如何让Kubernetes Ingress Port 80在裸机单节点集群上工作 [英] How to get Kubernetes Ingress Port 80 working on baremetal single node cluster

问题描述

我有一个用kubeadm创建的裸机kubernetes(v1.11.0)集群，并且工作正常，没有任何问题.与calico联网，并使用kubectl taint nodes命令使其成为单个节点群集. (单节点是必需的).

I have a bare-metal kubernetes (v1.11.0) cluster created with kubeadm and working fine without any issues. Network with calico and made it a single node cluster using kubectl taint nodes command. (single node is a requirement).

我需要在主机端口80上运行mydockerhub/sampleweb静态网站映像.假设运行此kubernetes的ubuntu服务器的IP地址为192.168.8.10.

I need to run mydockerhub/sampleweb static website image on host port 80. Assume the IP address of the ubuntu server running this kubernetes is 192.168.8.10.

如何在192.168.8.10:80上提供我的静态网站或在本地DNS服务器上映射到它的主机名? (例如:frontend.sampleweb.local:80).稍后，我需要在映射到另一个子域的不同端口上运行其他服务. (例如:backend.sampleweb.local:80路由到在端口8080上运行的服务).

How to make my static website available on 192.168.8.10:80 or a hostname mapped to it on local DNS server? (Example: frontend.sampleweb.local:80). Later I need to run other services on different port mapped to another subdomain. (Example: backend.sampleweb.local:80 which routes to a service run on port 8080).

我需要知道:

1. 在没有负载均衡器的情况下可以实现吗?
2. 需要创建哪些资源? (入口，部署等)

3. 集群上还需要哪些其他配置? (网络政策等)

1. Can I achieve this without a load balancer?
2. What resources needed to create? (ingress, deployment, etc)

3. What additional configurations needed on the cluster? (network policy, etc)

如果提供了示例yaml文件，将不胜感激.

Much appreciated if sample yaml files are provided.

我是kubernetes世界的新手.我得到了示例kubernetes部署(例如 sock-shop )，无需任何问题.我尝试使用NodePort来访问服务，但不是在其他端口上运行它，而是需要在主机上的确切端口80上运行它.我尝试了许多入口解决方案，但没有用.

I'm new to kubernetes world. I got sample kubernetes deployments (like sock-shop) working end-to-end without any issues. I tried NodePort to access the service but instead of running it on a different port I need to run it exact port 80 on the host. I tried many ingress solutions but didn't work.

我的设置的屏幕截图:

Screenshot of my setup:

推荐答案

我最近使用了 traefik.io 来配置要求与您相似的项目.

I recently used traefik.io to configure a project with similar requirements to yours.

因此，我将展示traefik和入口的基本解决方案.

So I'll show a basic solution with traefik and ingresses.

我专用了一个名为traefik的整个命名空间(可以使用kube-system)，并创建了一个kubernetes serviceAccount:

I dedicated a whole namespace (you can use kube-system), called traefik, and created a kubernetes serviceAccount:

apiVersion: v1
kind: Namespace
metadata:
  name: traefik
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: traefik
  name: traefik-ingress-controller

由入口规则调用的traefik控制器需要一个ClusterRole及其绑定:

The traefik controller which is invoked by ingress rules requires a ClusterRole and its binding:

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  namespace: traefik
  name: traefik-ingress-controller

traefin控制器将作为守护程序部署(即，根据定义，集群中的每个节点一个)，并且Kubernetes服务专用于该控制器:

The traefin controller will be deployed as daemonset (i.e. by definition one for each node in your cluster) and a Kubernetes service is dedicated to the controller:

kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: traefik
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - name: traefik-ingress-lb
        image: traefik
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
  namespace: traefik
  name: traefik-ingress-service
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin

最后一部分要求您为项目中的每个微服务创建一个服务，这里是一个示例:

The final part requires you to create a service for each microservice in you project, here an example:

apiVersion: v1
kind: Service
metadata:
  namespace: traefik
  name: my-svc-1
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - port: 80 
    targetPort: 8080

以及将请求转发到适当服务的入口(规则集):

and also the ingress (set of rules) that will forward the request to the proper service:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: traefik
  name: ingress-ms-1
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: my-address-url
    http:
      paths:
      - backend:
          serviceName: my-svc-1
          servicePort: 80

在此入口中，我编写了一个主机URL，这将是您集群中的入口点，因此您需要将名称解析为主K8S节点.如果您有更多可能是主节点的节点，则建议使用负载平衡器(在这种情况下，主机URL将是LB).

In this ingress I wrote a host URL, this will be the entry point in your cluster, so you need to resolve the name to your master K8S node. If you have more nodes which could be master, then a loadbalancer is suggested (in this case the host URL will be the LB).

请查看 kubernetes.io 文档，以明确kubernetes的概念. traefik.io 也很有用.

Take a look to kubernetes.io documentation to have clear the concepts for kubernetes. Also traefik.io is useful.

希望对您有帮助.

这篇关于如何让Kubernetes Ingress Port 80在裸机单节点集群上工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！