【Kubernetes in Action读书笔记】5.4 Ingress

胡译胡说
67 阅读1分钟

【Kubernetes in Action读书笔记】5.4 Ingress

知识点

  • 向集群外部的客户端公开、暴露Service的方法之一
  • 为什么需要Ingress
    • 节约公网IP,一个公网IP就能为许多Service提供访问。当客户端向Ingress发送HTTP请求时,Ingress会根据HTTP请求的主机名和路径决定将请求转发到哪个Service
  • Ingress工作在应用层

实验1:Ingress的配置是否会同步到作为Ingress Controller的Nginx中

结论:会的

Ingress的配置

spec:
  rules:
  - host: kubia.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubia-service
            port: 
              number: 80
  - host: foo.example.com
    http:
      paths:
      - path: /bar
        pathType: Prefix
        backend:
          service:
            name: foobar-service
            port: 
              number: 80

进入作为Ingress Controller的Nginx所在的Pod中

$ k get po --all-namespaces | fgrep nginx
ingress-nginx   ingress-nginx-admission-create-7ckkl        0/1     Completed          0                110m
ingress-nginx   ingress-nginx-admission-patch-b6bx7         0/1     Completed          0                110m
ingress-nginx   ingress-nginx-controller-7799c6795f-gn674   1/1     Running            0                110m

$ k exec -n ingress-nginx -it ingress-nginx-controller-7799c6795f-gn674 -- bash

ingress-nginx-controller-7799c6795f-gn674:/etc/nginx$ fgrep 'kubia.example.com' nginx.conf
	## start server kubia.example.com
		server_name kubia.example.com ;
	## end server kubia.example.com
ingress-nginx-controller-7799c6795f-gn674:/etc/nginx$ fgrep 'foo.example.com' nginx.conf
	## start server foo.example.com
		server_name foo.example.com ;
	## end server foo.example.com

Nginx如何变为Ingress Controller

docs.nginx.com/nginx-ingre…

附:安装Ingress和创建Ingress的yaml

安装作为addons的Ingress

$ minikube addons list
$ minikube addons enable ingress
💡  ingress 是由 Kubernetes 维护的插件。如有任何问题,请在 GitHub 上联系 minikube。
您可以在以下链接查看 minikube 的维护者列表:https://github.com/kubernetes/minikube/blob/master/OWNERS
💡  插件启用后,请运行 "minikube tunnel" 您的 ingress 资源将在 "127.0.0.1"
    ▪ 正在使用镜像 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407
    ▪ 正在使用镜像 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407
    ▪ 正在使用镜像 registry.k8s.io/ingress-nginx/controller:v1.8.1
    
$ k get pod -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-7ckkl        0/1     Completed   0          6m49s
ingress-nginx-admission-patch-b6bx7         0/1     Completed   0          6m49s
ingress-nginx-controller-7799c6795f-gn674   1/1     Running     0          6m49

yaml

# apiVersion: extensions/v1beta1 # error: no matches for kind "Ingress" in version "extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubia-ingress
spec:
  rules:
  - host: kubia.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubia-service
            port: 
              number: 80
  - host: foo.example.com
    http:
      paths:
      - path: /bar
        pathType: Prefix
        backend:
          service:
            name: foobar-service
            port: 
              number: 80

$ minikube tunnel
✅  Tunnel successfully started

📌  NOTE: Please do not close this terminal as this process must stay alive for the tunnel to be accessible ...

❗  The service/ingress kubia-ingress requires privileged ports to be exposed: [80 443]
🔑  sudo permission will be asked for it.
🏃  Starting tunnel for service kubia-ingress.
Password:
avatar
文章
阅读
粉丝