绒布(网络层)和kubernetes中的入口之间有什么区别? [英] What is the difference between flannel (network layer) and ingress in kubernetes ?
问题描述
我在GCP上设置了2个VPC,我在每个上都设置了kubeadm,我们称它们为kubemaster和kubenode1.所以我在kubemaster和kubenode1上运行了kubeadm:
I am setting up 2 VPC on GCP, I setup kubeadm on each, let's call them kubemaster and kubenode1. So I ran kubeadm on kubemaster and kubenode1 which :
-
kubemaster上的
-
kubeadm init
kubenode1上的 -
kubeadm join
kubeadm init
on kubemasterkubeadm join
on kubenode1
当我尝试kubectl apply -f (a deployment which contains a pod with simple webapps inside)
和kubectl apply -f (a NodePort type of Service which target the deployment port)
此后,我只是从浏览器(不是在本地计算机上,而是在GCP上)从浏览器访问webapp,就不能像在minikube上尝试的那样工作(我也使用与上述相同的kubectl设置minikube).我进行了一些搜索,关于Ingress和网络层(kubernetes网站示例中的法兰绒)的人很多.
After that I simply access the webapps from my browser (on my local machine not on GCP), it just does not work as what I tried on minikube (I setup minikube with same kubectl apply as above too). I dig some search and there are a lot of people saying regarding Ingress and network layer (flannel in kubernetes website example)
我的问题是这些Ingress和法兰绒是什么?如果我只想运行我的Web应用程序,则哪一个是必需的,还是根本没有必要?彼此如何与他人对抗?因为据我了解,分层如下所示:
My question is what are these Ingress and flannel ? Which one is necessary or both are not necessary at all if I just want my webapp run ? How does each other works against others ? Because from my understanding the layering is as per below :
Traffic -> Services -> Deployments/Pods
这些防护服和法兰绒服在哪里?如果两者都不是,为什么我的应用程序不能按预期运行(我在GCP设置中打开了所有端口,所以我认为这不是安全问题),我尝试设置Kubernetes Dashboard-UI,运行kubectl proxy
,但我的浏览器仍然无法运行访问这两个服务(部署中的我的Webapp以及Dashboard API),可能会让我在这里迷失了一部分.
Where are these ingress and flannel suits to ? If its not about them both, why my apps does not work as intended (i open all port in GCP setting so its not security issue I suppose), I tried setting up Kubernetes Dashboard-UI, run kubectl proxy
and still my browser cannot access both services (my webapp inside the deployment and also Dashboard API), may be I am a little bit lost here.
推荐答案
我想添加更多点以及现有答案.
I want to add few more points along with exiting answers.
此后,我只需从浏览器(在本地 机器不在GCP上),就像我在minikube上尝试过的一样
After that I simply access the webapps from my browser (on my local machine not on GCP), it just does not work as what I tried on minikube
您是否打开了NodePort
的安全规则/防火墙规则?您在哪个实例上打开了,在哪个实例上打了访问您的应用程序?
Did you open the security rules/firewall rules for the NodePort
? On which instance did you open and which instance are you hitting to access your app?
我的问题是这些Ingress和法兰绒是什么?
My question is what are these Ingress and flannel?
我建议您阅读官方文档.但是无论如何,既然您问了这个问题,我只想说几句话.
I recommend you to read offical docs. But anyway, since you asked the question, I would like to tell few words.
-
Flannel
是容器的中继网络,容器的子网可以跨越多个节点(与本机docker网络主机n/w,NAT等相对).每次生成时,每个容器都会获得自己的IP.flannel
更像是K8内部的容器网络的普通控件- 强烈建议您阅读法兰绒N/W的工作原理
Flannel
is a overrelay network for containers which the subnet for the container can span across multiple nodes(Which is opposite to native docker networking-host n/w, NAT, etc). Each containers gets it own IP every time it spawn. Theflannel
is more like control plain for container network which is internal to K8s- Highly recommend you to read How Flannel N/W works
我看到您在谈论
ClusterIP
.通常,ClusterIP
是K8s服务的IP,仅是"IP表规则"的魔力.定义服务"后,Kube-Proxy
负责在每个节点中编写ip表规则.这些ip表规则或ClusterIP
指向实际的pod IP(法兰绒守护程序分配的IP).希望您能理解法兰绒和"Ingress"如何适合图片,如何共同工作或对应用程序流量负责.(如果我错了,请更正.!! )I see you were talking about
ClusterIP
. Generally, the theClusterIP
is the IP for the K8s service which is nothing but a magic of "IP Tables Rules".Kube-Proxy
is responsible to write ip table rules in every node once you define "Service". These ip table rules orClusterIP
points to actual pod IP(The IP assigned by flannel daemon). I hope you can understand, how flannel and "Ingress" fit into the picture or work together or responsible for application traffic.(Please correct if I'm wrong..!!)- 您可以粘贴入口控制器Yaml内容吗?您定义了哪些规则?
- 由于您使用的是GCP,为什么不尝试使用GKE?我的意思是说,它易于部署,除了您可以使用
LoadBalancer
而不是依赖Ingress
来访问您的应用程序(无论如何,这与我的业务无关:-))
- Can you paste ingress controller yaml content? What are the rules you defined?
- Since you are using GCP, why don't you try GKE? I mean it is easy to deploy, besides you can access your application with
LoadBalancer
instead of depending onIngress
(Anyway, its none of my business :-) )
这篇关于绒布(网络层)和kubernetes中的入口之间有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!