一.label&Selector
Label:对k8s中各种资源进行分类、分组,添加一个具有特别属性的一个标签。
Selector:通过一个过滤的语法进行查找到对应标签的资源。
当Kubernetes对系统的任何API对象如Pod和节点进行“分组”时,会对其添加Label(key=value形式的“键-值对”)用以精准地选择对应的API对象。而Selector(标签选择器)则是针对匹配对象的查询方法。注:键-值对就是key-value pair。
例如,常用的标签tier可用于区分容器的属性,如frontend、backend;或者一个release_track用于区分容器的环境,如canary、production等
1.定义label
公司与xx银行有一条专属的高速光纤通道,此通道只能与192.168.7.0网段进行通信,因此只能将与xx银行通信的应用部署到192.168.7.0网段所在的节点上,此时可以对节点进行Label(即加标签):
[root@k8s-master01 ~]# kubectl label node k8s-node02 region=subnet7 node/k8s-node02 labeled
然后,可以通过Selector对其筛选:
[root@k8s-master01 ~]# kubectl get no -l region=subnet7 NAME STATUS ROLES AGE VERSION k8s-node02 Ready 3d17h v1.17.3
最后,在Deployment或其他控制器中指定将Pod部署到该节点:
containers: ...... dnsPolicy: ClusterFirst nodeSelector: region: subnet7 restartPolicy: Always ......
也可以用同样的方式对Service进行Label:
[root@k8s-master01 ~]# kubectl label svc canary-v1 -n canary-production env=canary version=v1 service/canary-v1 labeled
查看Labels:
[root@k8s-master01 ~]# kubectl get svc -n canary-production --show-labels NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS canary-v1 ClusterIP 10.110.253.62 8080/TCP 24h env=canary,version=v1
还可以查看所有Version为v1的svc:
[root@k8s-master01 canary]# kubectl get svc --all-namespaces -l version=v1 NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE canary-production canary-v1 ClusterIP 10.110.253.62 8080/TCP 25h
其他资源的Label方式相同。
2.Selector条件匹配
Selector主要用于资源的匹配,只有符合条件的资源才会被调用或使用,可以使用该方式对集群中的各类资源进行分配。
假如对Selector进行条件匹配,目前已有的Label如下:
[root@k8s-master01 ~]# kubectl get svc --show-labels NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS details ClusterIP 10.99.9.178 <none> 9080/TCP 45h app=details kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d19h component=apiserver,provider=kubernetes nginx ClusterIP 10.106.194.137 <none> 80/TCP 2d21h app=productpage,version=v1 nginx-v2 ClusterIP 10.108.176.132 <none> 80/TCP 2d20h productpage ClusterIP 10.105.229.52 <none> 9080/TCP 45h app=productpage,tier=frontend ratings ClusterIP 10.96.104.95 <none> 9080/TCP 45h app=ratings reviews ClusterIP 10.102.188.143 <none> 9080/TCP 45h app=reviews
选择app为reviews或者productpage的svc:
[root@k8s-master01 ~]# kubectl get svc -l 'app in (details, productpage)' --show-labels NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS details ClusterIP 10.99.9.178 <none> 9080/TCP 45h app=details nginx ClusterIP 10.106.194.137 <none> 80/TCP 2d21h app=productpage,version=v1 productpage ClusterIP 10.105.229.52 <none> 9080/TCP 45h app=productpage,tier=frontend
选择app为productpage或reviews但不包括version=v1的svc:
[root@k8s-master01 ~]# kubectl get svc -l version!=v1,'app in (details, productpage)' --show-labels NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS details ClusterIP 10.99.9.178 <none> 9080/TCP 45h app=details productpage ClusterIP 10.105.229.52 <none> 9080/TCP 45h app=productpage,tier=frontend
选择labelkey名为app的svc:
[root@k8s-master01 ~]# kubectl get svc -l app –show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS details ClusterIP 10.99.9.178 <none> 9080/TCP 45h app=details nginx ClusterIP 10.106.194.137 <none> 80/TCP 2d21h app=productpage,version=v1 productpage ClusterIP 10.105.229.52 <none> 9080/TCP 45h app=productpage,tier=frontend ratings ClusterIP 10.96.104.95 <none> 9080/TCP 45h app=ratings reviews ClusterIP 10.102.188.143 <none> 9080/TCP 45h app=reviews
3.修改标签(Label)
在实际使用中,Label的更改是经常发生的事情,可以使用overwrite参数修改标签。
修改标签,比如将version=v1改为version=v2:
[root@k8s-master01 canary]# kubectl get svc -n canary-production --show-labels NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS canary-v1 ClusterIP 10.110.253.62 <none> 8080/TCP 26h env=canary,version=v1 [root@k8s-master01 canary]# kubectl label svc canary-v1 -n canary-production version=v2 --overwrite service/canary-v1 labeled [root@k8s-master01 canary]# kubectl get svc -n canary-production --show-labels NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS canary-v1 ClusterIP 10.110.253.62 <none> 8080/TCP 26h env=canary,version=v2
4.删除标签(Label)
删除标签,比如删除version:
[root@k8s-master01 canary]# kubectl label svc canary-v1 -n canary-production version- service/canary-v1 labeled [root@k8s-master01 canary]# kubectl get svc -n canary-production --show-labels NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS canary-v1 ClusterIP 10.110.253.62 <none> 8080/TCP 26h env=canary
二.Service
Service可以简单的理解为逻辑上的一组Pod。一种可以访问Pod的策略,而且其他Pod可以通过这个Service访问到这个Service代理的Pod。相对于Pod而言,它会有一个固定的名称,一旦创建就固定不变。
绑定svc和deploy等方法:svc中的spec.selector标签对应 deploy的spec.template.lables和spec.selector.matchLabels.
1.创建一个Service
首先定义deploy和svc的yaml
# cat nginx-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx namespace: default spec: progressDeadlineSeconds: 600 replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: app: nginx strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: nginx //添加labels,app=nginx方便svc绑定 spec: containers: - image: nginx:1.15.2 imagePullPolicy: IfNotPresent name: nginx resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 # cat nginx-svc.yaml apiVersion: v1 kind: Service metadata: labels: app: nginx-svc name: nginx-svc spec: ports: - name: http # Service端口的名称 port: 80 # Service自己的端口, servicea --> serviceb http://serviceb, http://serviceb:8080 protocol: TCP # UDP TCP SCTP default: TCP targetPort: 80 # 后端应用的端口 - name: https port: 443 protocol: TCP targetPort: 443 selector: app: nginx //设定nginx的label sessionAffinity: None type: ClusterIP
创建deploy和svc
[root@k8s-master01 ~]# kubectl create -f nginx-deploy.yaml //创建deploy [root@k8s-master01 ~]# kubectl get po --show-labels //查看label NAME READY STATUS RESTARTS AGE LABELS nginx-66bbc9fdc5-m6r2h 1/1 Running 0 16m app=nginx,pod-template-hash=66bbc9fdc5 nginx-66bbc9fdc5-vgv44 1/1 Running 0 16m app=nginx,pod-template-hash=66bbc9fdc5 [root@k8s-master01 ~]# kubectl create -f nginx-svc.yaml //创建SVC [root@k8s-master01 ~]# kubectl get svc //查看svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 104d nginx-svc ClusterIP 10.103.147.19 <none> 80/TCP,443/TCP 6s
验证
[root@k8s-master01 ~]# curl 10.103.147.19 //curl svc验证 ...Welcome to nginx!... [root@k8s-master01 ~]# kubectl logs -f nginx-66bbc9fdc5-m6r2h //查看日志 172.169.244.192 - - [20/Jul/2021:14:39:35 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" [root@k8s-master01 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-66bbc9fdc5-m6r2h 1/1 Running 0 28m nginx-66bbc9fdc5-vgv44 1/1 Running 0 28m [root@k8s-master01 ~]# kubectl delete pod nginx-66bbc9fdc5-m6r2h nginx-66bbc9fdc5-vgv44 //删除pod pod "nginx-66bbc9fdc5-m6r2h" deleted pod "nginx-66bbc9fdc5-vgv44" deleted [root@k8s-master01 ~]# kubectl get pod -owide //发现创建了别的Pod NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-66bbc9fdc5-5jpdx 1/1 Running 0 3m25s 172.169.244.215 k8s-master01 <none> <none> nginx-66bbc9fdc5-c9rxk 1/1 Running 0 3m25s 172.169.244.214 k8s-master01 <none> <none> [root@k8s-master01 ~]# kubectl get ep //查看endpoints NAME ENDPOINTS AGE kubernetes 192.168.1.100:6443,192.168.1.101:6443,192.168.1.102:6443 104d nginx-svc 172.169.244.214:443,172.169.244.215:443,172.169.244.214:80 + 1 more... 10m [root@k8s-master01 ~]# curl 10.103.147.19 //再次curl svc ...Welcome to nginx!... //依旧成功
2.使用Service代理k8s外部应用
使用场景:
1.希望在生产环境中使用某个固定的名称而非IP地址进行访问外部的中间件服务
2.希望Service指向另一个Namespace中或其他集群中的服务
3.某个项目正在迁移至k8s集群,但是一部分服务仍然在集群外部,此时可以使用service代理至k8s集群外部的服务
方法:svc代理外部应用:先创建svc,其次创建与svc的label一致的ep,绑定代理的ip地址
a.定义svc的yaml
[root@k8s-master01 ~]# cat nginx-svc-external.yaml apiVersion: v1 kind: Service metadata: labels: app: nginx-svc-external name: nginx-svc-external spec: ports: - name: http # Service端口的名称 port: 80 # Service自己的端口, servicea --> serviceb http://serviceb, http://serviceb:8080 protocol: TCP # UDP TCP SCTP default: TCP targetPort: 80 # 后端应用的端口 sessionAffinity: None type: ClusterIP [root@k8s-master01 ~]# kubectl create -f nginx-svc-external.yaml //创建 service/nginx-svc-external created [root@k8s-master01 ~]# kubectl get svc //查看,已有新SVC NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 443/TCP 104d nginx-svc ClusterIP 10.103.147.19 80/TCP,443/TCP 29m nginx-svc-external ClusterIP 10.109.109.212 80/TCP 4s [root@k8s-master01 ~]# kubectl get ep //没有ep的ip NAME ENDPOINTS AGE kubernetes 192.168.1.100:6443,192.168.1.101:6443,192.168.1.102:6443 104d nginx-svc 172.169.244.214:443,172.169.244.215:443,172.169.244.214:80 + 1 more... 29m
b.定义ep的yaml
[root@k8s-master01 ~]# ping www.qq.com //ping得到qq的地址 PING ins-r23tsuuf.ias.tencent-cloud.net (121.14.77.201) 56(84) bytes of data. [root@k8s-master01 ~]# cat nginx-ep-external.yaml //定义ep的yaml apiVersion: v1 kind: Endpoints metadata: labels: app: nginx-svc-external name: nginx-svc-external namespace: default subsets: - addresses: - ip: 121.14.77.201 //代理QQ的ip地址 ports: - name: http port: 80 protocol: TCP [root@k8s-master01 ~]# kubectl create -f nginx-ep-external.yaml //创建ep endpoints/nginx-svc-external created [root@k8s-master01 ~]# kubectl get ep //查看ep,发现nginx-svc-external有了qq的代理ip NAME ENDPOINTS AGE kubernetes 192.168.1.100:6443,192.168.1.101:6443,192.168.1.102:6443 104d nginx-svc 172.169.244.214:443,172.169.244.215:443,172.169.244.214:80 + 1 more... 36m nginx-svc-external 121.14.77.201:80 12s [root@k8s-master01 ~]# kubectl get svc //查看svc的地址 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 443/TCP 104d nginx-svc ClusterIP 10.103.147.19 80/TCP,443/TCP 37m nginx-svc-external ClusterIP 10.109.109.212 80/TCP 7m34s [root@k8s-master01 ~]# curl 10.109.109.212 -I //curl svc的地址,返回值404 HTTP/1.1 404 Not Found Server: ias/1.4.2_1.17.3 Date: Tue, 20 Jul 2021 15:35:55 GMT Content-Type: text/html Content-Length: 157 Connection: keep-alive
c.修改ep的代理ip
[root@k8s-master01 ~]# ping www.baidu.com //得到百度的IP:14.215.177.38 PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data. 64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=8.04 ms [root@k8s-master01 ~]# kubectl edit ep nginx-svc-external //修改edit代理ip apiVersion: v1 kind: Endpoints metadata: creationTimestamp: "2021-07-20T15:34:51Z" labels: app: nginx-svc-external name: nginx-svc-external namespace: default resourceVersion: "152823" uid: d1bcb171-b746-4e34-9bee-2dfce180382c subsets: - addresses: - ip: 14.215.177.38 //修改成百度的IP ports: - name: http port: 80 protocol: TCP [root@k8s-master01 ~]# kubectl get ep //再次查看nginx-svc-external的ep地址已变成百度的ip NAME ENDPOINTS AGE kubernetes 192.168.1.100:6443,192.168.1.101:6443,192.168.1.102:6443 105d nginx-svc 172.169.244.214:443,172.169.244.215:443,172.169.244.214:80 + 1 more... 42m nginx-svc-external 14.215.177.38:80 6m18s [root@k8s-master01 ~]# kubectl get svc //查看svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 443/TCP 105d nginx-svc ClusterIP 10.103.147.19 80/TCP,443/TCP 43m nginx-svc-external ClusterIP 10.109.109.212 80/TCP 13m [root@k8s-master01 ~]# curl 10.109.109.212 -I //再次curl,发现返回值已经改变,返回302 HTTP/1.1 302 Found Connection: keep-alive Content-Length: 17931 Content-Type: text/html Date: Tue, 20 Jul 2021 15:41:31 GMT Etag: "54d9748e-460b" Server: bfe/1.0.8.18
3.使用Service反向代理域名
方法:svc反向代理:直接创建绑定代理域名的svc,然后通过创建ingress添加访问域名绑定svc名称进行反向代理。
创建反代yaml
[root@k8s-master01 ~]# cat nginx-externalName.yaml apiVersion: v1 kind: Service metadata: labels: app: nginx-externalname name: nginx-externalname spec: type: ExternalName externalName: www.baidu.com [root@k8s-master01 ~]# kubectl apply -f nginx-externalName.yaml //创建 service/nginx-externalname created [root@k8s-master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 105d nginx-externalname ExternalName <none> www.baidu.com <none> 23s nginx-svc ClusterIP 10.103.147.19 <none> 80/TCP,443/TCP 79m nginx-svc-external ClusterIP 10.109.109.212 <none> 80/TCP 49m
4.Service类型
1.ClusterIP:在集群内部使用,也是默认值。
2.ExternalName:通过返回定义的CNAME别名。
3.NodePort:在所有安装了kube-proxy的节点上打开一个端口,此端口可以代理至后端Pod,然后集群外部可以使用节点的IP地址和NodePort的端口号访问到集群Pod的服务。NodePort端口范围默认是30000-32767。
4.LoadBalancer:使用云提供商的负载均衡器公开服务。
a.NodePort
[root@k8s-master01 ~]# kubectl get svc -n kubernetes-dashboard //查看kubernetes-dashboard的端口31058 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.108.154.168 <none> 8000/TCP 105d kubernetes-dashboard NodePort 10.98.105.10 <none> 443:31058/TCP 105d 浏览器测试:https://192.168.1.100:31058 //本机ip+端口测试
更改nginx-svc的类型为NodePort
[root@k8s-master01 ~]# kubectl get svc //查看nginx-svc为ClusterIP NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 105d nginx-externalname ExternalName <none> www.baidu.com <none> 27m nginx-svc ClusterIP 10.103.147.19 <none> 80/TCP,443/TCP 105m nginx-svc-external ClusterIP 10.109.109.212 <none> 80/TCP 76m [root@k8s-master01 ~]# kubectl edit svc nginx-svc //修改 apiVersion: v1 kind: Service metadata: creationTimestamp: "2021-07-20T14:58:14Z" labels: app: nginx-svc name: nginx-svc namespace: default resourceVersion: "160649" uid: 7c575d2d-cec3-4c73-b512-d3589421871d spec: clusterIP: 10.103.147.19 clusterIPs: - 10.103.147.19 externalTrafficPolicy: Cluster ports: - name: http nodePort: 31000 //添加暴露端口 port: 80 protocol: TCP targetPort: 80 - name: https nodePort: 31238 //添加暴露端口 port: 443 protocol: TCP targetPort: 443 selector: app: nginx sessionAffinity: None type: NodePort //修改为NodePort status: loadBalancer: {} [root@k8s-master01 ~]# kubectl get svc //类型已发生改变 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 105d nginx-externalname ExternalName <none> www.baidu.com <none> 31m nginx-svc NodePort 10.103.147.19 <none> 80:31000/TCP,443:31238/TCP 110m nginx-svc-external ClusterIP 10.109.109.212 <none> 80/TCP 80m
访问测试:
三.Ingress
通俗来讲,ingress和之前的Service、Deployment,也是一个k8s的资源类型,ingress用于实现用域名的方式访问k8s内部应用。
1.Ingress的安装
官方:ingress-nginx
a.首先安装helm管理工具:
https://helm.sh/docs/intro/install/
下载页:https://github.com/helm/helm/releases
[root@k8s-master01 opt]# wget https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz
解压
[root@k8s-master01 opt]# tar -zxvf helm-v3.0.0-linux-amd64.tar.gz
在解压目中找到helm程序,移动到需要的目录中
[root@k8s-master01 opt]# mv linux-amd64/helm /usr/local/bin/helm [root@k8s-master01 opt]# helm version //查看版本 version.BuildInfo{Version:"v3.6.3", GitCommit:"d506314abfb5d21419df8c7e7e68012379db2354", GitTreeState:"clean", GoVersion:"go1.16.5"}
b.使用helm安装ingress:
https://kubernetes.github.io/ingress-nginx/deploy/#using-helm
1.添加ingress的helm仓库
[root@k8s-master01 opt]# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
2.下载ingress的helm包至本地
[root@k8s-master01 opt]# helm pull ingress-nginx/ingress-nginx
3.更改对应的配置
[root@k8s-master01 opt]# tar xf ingress-nginx-3.6.0.tgz [root@k8s-master01 opt]# cd ingress-nginx [root@k8s-master01 ingress-nginx]# vim values.yaml
4.需要修改的位置
a)Controller和admissionWebhook的镜像地址,需要将公网镜像同步至公司内网镜像仓库(需要自行同步gcr镜像的,可以百度查一下使用阿里云同步gcr的镜像,也可以参考这个连接https://blog.csdn.net/weixin_39961559/article/details/80739352,或者参考这个连接: https://blog.csdn.net/sinat_35543900/article/details/103290782) b)hostNetwork设置为true c)dnsPolicy设置为 ClusterFirstWithHostNet d)NodeSelector添加ingress: "true"部署至指定节点 e)类型更改为kind: DaemonSet
5.部署ingress
给需要部署ingress的节点上打标签
[root@k8s-master01 ingress-nginx]# kubectl label node k8s-master03 ingress=true [root@k8s-master01 ingress-nginx]# kubectl create ns ingress-nginx [root@k8s-master01 ingress-nginx]# helm install ingress-nginx -n ingress-nginx . [root@k8s-master01 ingress-nginx]# kubectl get pod -n ingress-nginx //成功 NAME READY STATUS RESTARTS AGE ingress-nginx-controller-ftpj2 1/1 Running 0 104s
6.将ingress controller部署至Node节点(ingress controller不能部署在master节点,实验步骤将ingress controller部署至Node节点,生产环境最少三个ingress controller,并且最好是独立的节点)
[root@k8s-master01 ingress-nginx]# kubectl label node k8s-node01 ingress=true //扩容ingress [root@k8s-master01 ~]# kubectl get pod -n ingress-nginx NAME READY STATUS RESTARTS AGE ingress-nginx-controller-ftpj2 1/1 Running 0 11m ingress-nginx-controller-hxxfz 1/1 Running 0 3m6s [root@k8s-master01 ingress-nginx]# kubectl label node k8s-master03 ingress- //缩容ingress [root@k8s-master01 ~]# kubectl get pod -n ingress-nginx -owide //只在node1有ingress了 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES ingress-nginx-controller-hxxfz 1/1 Running 0 6m25s 192.168.1.103 k8s-node01 <none> <none> [root@k8s-node01 ~]# ss -ltunp | grep 80 //在node01下查看端口 tcp LISTEN 0 16384 *:80 *:* users:(("nginx",pid=117465,fd=19),("nginx",pid=117453,fd=19)) tcp LISTEN 0 16384 *:80 *:* users:(("nginx",pid=117464,fd=11),("nginx",pid=117453,fd=11)) tcp LISTEN 0 16384 [::]:80 [::]:* users:(("nginx",pid=117464,fd=12),("nginx",pid=117453,fd=12)) tcp LISTEN 0 16384 [::]:80 [::]:* users:(("nginx",pid=117465,fd=20),("nginx",pid=117453,fd=20)) [root@k8s-node01 ~]# ps -ef | grep nginx //在node01下查看进程,已经存在 101 117400 117368 0 03:26 ? 00:00:00 /usr/bin/dumb-init -- /nginx-ingress-controller --election-id=ingress-controller-leader --ingress-class=nginx --configmap=ingress-nginx/ingress-nginx-controller --validating-webhook=:8443 --validating-webhook-certificate=/usr/local/certificates/cert --validating-webhook-key=/usr/local/certificates/key 101 117434 117400 0 03:26 ? 00:00:00 /nginx-ingress-controller --election-id=ingress-controller-leader --ingress-class=nginx --configmap=ingress-nginx/ingress-nginx-controller --validating-webhook=:8443 --validating-webhook-certificate=/usr/local/certificates/cert --validating-webhook-key=/usr/local/certificates/key 101 117453 117434 0 03:26 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf 101 117464 117453 0 03:26 ? 00:00:00 nginx: worker process 101 117465 117453 0 03:26 ? 00:00:00 nginx: worker process 101 117466 117453 0 03:26 ? 00:00:00 nginx: cache manager process root 121311 4731 0 03:31 pts/0 00:00:00 grep --color=auto nginx
2.Ingress的使用
ingress作用:可以创建绑定svc,然后通过访问ingress绑定的域名跳转到svc。
注意:1.设置svc的端口。2.多个域名直接在里面加然后replace。3.解析IP为ingress安装节点的IP
a.nginx-svc使用
创建一个ingress
[root@k8s-master01 ~]# vim ingress-nginx-svc.yaml apiVersion: networking.k8s.io/v1beta1 # networking.k8s.io/v1 / extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: "nginx" #声明用nginx的ingress name: example spec: rules: # 一个Ingress可以配置多个rules - host: foo.bar.com # 域名配置,可以不写,匹配*, *.bar.com http: paths: # 相当于nginx的location配合,同一个host可以配置多个path / /abc - backend: serviceName: nginx-svc servicePort: 80 path: / [root@k8s-master01 ~]# kubectl create -f ingress-nginx-svc.yaml //创建 Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress ingress.networking.k8s.io/example created [root@k8s-master01 ~]# kubectl get ingress //查看ingress NAME CLASS HOSTS ADDRESS PORTS AGE example <none> foo.bar.com 192.168.1.103 80 102s
由于foo.bar.com是测试域名,修改本机hosts文件即可(路径:C:\Windows\System32\drivers\etc\ 用记事本打开)
末尾添加:192.168.1.103 foo.bar.com 保存退出(ip为ingress安装节点的IP)
浏览器访问测试:
b.创建一个多域名ingress
[root@k8s-master01 ~]# vim ingress-mulDomain.yaml //创建多域名ingress-yaml apiVersion: networking.k8s.io/v1beta1 # networking.k8s.io/v1 / extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: "nginx" name: example spec: rules: # 一个Ingress可以配置多个rules - host: foo.bar.com # 域名配置,可以不写,匹配*, *.bar.com http: paths: # 相当于nginx的location配合,同一个host可以配置多个path / /abc - backend: serviceName: nginx-svc servicePort: 80 path: / - host: foo2.bar.com # 域名配置,可以不写,匹配*, *.bar.com http: paths: # 相当于nginx的location配合,同一个host可以配置多个path / /abc - backend: serviceName: nginx-svc-external //添加另一个svc servicePort: 80 path: / [root@k8s-master01 ~]# kubectl replace -f ingress-mulDomain.yaml //由于之前创建了ingress,所以用replace更新 Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress ingress.networking.k8s.io/example replaced [root@k8s-master01 ~]# kubectl get ingress //查看 NAME CLASS HOSTS ADDRESS PORTS AGE example <none> foo.bar.com,foo2.bar.com 192.168.1.103 80 23m
修改本机hosts文件
末尾添加保存:192.168.1.103 foo.bar.com foo2.bar.com
浏览器验证