[CKA备考实验][ingress-nginx] 4.2 集群外访问POD

1.创建Deployments

部署方法请参照：
https://blog.csdn.net/qq_33868661/article/details/127505429?spm=1001.2014.3001.5501

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    name: deploy1
  annotations:
    name: deploy1
  name: deploy1
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: deploy1
  strategy: {}
  template:
    metadata:
      labels:
        app: deploy1
    spec:
      containers:
      - image: nginx:1.23
        name: nginx
        resources: {}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

root@node-1:~/service# kubectl get pods -o wide 
NAME                       READY   STATUS    RESTARTS      AGE     IP              NODE     NOMINATED NODE   READINESS GATES
deploy1-5b5f4bd5dd-4bbsm   1/1     Running   1 (44h ago)   7d21h   10.200.139.96   node-3              
deploy1-5b5f4bd5dd-bjgwq   1/1     Running   1 (44h ago)   7d21h   10.200.139.97   node-3              
deploy1-5b5f4bd5dd-l7wc7   1/1     Running   2 (43h ago)   7d21h   10.200.247.48   node-2              
1
2
3
4
5

2.根据Deployments创建Service

部署方法请参照：
https://blog.csdn.net/qq_33868661/article/details/127505429?spm=1001.2014.3001.5501

apiVersion: v1
kind: Service
metadata:
  labels:
    name: deploy1
  name: deploy1
  namespace: default
spec:
  clusterIP: 10.96.0.200
  ports:
  - name: 80-80
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: deploy1
  type: ClusterIP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

root@node-1:~/service# kubectl get svc -o wide 
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE     SELECTOR
deploy1      ClusterIP   10.96.0.200           80/TCP         6d22h   app=deploy1
1
2
3

记住这里的Endpoints信息，它们很重要

root@node-1:~/service# kubectl describe deploy1
error: the server doesn't have a resource type "deploy1"
root@node-1:~/service# kubectl describe svc deploy1
Name:              deploy1
Namespace:         default
Labels:            name=deploy1
Annotations:       
Selector:          app=deploy1
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.96.0.200
IPs:               10.96.0.200
Port:              80-80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.200.139.96:80,10.200.139.97:80,10.200.247.48:80
Session Affinity:  None
Events:            
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

3.借助Service的Endpoints创建Ingress

重要的事情原则：

Ingress并没有将信息交给Service来处理

Ingress并没有将信息交给Service来处理

Ingress并没有将信息交给Service来处理

Ingress只是借助Service生成的Endpoints来获取容器的地址信息，转发的动作还是直接由Ingress施加给Pod

3.1 ingress-controller配置文件修改

创建Ingress之前需要修改ingress-controller的配置文件。修改点在Deployment对象下，与container统计别处增加配置 hostNetwork: true

这个修改的目的在于让ingress-controller获得worker节点的IP地址作为容器的IP地址，这样我们才能在集群外访问容器

# 配置文件的名字：ingress-nginx-140.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.4.0
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
    spec:
      containers:
      - args:
        - /nginx-ingress-controller
        - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
        ......
      dnsPolicy: ClusterFirst
      hostNetwork: true
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
      - name: webhook-cert
        secret:
          secretName: ingress-nginx-admission
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

3.2 创建ingerss-controller的容器

$ kubectl apply -f ingress-nginx-140.yaml
1

此时需要检查一下ingress-controller容器的状态和地址信息，尤其要关注ingress-controller的IP地址是否为其中一个worker节点的IP地址（pod会运行在哪个节点上不好说）

root@node-1:~# kubectl get pod -n ingress-nginx -o wide
NAME                                        READY   STATUS      RESTARTS   AGE   IP               NODE     NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-tjbcx        0/1     Completed   0          18h   10.200.247.56    node-2              
ingress-nginx-admission-patch-65q84         0/1     Completed   0          18h   10.200.139.103   node-3              
ingress-nginx-controller-75bb94498d-ltvch   1/1     Running     0          18h   222.1.1.22       node-2              
1
2
3
4
5

从检查结果上看ingress-controller运行在了节点2上，分配到的IP地址为节点2的IP地址，符合预期

3.3 创建一个Ingress实例

创建过程跟pod、deployments、service等其他资源对象大同小异，只要在配置文件中定义kind为Ingress，然后在spec中加入一些7层代理相关的配置

# ingress1.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: deploy1
spec:
  ingressClassName: nginx
  rules:
  - host: ingress.example1.com
    http:
      paths:
      - backend:
          service:
            name: deploy1
            port:
              number: 80
        path: /
        pathType: Exact
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

注意ingressClassName这个配置需要我们自己添加上去，该配置并没有默认选项

下面着重解释一下rules中的重要配置信息：

• host：rules中需要定义用于访问的主机名，这里是ingress.example1.com
• service：这里要关联我们的目标service，再次重申ingress不将请求信息转发给service来处理，它只是借用了service的endpoints
• path：这个是可以添加在主机名后面的后缀信息，针对不同的后缀，ingress可以将请求转发到指定的Pod（pod地址信息将由service来提供）
• pathType：这里的Exact表明ingress只能精确匹配host+path做转发，如果是prefix的话则支持“匹配主机名前缀”

kubectl apply -f 来创建ingress实例，随后查询生成的ingress

$ kubectl apply -f ingress1.yaml
1

root@node-1:~/ingress# kubectl get ingress -o wide
NAME      CLASS   HOSTS                  ADDRESS   PORTS   AGE
deploy1   nginx   ingress.example1.com             80      17h
1
2
3

root@node-1:~/ingress# kubectl describe ingress 
Name:             deploy1
Labels:           
Namespace:        default
Address:      
Ingress Class:    nginx
Default backend:  
Rules:
  Host                  Path  Backends
  ----                  ----  --------
  ingress.example1.com  
                        /   deploy1:80 (10.200.139.96:80,10.200.139.97:80,10.200.247.48:80)
Annotations:            
Events:                 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

从ingress的描述信息中可以看出，ingress.example1.com有一个path，也就是’/’ 对应着Service指向的三个地址，这三个地址就是目标pod的IP地址，ingress将直接将请求转发给这些IP地址

3.4 检验ingress的功能

我们的测试环境运行在PC的虚拟机上，需要在PC上增加一个DNS解析条目

增加位置在windows的hosts配置文件中，修改内容如下

增加一条记录

222.1.1.22 ingress.example1.com

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost
222.1.1.24     harbor.example.com
222.1.1.22     ingress.example1.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

现在我们就可以在PC的浏览器上通过域名来访问集群中的Pod了，在地址栏输入http://ingress.example1.com/