Shulou(Shulou.com)06/03 Report--

How to expose the "application services" within your Kubernetes cluster and provide access services to the outside (Internet)!

In general, Service and Pod within the cluster can only be accessed through IP addresses in the internal network of the cluster. All traffic arriving at the border router is either discarded or forwarded elsewhere. (the existence of Ingress is to accomplish the above purpose.) without directly using Ingress resources, there are a variety of ways to expose Service. There are several cases where using Service.Type=LoadBalancer using Service.Type=NodePort is obsolete and undefined Ingress, this may be the case when external requests for access to internal services are Internet-> Service defines Ingress authorization request service inbound connections to the cluster may be like this Internet-> Ingress-> Service

Ingress, what can it do?

Ingress can be configured to provide externally accessible URL for services, load balancing traffic, terminate SSL / TLS, and provide name-based virtual hosts. The Ingress controller is usually responsible for implementing Ingress through a load balancer, although it can also configure an edge router or other front end to help handle traffic. Ingress does not expose any ports or protocols. When exposing services other than HTTP and HTTPS to Internet, services of type Service.Type=NodePort or Service.Type=LoadBalancer are usually used, and the typical access method is "HTTP". Prerequisites: you must have an ingress controller to meet the Ingress requirements. It is not valid to create only Ingress resources, such as ingress-nginx. Be sure to check the beta limits of the controller. In an environment other than GCE/GKE, the controller needs to be deployed as Pod. Default backend: if there is no host or the path matches the HTTP request in the Ingress object, traffic will be routed to your default backend. The default backend is usually the configuration option for the Ingress controller and is not specified in the Ingress resource. For more and more detailed descriptions and usage of Ingress, please refer to the official Chinese Ingress documentation.

Ingress controller

If you want Ingress resources to work, it's no use deploying a separate Ingress, you have to deploy an Ingress Controller to implement Ingress. Unlike other types of controllers that run as part of the kube-controller-manager executable, the Ingress controller does not start automatically with the cluster. Based on this page, you can choose the Ingress controller implementation that best suits your cluster. As a project, Kubernetes currently supports and maintains GCE and nginx controllers. You can deploy and use multiple Ingress controllers in a cluster, and use "ingress.class" to annotate when creating an Ingress. For more detailed use of the controller, please refer to the official Chinese Ingress controller description.

An example of the coexistence of multiple Ingress controllers

Multiple controllers can be switched and the red font can be modified

ApiVersion: extensions/v1beta1kind: Ingressmetadata: name: test annotations: kubernetes.io/ingress.class: "nginx" spec: tls:-secretName: tls-secret backend: serviceName: echoheaders-https servicePort: 80

Haproxy-ingress reference haproxy-ingress in github

Deploy Ingress-nginx under a cluster deployed using the kubeadm tool

Github site: https://github.com/kubernetes/ingress-nginxhttps://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.mdKubernetes site: https://kubernetes.github.io/ingress-nginx/https://kubernetes.github.io/ingress-nginx/deploy/ command help

Rules: the object list of rules, who dispatches to whom (path scheduling, host scheduling)

Backend: dispatch to backend related pod resources, associate backend Pod,serviceName, servicePort [root@node1 ~] # kubectl explain ingress.spec [root@node1 ~] # kubectl explain ingress.spec.rules download and install nginx-ingress-controller

You need to download the image to local in advance. Or use Ali Cloud image [root@node1 ingress] # wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.27.1/deploy/static/mandatory.yaml[root@node1 ingress] # kubectl apply-f mandatory.yaml [root@node1 ingress] # kubectl get pods-n ingress-nginxNAME READY STATUS RESTARTS AGEnginx-ingress-controller-948ffd8cc-9nd4c 1 and 1 Running 0 instead 10m [root@node1 ingress] # [root@node1 ingress] # kubectl describe pods-n ingress-nginx create a service with Pod type NodePort to access Internet requests

Modify the yaml file to add nodePort to specify the port The default [root@node1 ingress] # wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.27.1/deploy/static/provider/baremetal/service-nodeport.yaml[root@node1 ingress] # kubectl apply-f service-nodeport.yaml service/ingress-nginx created [root@node1 ingress] # [root@node1 ingress] # kubectl get svc-n ingress-nginxNAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) is used here AGEingress-nginx NodePort 10.99.146.223 80:32116/TCP 443:30771/TCP 17s [root@node1 ingress] # access through Internet Test Check whether the scheduler of nginx is configured successfully.

Any cluster address accesses [root@node1 ingress] # curl 172.12.0.10 Not Found404 Not Foundnginx/1.17.7 32116404 [root@node1 ingress] #

The Nginx scheduler itself has been scheduled to work properly!

The Nginx scheduler itself has been scheduled to work properly!

The Nginx scheduler itself has been scheduled to work properly!

Next, you can deploy an application manually and publish it through nginx's scheduler.

Manually deploy tomcat application services and publish them through nginx Scheduler

Tomcat creation of NodePort type

Write all the resources in one yaml file Use three horizontal lines to segment [root@node1 pod] # cat tomcat-nodeport.yaml apiVersion: v1kind: Servicemetadata: tomcat namespace: defaultspec: selector: app: tomcat release: canary type: NodePort ports:-port: 8080 targetPort: 8080 nodePort: 30080---apiVersion: apps/v1kind: Deploymentmetadata: name: tomcat-demo namespace: defaultspec: replicas: 2 selector: matchLabels: app: tomcat release: canary template: metadata: labels: App: tomcat release: canary spec: containers:-name: tomcat image: tomcat imagePullPolicy: IfNotPresent ports:-name: http containerPort: 8080-name: ajp containerPort: 8009 [root@node1 pod] #

You can access it directly by using any IP address in the cluster plus port 30080.

Release Tomcat to the outside via Ingress

Download the tomcat image to the local image in advance Service resources and deploy resources are written in a yaml file [root@node1 pod] # cat deploy-svc-tomcat.yaml apiVersion: v1kind: Servicemetadata: name: tomcatspec: app: tomcat release: canary ports:-name: http targetPort: 8080 port: 8080---apiVersion: apps/v1kind: Deploymentmetadata: name: tomcat-demospec: replicas: 2 selector: matchLabels: app: tomcat release: canary template: metadata: labels: App: tomcat release: canary spec: containers:-name: tomcat8 image: tomcat imagePullPolicy: IfNotPresent ports:-name: http containerPort: 8080 [root@node1 pod] #

Once created, you can create an ingress service for the tomcat you just deployed

Create an ingress service for tomcat of type ingress

You can also create a tomcat service with the type of ssl certificate You only need to purchase a ssl certificate or just to test a self-built certificate [root@node1 pod] # cat tomcat-ingress.yaml apiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-tomcat namespace: default annotations: kubernetes.io/ingress.class: "nginx" spec: rules:-host: tomcat.siyou.com http: paths:-path: backend: serviceName: tomcat servicePort: 8080 [root@node1 pod] #

Let's test it. When the parsing of "tomcat.siyou.com" is configured, it can be accessed through the port mapped out of the ingress scheduler.

In order to test the relevant commands to be used

Kubectl related resources use help # kubectl explain pods or kubectl explain pods.spec# to get pods resource details in the default space [root@node1 pod] # kubectl get pods-o wide# describe a pods resource in the default space [root@node1 pod] # kubectl describe pods tomcat-demo-655c78c49-ctd66# to view the logs of a tomcat View [root@node1 pod] # kubectl logs tomcat-demo-655c78c49-ctd66-f# in real time to view the listening status of tomcat application ports in the default space [root@node1 pod] # kubectl exec tomcat-demo-655c78c49-ctd66-- ss-tnl# enter a tomcat internal [root@node1 pod] # kubectl exec-it tomcat-demo-655c78c49-ctd66-- / bin/sh# to view service details in the default namespace [root@node1 pod] # kubectl get Svc-o wide# gets pod resources with namespace ingress-nginx [root@node1 pod] # kubectl get pods-n ingress-nginx# View pod details under ingress-nginx Space [root@node1 pod] # kubectl describe pods-n ingress-nginx nginx-ingress-controller-948ffd8cc-9nd4c# View ingress [root@node1 pod] # kubectl get ingress under the default namespace use of more kubectl commands "kubectl-help" or official document k8s kubectl overview

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.