安装ingress
root@master:/home/guanwu/k8s/metalb# k get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-mvg74 0/1 Completed 0 63m
ingress-nginx-admission-patch-4lrgp 0/1 Completed 1 63m
ingress-nginx-controller-69d5dc956f-kvn5z 1/1 Running 0 45m
root@master:/home/guanwu/k8s/metalb#
安装metalab
metalab是一个k8s免费的负载均衡器,service的type为Loadbalancer时需要这个 github.com/metallb/met…
为metalab配置地址池
root@master:/home/guanwu/k8s/metalb# cat createiptable.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
# 可分配的 IP 地址,可以指定多个,包括 ipv4、ipv6
- 192.168.201.201-192.168.201.254
root@master:/home/guanwu/k8s/metalb# cat L2Advertisement.yaml
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: example
namespace: metallb-system
spec:
ipAddressPools:
- first-pool #上一步创建的 ip 地址池,通过名字进行关联
root@master:/home/guanwu/k8s/metalb#
安装服务
root@master:/home/guanwu/k8s/metalb# k apply -f metallb-native.yaml
namespace/metallb-system unchanged
customresourcedefinition.apiextensions.k8s.io/addresspools.metallb.io configured
customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io configured
customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io configured
customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io configured
customresourcedefinition.apiextensions.k8s.io/communities.metallb.io configured
customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io configured
customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io configured
serviceaccount/controller unchanged
serviceaccount/speaker unchanged
role.rbac.authorization.k8s.io/controller unchanged
role.rbac.authorization.k8s.io/pod-lister unchanged
clusterrole.rbac.authorization.k8s.io/metallb-system:controller unchanged
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker unchanged
rolebinding.rbac.authorization.k8s.io/controller unchanged
rolebinding.rbac.authorization.k8s.io/pod-lister unchanged
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller unchanged
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker unchanged
configmap/metallb-excludel2 unchanged
secret/webhook-server-cert unchanged
service/webhook-service unchanged
deployment.apps/controller unchanged
daemonset.apps/speaker unchanged
validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration configured
root@master:/home/guanwu/k8s/metalb# k apply -f L2Advertisement.yaml
l2advertisement.metallb.io/example unchanged
root@master:/home/guanwu/k8s/metalb# k apply -f createiptable.yaml
ipaddresspool.metallb.io/first-pool unchanged
root@master:/home/guanwu/k8s/metalb#
安装成功的效果如下:
root@master:/home/guanwu/k8s/metalb# k get pods -n metallb-system -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
controller-786f9df989-92h9q 1/1 Running 2 (74m ago) 6d3h 10.10.2.97 worker1 <none> <none>
speaker-mmt9g 1/1 Running 8 (73m ago) 20d 192.168.193.130 worker1 <none> <none>
speaker-r5p2x 1/1 Running 12 (74m ago) 20d 192.168.193.131 master <none> <none>
speaker-zjrrg 1/1 Running 7 (74m ago) 20d 192.168.193.132 worker2 <none> <none>
root@master:/home/guanwu/k8s/metalb#
测试 将service type改为LoadBalancer
可以看到EXTERNAL-IP 一栏有值了
root@master:/home/guanwu/k8s/metalb# k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.20.0.1 <none> 443/TCP 24d
nginx-deploy LoadBalancer 10.20.255.219 192.168.201.202 8080:31230/TCP 20d
使用external-ip访问服务
root@master:/home/guanwu/k8s/metalb# curl 192.168.201.202:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@master:/home/guanwu/k8s/metalb#
暴露tim-server和tim-gateway服务
tim-gateway的yaml如下:
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: tim-gateway
name: tim-gateway
namespace: tim-sit
spec:
ports:
- port: 8090
protocol: TCP
targetPort: 8090
selector:
app: tim-gateway
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: tim-gateway
name: tim-gateway
namespace: tim-sit
spec:
replicas: 3
selector:
matchLabels:
app: tim-gateway
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: tim-gateway
spec:
containers:
- image: tim-gateway:1.0
name: tim-gateway
resources: {}
env:
- name: ZOOKEEPER_SERVER
valueFrom:
configMapKeyRef:
name: tim-app-config
key: zookeeper_server
- name: TIM_GATEWAY_HOST
valueFrom:
configMapKeyRef:
name: tim-app-config
key: time_gateway_host
- name: MYSQL_HOST
valueFrom:
configMapKeyRef:
name: tim-app-config
key: mysql_host
- name: ROCKETMQ_NAMESERVER
valueFrom:
configMapKeyRef:
name: tim-app-config
key: rocketmq_nameserver
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: tim-app-config
key: redis_host
- name: APP_LOG_HOME
valueFrom:
configMapKeyRef:
name: tim-app-config
key: app_log_dir
- name: APP_ACTIVE_PROFILE
valueFrom:
configMapKeyRef:
name: tim-app-config
key: spring_profiles_active
- name: MYSQL_USER_NAME
valueFrom:
secretKeyRef:
name: tim-app-secret
key: mysql.username
- name: MYSQL_USER_PASSWD
valueFrom:
secretKeyRef:
name: tim-app-secret
key: mysql.password
volumeMounts:
- name: config
mountPath: "/config"
readOnly: true
- name: secret-volume
mountPath: "/secret-volume"
volumes:
- name: config
configMap:
name: tim-app-config
- name: secret-volume
secret:
secretName: tim-app-secret
status: {}
---
apiVersion: v1
data:
zookeeper_server: "192.168.201.129:2181"
time_gateway_host: "tim-gateway"
mysql_host: "192.168.0.132"
rocketmq_nameserver: "192.168.201.129:9876"
app_log_dir: "/var/log"
redis_host: "192.168.201.129"
spring_profiles_active: "sit"
kind: ConfigMap
metadata:
name: tim-app-config
namespace: tim-sit
---
apiVersion: v1
kind: Secret
metadata:
name: tim-app-secret
namespace: tim-sit
type: Opaque
data:
mysql.username: cm9vdA==
mysql.password: MTIzNDU2
tim-server的yaml如下:
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: tim-server
name: tim-server
namespace: tim-sit
spec:
ports:
- port: 9003
protocol: TCP
targetPort: 9003
name: tcp
- port: 8083
protocol: TCP
targetPort: 8083
name: http
selector:
app: tim-server
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: tim-server
name: tim-server
namespace: tim-sit
spec:
replicas: 3
selector:
matchLabels:
app: tim-server
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: tim-server
spec:
containers:
- image: tim-server:1.0
name: tim-server
resources: {}
env:
- name: ZOOKEEPER_SERVER
valueFrom:
configMapKeyRef:
name: tim-app-config
key: zookeeper_server
- name: TIM_GATEWAY_HOST
valueFrom:
configMapKeyRef:
name: tim-app-config
key: time_gateway_host
- name: MYSQL_HOST
valueFrom:
configMapKeyRef:
name: tim-app-config
key: mysql_host
- name: ROCKETMQ_NAMESERVER
valueFrom:
configMapKeyRef:
name: tim-app-config
key: rocketmq_nameserver
- name: REDIS_HOST
valueFrom:
configMapKeyRef:
name: tim-app-config
key: redis_host
- name: APP_LOG_HOME
valueFrom:
configMapKeyRef:
name: tim-app-config
key: app_log_dir
- name: APP_ACTIVE_PROFILE
valueFrom:
configMapKeyRef:
name: tim-app-config
key: spring_profiles_active
- name: MYSQL_USER_NAME
valueFrom:
secretKeyRef:
name: tim-app-secret
key: mysql.username
- name: MYSQL_USER_PASSWD
valueFrom:
secretKeyRef:
name: tim-app-secret
key: mysql.password
volumeMounts:
- name: config
mountPath: "/config"
readOnly: true
- name: secret-volume
mountPath: "/secret-volume"
volumes:
- name: config
configMap:
name: tim-app-config
- name: secret-volume
secret:
secretName: tim-app-secret
status: {}
---
apiVersion: v1
data:
zookeeper_server: "192.168.201.129:2181"
time_gateway_host: "tim-gateway"
mysql_host: "192.168.0.132"
rocketmq_nameserver: "192.168.201.129:9876"
app_log_dir: "/var/log"
redis_host: "192.168.201.129"
spring_profiles_active: "sit"
kind: ConfigMap
metadata:
name: tim-app-config
namespace: tim-sit
---
apiVersion: v1
kind: Secret
metadata:
name: tim-app-secret
namespace: tim-sit
type: Opaque
data:
mysql.username: cm9vdA==
mysql.password: MTIzNDU2
两个服务的service启动后,如下图所示
root@master:/home/guanwu/k8s/configmap/tim# k get svc -n tim-sit
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
tim-gateway ClusterIP 10.20.164.207 <none> 8090/TCP 55m
tim-server ClusterIP 10.20.56.167 <none> 9003/TCP,8083/TCP 55m
root@master:/home/guanwu/k8s/configmap/tim#
配置ingressclass和ingress 路由
配置tim的ingressclass
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
name: tim-lb
spec:
controller: k8s.io/ingress-nginx
可以使用命令查看
root@master:/home/guanwu/k8s/ingess# k get ingressclasses.networking.k8s.io tim-lb -n tim-sit -o yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1","kind":"IngressClass","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"controller"},"name":"tim-lb"},"spec":{"controller":"k8s.io/ingress-nginx"}}
creationTimestamp: "2024-02-26T15:27:15Z"
generation: 1
labels:
app.kubernetes.io/component: controller
name: tim-lb
resourceVersion: "97614"
uid: 65433b2b-351d-46a6-9491-5f58cfe27f42
spec:
controller: k8s.io/ingress-nginx
root@master:/home/guanwu/k8s/ingess#
配置ingress,配置如下所示
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: tim-sit
annotations:
spec:
ingressClassName: tim-lb
rules:
- host: tim.gateway.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tim-gateway
port:
number: 8090
- host: tim.server.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tim-server
port:
number: 8083
效果如下:
root@master:/home/guanwu/k8s/ingess# k get ingress -n tim-sit
NAME CLASS HOSTS ADDRESS PORTS AGE
nginx-ingress tim-lb tim.gateway.com,tim.server.com 192.168.201.201 80 55m
root@master:/home/guanwu/k8s/ingess#
测试ingress转发
- 确定入口ip,可以查看ADDRESS,这个ip 192.168.201.201是由METALB服务的IPADDRESS_POOL分配的
root@master:/home/guanwu/k8s/ingess# k get ingress -n tim-sit
NAME CLASS HOSTS ADDRESS PORTS AGE
nginx-ingress tim-lb tim.gateway.com,tim.server.com 192.168.201.201 80 56m
root@master:/home/guanwu/k8s/ingess#
- 配置dns
root@master:/home/guanwu/k8s/ingess# cat /etc/hosts | tail -n 4
192.168.201.201 tim.server.com
192.168.201.201 tim.gateway.com
- 调用接口 调用tim-gateway服务
root@master:/home/guanwu/k8s/ingess# curl tim.gateway.com/getAllServer && echo
{"code":"9000","message":"成功","reqNo":null,"dataBody":["ip-10.10.2.99:9003:8083","ip-10.10.1.97:9003:8083","ip-10.10.1.98:9003:8083"]}
root@master:/home/guanwu/k8s/ingess#
调用tim-server服务,获取tim-server的用户信息
root@master:/home/guanwu/k8s/ingess# curl http://tim.server.com/test/queryAllUser && echo
[{"id":1,"userName":"张三","gender":"男","userNick":"三"}]
root@master:/home/guanwu/k8s/ingess#
配置本地静态IP(宿主机本地测试用)
配置静态IP是为了让tim-client的客户端能与tim-serverr instance 正常建立长连接。
使用route print -4打印ipv4路由,可以看到配置了10.10.0.0和10.20.0.0网路地址的ip转发到192.168.201.129(master节点)上了,因为tim-server的instance ip是以10.xxx开头,这样宿主机访问tim-server instance时,能通过静态路由到master节点ip 192.168.201.129,这样master节点相当于网关了,master能找到10.10和10.20开头的Ip
===========================================================================
永久路由:
网络地址 网络掩码 网关地址 跃点数
10.10.0.0 255.255.0.0 192.168.201.129 1
10.20.0.0 255.255.0.0 192.168.201.129 1
===========================================================================
C:\WINDOWS\system32>
配置宿主机dns
本地启动tim-client服务,将tim-client的gateway地址改为tim.gateway.com
可以看到连接成功
