Kubernetes,Ingress资源配置,路由到同一主机但不同的端口 [英] Kubernetes, Ingress resource configuration, route to same host, but different ports
问题描述
此问题与另一个问题有关.通过此链接,我可以说使用路由到不同端口的入口服务是可行的.
This question is relevant to another question. From this link, I could say using ingress to route to different ports service is feasible.
我首先列出了我的两项服务:(eureka和config),ingress_nginx_res.yaml如下:
I first listed two of my services: (eureka and config), the ingress_nginx_res.yaml is as belows:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- host:
http:
paths:
- backend:
serviceName: gearbox-rack-eureka-server
servicePort: 8761
- host:
http:
paths:
- path:
backend:
serviceName: gearbox-rack-config-server
servicePort: 8888
正如人们所看到的,gearbox-rack-eureka-server监听端口8761,gearbox-rack-config-server监听端口8888.
as one could see, gearbox-rack-eureka-server is listening port 8761, and gearbox-rack-config-server is listening port 8888.
现在,所有服务和k8s都安装在我的本地虚拟盒(centos 7x)172.16.100.83中,在kubectl apply -f ingress_nginx_res.yaml之后,我可以看到它已经启动.
Right now, all service and k8s is installed on my local virtual box(centos 7x), 172.16.100.83, after kubectl apply -f ingress_nginx_res.yaml, i could see it is up.
[root@master3 ingress]# kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
my-ingress * 80 11s
我尝试验证入口,然后放入172.16.100.83:8761,它说无法访问该网站.因此,我认为我的配置有问题.我将所有相关的配置和步骤如下:
I try verify ingress, then I put 172.16.100.83:8761, it say could not visit this website. So I believe there is something wrong with my configuration. I put all related configuration and steps as below:
eureka_pod.yaml:
apiVersion: v1
kind: Pod
metadata:
name: gearbox-rack-eureka-server
labels:
app: gearbox-rack-eureka-server
purpose: platform_eureka_demo
spec:
containers:
- name: gearbox-rack-eureka-server
image: 192.168.1.229:5000/gearboxrack/gearbox-rack-eureka-server
ports:
- containerPort: 8761
eureka_svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-eureka-server
labels:
name: gearbox_rack_eureka_server
spec:
selector:
app: gearbox-rack-eureka-server
type: NodePort
ports:
- port: 8761
nodePort: 31501
name: tcp
config_pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: gearbox-rack-config-server
labels:
app: gearbox-rack-config-server
purpose: platform-demo
spec:
containers:
- name: gearbox-rack-config-server
image: 192.168.1.229:5000/gearboxrack/gearbox-rack-config-server
ports:
- containerPort: 8888
env:
- name: EUREKA_SERVER
value: http://172.16.100.83:8761
config_svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-config-server
labels:
name: gearbox-rack-config-server
spec:
selector:
app: gearbox-rack-config-server
type: NodePort
ports:
- port: 8888
nodePort: 31502
name: tcp
ingress_nginx_role_rb.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: lb
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-normal
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-minimal
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- "ingress-controller-leader-dev"
- "ingress-controller-leader-prod"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-minimal
subjects:
- kind: ServiceAccount
name: lb
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-normal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-normal
subjects:
- kind: ServiceAccount
name: lb
namespace: kube-system
nginx_default-backend.yaml
kind: Service
apiVersion: v1
metadata:
name: nginx-default-backend
namespace: kube-system
spec:
ports:
- port: 80
targetPort: http
selector:
app: nginx-default-backend
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nginx-default-backend
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: nginx-default-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: chenliujin/defaultbackend
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
ports:
- name: http
containerPort: 8080
protocol: TCP
ingress_nginx_ctl.yaml
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
spec:
type: LoadBalancer
selector:
app: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: ingress-nginx
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
serviceAccount: lb
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0
name: ingress-nginx
imagePullPolicy: Always
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend
我的配置有问题吗?或有任何有关排除故障命令的提示,以便我可以自己进行管理?
Anything wrong with my configuration? Or any hints on trouble shooting command so that I could manage by myself?
================================================ ======
=====================================================
1.
我在我的主机win10专业版中运行了虚拟机centOs(7.x).我不使用Google Cloud或AWS.我没有任何负载平衡器,我想nginx是反向代理,因此它具有负载平衡器功能.
ingress_nginx_ctl.yaml:quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0中的图像是否是ingress和nginx之间的连接器,而不是nginx本身?
1.
I have my virtual machine centOs(7.x) running in my host machine win10, professional edition. I donot use google cloud or AWS. I do not have any load balancer, I suppose nginx is reverse proxy, so it has load balancer function.
Does image in ingress_nginx_ctl.yaml: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0 is a connector between ingress and nginx, and it is not nginx itself?
2
a)我编辑/etc/hosts,然后输入以下两个条目:
2
a) I edit /etc/hosts, and I put following two entries:
172.16.100.83 gearbox-rack-eureka-server.sup.com
172.16.100.83 gearbox-rack-config-server.sup.com
b)我看到k8s集群中有dns服务器,如何将这两个条目添加到dns中?还是dns控制台在哪里,以便我可以输入这两个条目?
b) I see there is dns server in k8s cluster, how to add these two entries into dns? or where is dns console so that I could put these two entries?
推荐答案
我在这里发现了几个问题:
I have found several problems here:
-
就Kubernetes而言,当您为Service指定
type: LoadBalancer时,它依赖于云提供商提供的外部负载均衡器.因此,如果您的集群中没有这样的负载均衡器,则无法在Ingress-nginx服务的设置中使用type: LoadBalancer.但是,您仍然必须与外界共享您的入口,最简单的方法是使用type: NodePort.例如:
In terms of Kubernetes, when you specify
type: LoadBalancerfor Service, it relies on external load balancer provided by a cloud provider. So if you have no such load balancer in your cluster, you cannot usetype: LoadBalancerin your settings for ingress-nginx service. But still you have to share your ingress to the outer world, and the easiest way to do it is to usetype: NodePort. For example:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
spec:
type: NodePort
selector:
app: ingress-nginx
ports:
- port: 80
nodePort: 31080
name: http
现在,您可以使用地址http://<ip-address-of-any-node>:31080到达Ingress.例如,http://172.16.100.83:31080
Now you can reach Ingress by using address http://<ip-address-of-any-node>:31080. For example, http://172.16.100.83:31080
下一步,您需要为Ingress提供配置.您可以将Ingress抽象想象为Ingress-controller的配置(在您的情况下为Nginx的配置).
Next step, you need to provide configuration for Ingress. You can imagine Ingress abstraction as configuration for Ingress-controller (configuration for Nginx in your case).
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- http:
paths:
- path: /eureka
backend:
serviceName: gearbox-rack-eureka-server
servicePort: 8761
- path: /config
backend:
serviceName: gearbox-rack-config-server
servicePort: 8888
正如您提到的,此处Nginx作为Ingress-controller扮演反向代理的角色,并将http://<ip-address-of-any-node>:31080/<path>中的路径与服务和端口相匹配.
As you mentioned, here Nginx as Ingress-controller plays role of a reverse proxy and matches Paths in http://<ip-address-of-any-node>:31080/<path> with Services and Ports.
此外,将type: NodePort用于通过Ingress公开的服务也是不正确的.最好使用type: ClusterIP.因此,为您提供服务:
Also, it is incorrect to use type: NodePort for services you expose with Ingress. It is better to use type: ClusterIP. So, for your services:
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-eureka-server
labels:
name: gearbox_rack_eureka_server
spec:
selector:
app: gearbox-rack-eureka-server
type: ClusterIP
ports:
- port: 8761
name: tcp
---
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-config-server
labels:
name: gearbox-rack-config-server
spec:
selector:
app: gearbox-rack-config-server
type: ClusterIP
ports:
- port: 8888
name: tcp
现在您可以在http://172.16.100.83:31080/eureka上访问eureka,并在http://172.16.100.83:31080/config
Now you can reach eureka on http://172.16.100.83:31080/eureka and config on http://172.16.100.83:31080/config
这篇关于Kubernetes,Ingress资源配置,路由到同一主机但不同的端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
