一起养成写作习惯!这是我参与「掘金日新计划 · 4 月更文挑战」的第27天,点击查看活动详情。
部署一个简单的 Nginx 实例
部署一个 Nginx 服务,通过 Ingress 对外暴露 Nginx Service 进行访问
首先使用 Deployment 创建 2 个 Nginx Pod 副本,指定容器端口为 80 端口;然后创建 Nginx Cluster Service,服务端口依然为 80 端口。
- 创建
nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
- 执行创建
$ kubectl create -f nginx.yaml
deployment.apps/nginx-deployment created
service/nginx created
- 新建
ingress.yaml文件
设置 ingress 策略,将服务的域名命名为 nginx.kube.com,将客户端对于根路径的访问转发给后端的 nginx Service 进行响应。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
spec:
rules:
- host: nginx.kube.com # 对外访问的域名为 nginx.kube.com
http:
paths:
- path: / # 转发路径为根路径 /
backend:
serviceName: nginx # 对外暴露 Service 的名称为 nginx
servicePort: 80 # nginx Service 的 ClusterPort 为 80
当外部客户端访问地址 nginx.kube.com 时,kubernetes 集群内部会将这个访问请求转发给地址 nginx:80。需要注意的是:创建的 Ingress 必须和提供服务的 Service 处于同一命名空间下。
- 执行创建
$ kubectl create -f ingress.yaml
ingress.extensions/ingress-nginx created
- 查看创建的
ingress
$ kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
ingress-nginx nginx.kube.com 10.106.187.230 80 3m56s
# 验证 ingress-nginx CLUSTER-IP
$ kubectl get service -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.106.187.230 <none> 80:31990/TCP,443:31480/TCP 98m
可以看到这里的 ADDRESS 为 10.106.187.230,也就是 ingress-nginx Service 的 ClusterIP。这说明 Nginx 设置好了后端服务的 Endpoint,Ingress Controller 中的转发规则已经配置好。如果 ADDRESS 中没有地址,则表示没有配置好。
- 登录
nginx-ingress-controller Pod,查看/etc/nginx/nginx.conf文件是否正确配置转发规则。
$ kubectl exec -n ingress-nginx -it nginx-ingress-controller-6c7b8c7775-c66rv -- /bin/sh
$ cat nginx.conf
...
## start server nginx.kube.com
server {
server_name nginx.kube.com ;
listen 80 ;
listen 443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location / {
set $namespace "default";
set $ingress_name "ingress-nginx";
set $service_name "nginx";
set $service_port "80";
set $location_path "/";
...
在客户端配置静态解析,公网 IP 是 Ingress Controll Service 的公网 IP(在这里即 NodeIp),域名是 ingress 的 host(在这里即 nginx.kube.com)。
- 执行命令
sudo vim /etc/hosts,添加
# 可以查看 nginx-ingress-controller Pod 所在的 Node 名称,只配置该 Node 的地址
10.192.0.3 nginx.kube.com
# 如果配置了多个 nginx-ingress-controller Pod,可以将所有 Node 的地址都配置上
10.192.0.3 nginx.kube.com
10.192.0.4 nginx.kube.com
$ ping nginx.kube.com
PING nginx.kube.com (10.192.0.3) 56(84) bytes of data.
64 bytes from nginx.kube.com (10.192.0.3): icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from nginx.kube.com (10.192.0.3): icmp_seq=2 ttl=64 time=0.049 ms
64 bytes from nginx.kube.com (10.192.0.3): icmp_seq=3 ttl=64 time=0.076 ms
^C
--- nginx.kube.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.049/0.068/0.079/0.013 ms
$ curl nginx.kube.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Ingress Controller 从与后端 Service 关联的 Endpoint 对象查看 Pod IP,然后 Ingress Controller 会直接将请求转发给任一的 Pod(即 Ingress Controller 不会将请求转发给 Service,只是通过 Service 获取符合要求的 Pod 的 IP 地址)
