server (other than Alicent Cloud, Tencent Cloud and other CVMs), after being configured as Network, you do not need to create a svc of nodePort, but directly create a container of ingress-controller on each node, and set the network mode of the container to hostNetwork. In other words, ports 80 and 443 of each node physical machine will be occupied by the nginx container in ingress-controller. When traffic enters through port 80amp 443, it goes directly into the nginx. Then nginx forwards the traffic to the corresponding web application container according to ingress rules. The above service-nodeport.yaml file can not be downloaded), I test here, so it is also set to netWork mode.

3. Installation

Run kubectl apply-f mandatory.yaml

The following interface indicates that the installation is successful. If it fails, kubectl delete-f mandatory.yaml can empty the installed pod and configmap, and then modify the mandatory.yaml according to the actual error report and try again.

Pay attention to this picture. If hostNetwork is set to true, the red box shows your own host IP (real IP), and if you don't set it, it will display virtual IP (10.cloud servers * this). Because it is a cloud server, the IP here shows the intranet IP 172.23.78.148 of Liyun.

Download service-nodeport.yaml from: https://github.com/kubernetes/ingress-nginx/tree/nginx-0.30.0/deploy/static/provider/baremetal

Modify service-nodeport.yaml, because we need external access, so we have to open a nodePort. The red box part is our external port, which I got casually.

Install service

Kubectl apply-f service-nodeport.yaml

The following information indicates that the operation is successful. Here we can see that 30080 is mapped to internal port 80 and 30443 is mapped to port 443.

We enter the http://{ server extranet IP}: 30080 / on the browser and the following interface is displayed

This indicates that ingress has been successfully installed.

To see the effect of the demonstration, we can test it with a tomcat image.

Docker search tomcat

Let's pick a tomcat and install it.

Docker pull tomcat

Write tomcat-demo scripts

Cat > > ~ / tomcat-demo.yaml ~ / tomcat-ingress.yaml

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.