二、Service 详解
2.1 ClusterIP(默认)
apiVersion: v1
kind: Service
metadata:
name: my-app-service
spec:
type: ClusterIP
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 3000
2.2 NodePort
apiVersion: v1
kind: Service
metadata:
name: my-nodeport-service
spec:
type: NodePort
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 3000
nodePort: 30080
2.3 LoadBalancer
apiVersion: v1
kind: Service
metadata:
name: my-loadbalancer
spec:
type: LoadBalancer
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 3000
2.4 Headless Service
apiVersion: v1
kind: Service
metadata:
name: my-headless
spec:
clusterIP: None
selector:
app: my-app
ports:
- port: 80
三、Ingress 详解
3.1 安装 Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/cloud/deploy.yaml
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
3.2 基础 Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
spec:
ingressClassName: nginx
rules:
- host: my-app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-service
port:
number: 80
3.3 多个路径路由
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: multi-path-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
ingressClassName: nginx
rules:
- host: my-domain.com
http:
paths:
- path: /app1(/|$)(.*)
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
- path: /app2(/|$)(.*)
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
四、Ingress 高级配置
4.1 TLS/HTTPS
apiVersion: v1
kind: Secret
metadata:
name: tls-secret
type: kubernetes.io/tls
data:
tls.crt: base64-encoded-cert
tls.key: base64-encoded-key
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-ingress
spec:
ingressClassName: nginx
tls:
- hosts:
- my-app.example.com
secretName: tls-secret
rules:
- host: my-app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-service
port:
number: 80
4.2 常用注解
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: annotated-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/rate-limit: |
$binary_remote_addr: 10r/s
spec:
ingressClassName: nginx
rules:
- host: my-app.example.com
http:
paths:
- path: /
backend:
service:
name: my-app-service
port:
number: 80
五、服务发现
5.1 DNS 解析
nslookup my-app-service.default.svc.cluster.local
5.2 环境变量
MY_APP_SERVICE_HOST=10.96.0.1
MY_APP_SERVICE_PORT=80
六、实战场景
6.1 蓝绿部署
apiVersion: v1
kind: Service
metadata:
name: my-app-v1
spec:
selector:
app: my-app
version: v1
ports:
- port: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-app-v2
spec:
selector:
app: my-app
version: v2
ports:
- port: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-app-main
spec:
selector:
app: my-app
version: v1
ports:
- port: 80
6.2 金丝雀发布
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: canary-ingress
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-weight: "20"
spec:
ingressClassName: nginx
rules:
- host: my-app.example.com
http:
paths:
- path: /
backend:
service:
name: my-app-v2
port:
number: 80
七、最佳实践
- 使用 ClusterIP 为默认服务类型
- 合理使用 NodePort,注意端口冲突
- 优先使用 Ingress 管理七层流量
- 启用 TLS 保护
- 使用注解优化 Ingress 行为
