如何让 Kubernetes Ingress Port 80 在裸机单节点集群上工作 [英] How to get Kubernetes Ingress Port 80 working on baremetal single node cluster

问题描述

我有一个使用 kubeadm 创建的裸机 kubernetes (v1.11.0) 集群，并且工作正常，没有任何问题.使用 calico 网络并使用 kubectl taint nodes 命令使其成为单节点集群.(单节点是必须的).

我需要在主机80端口运行mydockerhub/sampleweb静态网站镜像.假设运行这个kubernetes的ubuntu服务器的IP地址是192.168.8.10.

如何使我的静态网站在 192.168.8.10:80 或本地 DNS 服务器上映射到它的主机名上可用?(例如:frontend.sampleweb.local:80).后来我需要在映射到另一个子域的不同端口上运行其他服务.(示例:backend.sampleweb.local:80 路由到在端口 8080 上运行的服务).

我需要知道:

1. 我可以在没有负载平衡器的情况下实现这一点吗?

2. 创建需要哪些资源?(入口、部署等)

3. 集群需要哪些额外的配置?(网络政策等)

   如果提供示例 yaml 文件，不胜感激.

我是 kubernetes 世界的新手.我得到了示例 kubernetes 部署(例如

解决方案

我最近使用 traefik.io 配置了一个与您有类似需求的项目.

所以我将展示一个带有 traefik 和 ingresses 的基本解决方案.

我专用了一个完整的命名空间(你可以使用 kube-system)，称为 traefik，并创建了一个 kubernetes serviceAccount:

apiVersion: v1种类:命名空间元数据:名称:traefik---api版本:v1种类:服务账户元数据:命名空间:traefik名称:traefik-ingress-controller

入口规则调用的 traefik 控制器需要一个 ClusterRole 及其绑定:

---api版本:rbac.authorization.k8s.io/v1beta1种类:集群角色元数据:名称:traefik-ingress-controller规则:- apiGroups:——《》资源:- 服务- 端点- 秘密动词:- 得到- 列表- 手表- apiGroups:- 扩展资源:- 入口动词:- 得到- 列表- 手表---api版本:rbac.authorization.k8s.io/v1beta1种类:ClusterRoleBinding元数据:名称:traefik-ingress-controller角色参考:apiGroup: rbac.authorization.k8s.io种类:集群角色名称:traefik-ingress-controller科目:- 种类:ServiceAccount命名空间:traefik名称:traefik-ingress-controller

traefin 控制器将部署为守护程序集(即，根据定义，集群中的每个节点都有一个)，并且 Kubernetes 服务专用于控制器:

种类:DaemonSetapiVersion: 扩展/v1beta1元数据:名称:traefik-ingress-controller命名空间:traefik标签:k8s-app:traefik-ingress-lb规格:模板:元数据:标签:k8s-app:traefik-ingress-lb名称:traefik-ingress-lb规格:serviceAccountName: traefik-ingress-controller终止GracePeriodSeconds:60容器:- 名称:traefik-ingress-lb图片:traefik端口:- 名称:http集装箱港口:80主机端口:80- 姓名:管理员容器端口:8080安全上下文:能力:降低:- 全部添加:- NET_BIND_SERVICE参数:- --api--kubernetes- --logLevel=信息---种类:服务api版本:v1元数据:命名空间:traefik名称:traefik-ingress-service规格:选择器:k8s-app:traefik-ingress-lb端口:- 协议:TCP端口:80名称:网络- 协议:TCP端口:8080姓名:管理员

最后一部分要求您为项目中的每个微服务创建一个服务，这里有一个示例:

apiVersion: v1种类:服务元数据:命名空间:traefik名称:my-svc-1规格:选择器:k8s-app:traefik-ingress-lb端口:- 端口:80目标端口:8080

以及将请求转发到适当服务的入口(规则集):

apiVersion: extensions/v1beta1种类:入口元数据:命名空间:traefik名称:入口-ms-1注释:kubernetes.io/ingress.class:traefik规格:规则:- 主机:我的地址-url网址:路径:- 后端:服务名称:my-svc-1服务端口:80

在这个入口我写了一个主机 URL，这将是你集群的入口点，所以你需要将名称解析为你的 K8S 主节点.如果您有更多节点可以作为主节点，则建议使用负载均衡器(在这种情况下，主机 URL 将是 LB).

查看 kubernetes.io 文档以明确 kubernetes 的概念.traefik.io 也很有用.

希望对你有帮助.

I have a bare-metal kubernetes (v1.11.0) cluster created with kubeadm and working fine without any issues. Network with calico and made it a single node cluster using kubectl taint nodes command. (single node is a requirement).

I need to run mydockerhub/sampleweb static website image on host port 80. Assume the IP address of the ubuntu server running this kubernetes is 192.168.8.10.

How to make my static website available on 192.168.8.10:80 or a hostname mapped to it on local DNS server? (Example: frontend.sampleweb.local:80). Later I need to run other services on different port mapped to another subdomain. (Example: backend.sampleweb.local:80 which routes to a service run on port 8080).

I need to know:

1. Can I achieve this without a load balancer?

2. What resources needed to create? (ingress, deployment, etc)

3. What additional configurations needed on the cluster? (network policy, etc)

   Much appreciated if sample yaml files are provided.

I'm new to kubernetes world. I got sample kubernetes deployments (like sock-shop) working end-to-end without any issues. I tried NodePort to access the service but instead of running it on a different port I need to run it exact port 80 on the host. I tried many ingress solutions but didn't work.

Screenshot of my setup:

解决方案

I recently used traefik.io to configure a project with similar requirements to yours.

So I'll show a basic solution with traefik and ingresses.

I dedicated a whole namespace (you can use kube-system), called traefik, and created a kubernetes serviceAccount:

apiVersion: v1
kind: Namespace
metadata:
  name: traefik
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: traefik
  name: traefik-ingress-controller

The traefik controller which is invoked by ingress rules requires a ClusterRole and its binding:

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  namespace: traefik
  name: traefik-ingress-controller

The traefin controller will be deployed as daemonset (i.e. by definition one for each node in your cluster) and a Kubernetes service is dedicated to the controller:

kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: traefik
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - name: traefik-ingress-lb
        image: traefik
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
  namespace: traefik
  name: traefik-ingress-service
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin

The final part requires you to create a service for each microservice in you project, here an example:

apiVersion: v1
kind: Service
metadata:
  namespace: traefik
  name: my-svc-1
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - port: 80 
    targetPort: 8080

and also the ingress (set of rules) that will forward the request to the proper service:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: traefik
  name: ingress-ms-1
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: my-address-url
    http:
      paths:
      - backend:
          serviceName: my-svc-1
          servicePort: 80

In this ingress I wrote a host URL, this will be the entry point in your cluster, so you need to resolve the name to your master K8S node. If you have more nodes which could be master, then a loadbalancer is suggested (in this case the host URL will be the LB).

Take a look to kubernetes.io documentation to have clear the concepts for kubernetes. Also traefik.io is useful.

I hope this helps you.

这篇关于如何让 Kubernetes Ingress Port 80 在裸机单节点集群上工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！