绒布(网络层)和kubernetes中的入口之间有什么区别? [英] What is the difference between flannel (network layer) and ingress in kubernetes ?

问题描述

我在GCP上设置了2个VPC，我在每个上都设置了kubeadm，我们称它们为kubemaster和kubenode1.所以我在kubemaster和kubenode1上运行了kubeadm:

I am setting up 2 VPC on GCP, I setup kubeadm on each, let's call them kubemaster and kubenode1. So I ran kubeadm on kubemaster and kubenode1 which :

kubemaster上的
• kubeadm init
kubenode1上的
• kubeadm join

• kubeadm init on kubemaster
• kubeadm join on kubenode1

当我尝试kubectl apply -f (a deployment which contains a pod with simple webapps inside)和kubectl apply -f (a NodePort type of Service which target the deployment port)

此后，我只是从浏览器(不是在本地计算机上，而是在GCP上)从浏览器访问webapp，就不能像在minikube上尝试的那样工作(我也使用与上述相同的kubectl设置minikube).我进行了一些搜索，关于Ingress和网络层(kubernetes网站示例中的法兰绒)的人很多.

After that I simply access the webapps from my browser (on my local machine not on GCP), it just does not work as what I tried on minikube (I setup minikube with same kubectl apply as above too). I dig some search and there are a lot of people saying regarding Ingress and network layer (flannel in kubernetes website example)

我的问题是这些Ingress和法兰绒是什么?如果我只想运行我的Web应用程序，则哪一个是必需的，还是根本没有必要?彼此如何与他人对抗?因为据我了解，分层如下所示:

My question is what are these Ingress and flannel ? Which one is necessary or both are not necessary at all if I just want my webapp run ? How does each other works against others ? Because from my understanding the layering is as per below :

Traffic -> Services -> Deployments/Pods

这些防护服和法兰绒服在哪里?如果两者都不是，为什么我的应用程序不能按预期运行(我在GCP设置中打开了所有端口，所以我认为这不是安全问题)，我尝试设置Kubernetes Dashboard-UI，运行kubectl proxy，但我的浏览器仍然无法运行访问这两个服务(部署中的我的Webapp以及Dashboard API)，可能会让我在这里迷失了一部分.

Where are these ingress and flannel suits to ? If its not about them both, why my apps does not work as intended (i open all port in GCP setting so its not security issue I suppose), I tried setting up Kubernetes Dashboard-UI, run kubectl proxy and still my browser cannot access both services (my webapp inside the deployment and also Dashboard API), may be I am a little bit lost here.

推荐答案

我想添加更多点以及现有答案.

I want to add few more points along with exiting answers.

此后，我只需从浏览器(在本地 机器不在GCP上)，就像我在minikube上尝试过的一样

After that I simply access the webapps from my browser (on my local machine not on GCP), it just does not work as what I tried on minikube

您是否打开了NodePort的安全规则/防火墙规则?您在哪个实例上打开了，在哪个实例上打了访问您的应用程序?

Did you open the security rules/firewall rules for the NodePort? On which instance did you open and which instance are you hitting to access your app?

我的问题是这些Ingress和法兰绒是什么?

My question is what are these Ingress and flannel?

我建议您阅读官方文档.但是无论如何，既然您问了这个问题，我只想说几句话.

I recommend you to read offical docs. But anyway, since you asked the question, I would like to tell few words.

• Flannel是容器的中继网络，容器的子网可以跨越多个节点(与本机docker网络主机n/w，NAT等相对).每次生成时，每个容器都会获得自己的IP. flannel更像是K8内部的容器网络的普通控件
  • 强烈建议您阅读法兰绒N/W的工作原理
  • Flannel is a overrelay network for containers which the subnet for the container can span across multiple nodes(Which is opposite to native docker networking-host n/w, NAT, etc). Each containers gets it own IP every time it spawn. The flannel is more like control plain for container network which is internal to K8s
    • Highly recommend you to read How Flannel N/W works
    • 有关Ingress的博客- https://medium.com/@cashisclay/kubernetes- ingress-82aa960f658e

    我看到您在谈论ClusterIP.通常，ClusterIP是K8s服务的IP，仅是"IP表规则"的魔力.定义服务"后，Kube-Proxy负责在每个节点中编写ip表规则.这些ip表规则或ClusterIP指向实际的pod IP(法兰绒守护程序分配的IP).希望您能理解法兰绒和"Ingress"如何适合图片，如何共同工作或对应用程序流量负责.(如果我错了，请更正.！！ )

    I see you were talking about ClusterIP. Generally, the the ClusterIP is the IP for the K8s service which is nothing but a magic of "IP Tables Rules". Kube-Proxy is responsible to write ip table rules in every node once you define "Service". These ip table rules or ClusterIP points to actual pod IP(The IP assigned by flannel daemon). I hope you can understand, how flannel and "Ingress" fit into the picture or work together or responsible for application traffic.(Please correct if I'm wrong..!!)

    • 您可以粘贴入口控制器Yaml内容吗?您定义了哪些规则?
    • 由于您使用的是GCP，为什么不尝试使用GKE?我的意思是说，它易于部署，除了您可以使用LoadBalancer而不是依赖Ingress来访问您的应用程序(无论如何，这与我的业务无关:-))
    • Can you paste ingress controller yaml content? What are the rules you defined?
    • Since you are using GCP, why don't you try GKE? I mean it is easy to deploy, besides you can access your application with LoadBalancer instead of depending on Ingress(Anyway, its none of my business :-) )

    这篇关于绒布(网络层)和kubernetes中的入口之间有什么区别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！