Ingress - Powered by MinDoc

Ingress Controllers安装

通过Helm安装：

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install my-release ingress-nginx/ingress-nginx

使用 ingress 创建对外服务

先决条件创建应用的svc服务，例：

apiVersion: v1
kind: Service
metadata:
  name: {APP_NAME}-svc
  labels:
    name: {APP_NAME}
spec:
  ports:
  - name: http
    protocol: TCP
    targetPort: 80
    port: 80
  selector:
    app: {APP_NAME}

创建 HTTP 协议的访问

http协议的访问比较简单，直接创建如下配置文件即可，通过这个ingress配置文件，nginx-ingress-controller就知道如何对外开发服务了。

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: {APP_NAME}
  namespace: devops
spec:
  rules:
    - host: {APP_NAME}.dev.uboxol.com
      http:
        paths:
          - backend:
              serviceName: {APP_NAME}-svc
              servicePort: 80
            path: /

创建 HTTPS 协议的访问

这里的 https 访问是指从客户端到 ingress 控制器之间的连接是加密的，而控制器与后端svc及pod之间的连接则还是 http，如下所示：

使用 k8s 提供的专门用于提供敏感数据的资源secret来存放它，我们先来新建一个名为tls-secret的secret资源：

kubectl create secret tls example-tls --cert=tls.cert --key=tls.key

然后修改ingress的yaml文件如下：

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: {APP_NAME}
  namespace: devops
spec:
  rules:
    - host: {APP_NAME}.dev.uboxol.com
      http:
        paths:
          - backend:
              serviceName: {APP_NAME}-svc
              servicePort: 80
            path: /
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

ingress实现对外暴露

ingress安装完成后，查看一下它的svc服务，状态如下的：

[root@kubemaster01 ~]# kubectl get svc -n devops -o wide
NAME                                       TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE     SELECTOR
proxy-ingress-nginx-controller             LoadBalancer   10.98.82.219    <pending>     80:30092/TCP,443:32702/TCP   69m     app.kubernetes.io/component=controller,app.kubernetes.io/instance=proxy,app.kubernetes.io/name=ingress-nginx
proxy-ingress-nginx-controller-admission   ClusterIP      10.98.14.212    <none>        443/TCP                      69m     app.kubernetes.io/component=controller,app.kubernetes.io/instance=proxy,app.kubernetes.io/name=ingress-nginx

注意：EXTERNAL-IP处于状态的，则说明可能您的环境并没有为 Ingress 网关提供外部负载均衡器的功能，当然上面的PORT(S)项还是提供了80:30092/TCP,443:32702/TCP，则您可以在前端再加一台nginx实现对外暴露服务。如果想在k8s集群上ingress直接对外服务，则可修改：

[root@kubemaster01 ~]# kubectl edit svc proxy-ingress-nginx-controller -n devops
....
  clusterIP: 10.98.82.219
  externalTrafficPolicy: Cluster
  externalIPs:                         #添加一下externalIPs，我这里设置的是master的地址。
  - 192.168.19.44
  ports:
  - name: http
    nodePort: 30092
    port: 80
....

修改完后再查看一下externalIPs状态：

[root@kubemaster01 ~]# kubectl get svc -n devops -o wide
NAME                                       TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE    SELECTOR
proxy-ingress-nginx-controller             LoadBalancer   10.98.82.219    192.168.19.44   80:30092/TCP,443:32702/TCP   19h    app.kubernetes.io/component=controller,app.kubernetes.io/instance=proxy,app.kubernetes.io/name=ingress-nginx
proxy-ingress-nginx-controller-admission   ClusterIP      10.98.14.212    <none>          443/TCP                      19h    app.kubernetes.io/component=controller,app.kubernetes.io/instance=proxy,app.kubernetes.io/name=ingress-nginx

ingress 跨namespace提供反向代理服务

1、在default 下创建服务，以echoservice 为例

[root@kubemaster01 temp]# kubectl apply -f https://bit.ly/echo-service
service/echo created
deployment.apps/echo created
[root@kubemaster01 temp]# kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)           AGE
echo         ClusterIP   10.110.33.48   <none>        8080/TCP,80/TCP   30s

假如我直接给这个echo svc添加imgress的代理，如下：

[root@kubemaster01 temp]# vim echo-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: demo
  namespace: devops
spec:
  rules:
  - http:
      paths:
      - path: /bar
        backend:
          serviceName: echo
          servicePort: 80
[root@kubemaster01 temp]# kubectl apply -f echo-ingress.yaml
ingress.extensions/demo created

因为跨namespace的原因，这个时候去查看一下ingress的svc的日志是有报错的，错误如下：

[root@kubemaster01 ~]# kubectl logs svc/proxy-ingress-nginx-controller -n devops
W0820 07:54:53.878363       6 controller.go:829] Error obtaining Endpoints for Service "devops/echo": no object matching key "devops/echo" in local store

解决：
在devops下创建svc ，关联到default下svc,如下：

[root@kubemaster01 temp]# vim echo-default-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: echo-default
  namespace: devops
spec:
  type: ExternalName
  externalName: echo.default.svc.cluster.local
[root@kubemaster01 temp]# kubectl apply -f echo-default-svc.yaml 
service/echo-default created
[root@kubemaster01 temp]# kubectl get svc -n devops
NAME                                       TYPE           CLUSTER-IP      EXTERNAL-IP                      PORT(S)                      AGE
echo-default                               ExternalName   <none>          echo.default.svc.cluster.local   <none>                       10s

在 devops 下创建ingres ，指向devops下svc，这样就可以访问default下的echo服务了

[root@kubemaster01 temp]# vim echo-default-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: demo
  namespace: devops
spec:
  rules:
  - http:
      paths:
      - path: /bar
        backend:
          serviceName: echo-default
          servicePort: 80
[root@kubemaster01 temp]# kubectl apply -f echo-default-ingress.yaml
ingress.extensions/demo created
[root@kubemaster01 temp]# kubectl get ing -n devops
NAME      CLASS    HOSTS                    ADDRESS         PORTS   AGE
demo      <none>   *                        192.168.19.44   80      3m28s

测试：

[root@kubemaster01 ~]# curl -i 192.168.19.44:80/bar
HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Thu, 20 Aug 2020 08:14:00 GMT
Content-Type: text/plain
Transfer-Encoding: chunked

文档更新时间: 2020-08-20 16:16 作者：子木