Ingress 与 Ingress Controller

• Ingress 资源

定义一个前端，自动去Service取到Pod主机IP，然后来注入到nginx.conf中的upstun中。然后重载配置文件，达到7层负载的效果。

可以理解为7层负载均衡机制POD，专门处理外部的7层负载流量,常用7层负载软件如下：

1. HAProxy

2. Nginx

3. Traefik

4. Envoy

Ingress 定义

kubectl explain ingress

Ingress Controller 定义

使用类似DaemonSet的控制器(Ingress Controller)部署至每个节点上。

部署方法

先下载ingress-nginx项目中的相关文件

• 项目部署地址：https://github.com/kubernetes/ingress-nginx/tree/master/deploy

或者：

for file in namespace.yaml configmap.yaml rbac.yaml with-rbac.yaml;do wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/$file; done

先部署 namespace.yaml

kubectl apply -f namespace.yaml

然后部署剩下的POD

kubectl apply -f ./

前期准备

例子:

• https://kubernetes.io/docs/concepts/services-networking/ingress/

为了显现 ingress的效果，先做些前期准备，创建些前端应用如下

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  ports:
  - name: http
    targetPort: 80
    port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deploy
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      release: canary
  template:
    metadata:
      labels:
        app: myapp
        release: canary
    spec:
      containers:
      - name: myapp
        image: ikubernetes/myapp:v2
        ports:
        - name: http
          containerPort: 80

查看Ingress POD详细信息

kubectl describe pods nginx-ingress-controller-797b884cbc-dhldm  -n ingress-nginx

让ingress 接入外部流量

文档：https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

创建节点ingress Service

apiVersion: v1                                                                                                                   
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app: ingress-nginx

发布ingress应用

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: test.leiyan.com
    http:
      paths:
      - path: 
        backend:
          serviceName: myapp
          servicePort: 80

查看ingress信息

kubectl get ingress
kubectl describe ingress ingress-myapp

[root@master ingress]# kubectl get pods -n ingress-nginx
NAME                                        READY   STATUS    RESTARTS   AGE
nginx-ingress-controller-797b884cbc-dhldm   1/1     Running   0          76m

进入ingress nginx容器空间验证

kubectl exec -n ingress-nginx -it nginx-ingress-controller-797b884cbc-dhldm -- /bin/sh

制作自签证书方法

KEY

openssl genrsa -out test.key 2048

CRT

openssl req -new -x509 -key test.key -out test.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=test.leiyan.com

证书导入到kubernetes中

kubectl create secret tls leiyan-ssl --cert=test.crt --key=test.key
#查看
kubectl get secret
kubectl describe secret leiyan-ssl

发布HTTPS ingress应用

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - test.leiyan.com
    secretName: leiyan-ssl
  rules:
  - host: test.leiyan.com
    http:
      paths:
      - path: 
        backend:
          serviceName: myapp
          servicePort: 80