这个问题与另一个问题有关。从这个链接,我可以说使用入口路由到不同的端口服务是可行的。
我首先列出了我的两个服务:(尤里卡和配置(,ingress_nginx_res.yaml如下:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- host:
http:
paths:
- backend:
serviceName: gearbox-rack-eureka-server
servicePort: 8761
- host:
http:
paths:
- path:
backend:
serviceName: gearbox-rack-config-server
servicePort: 8888
如您所见,Gearbox-Rack-Eureka-服务器正在侦听端口 8761,Gearbox-机架-配置-服务器正在侦听端口 8888。
现在,所有服务和 k8s 都安装在我的本地虚拟盒子(centos 7x(,172.16.100.83,kubectl apply -f ingress_nginx_res.yaml后,我可以看到它已经启动了。
[root@master3 ingress]# kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
my-ingress * 80 11s
我尝试验证入口,然后我放172.16.100.83:8761,它说无法访问这个网站。所以我相信我的配置有问题。我将所有相关配置和步骤如下:
eureka_pod.yaml:
apiVersion: v1
kind: Pod
metadata:
name: gearbox-rack-eureka-server
labels:
app: gearbox-rack-eureka-server
purpose: platform_eureka_demo
spec:
containers:
- name: gearbox-rack-eureka-server
image: 192.168.1.229:5000/gearboxrack/gearbox-rack-eureka-server
ports:
- containerPort: 8761
eureka_svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-eureka-server
labels:
name: gearbox_rack_eureka_server
spec:
selector:
app: gearbox-rack-eureka-server
type: NodePort
ports:
- port: 8761
nodePort: 31501
name: tcp
config_pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: gearbox-rack-config-server
labels:
app: gearbox-rack-config-server
purpose: platform-demo
spec:
containers:
- name: gearbox-rack-config-server
image: 192.168.1.229:5000/gearboxrack/gearbox-rack-config-server
ports:
- containerPort: 8888
env:
- name: EUREKA_SERVER
value: http://172.16.100.83:8761
config_svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-config-server
labels:
name: gearbox-rack-config-server
spec:
selector:
app: gearbox-rack-config-server
type: NodePort
ports:
- port: 8888
nodePort: 31502
name: tcp
ingress_nginx_role_rb.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: lb
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-normal
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-minimal
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- "ingress-controller-leader-dev"
- "ingress-controller-leader-prod"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-minimal
subjects:
- kind: ServiceAccount
name: lb
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-normal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-normal
subjects:
- kind: ServiceAccount
name: lb
namespace: kube-system
nginx_default-backend.yaml
kind: Service
apiVersion: v1
metadata:
name: nginx-default-backend
namespace: kube-system
spec:
ports:
- port: 80
targetPort: http
selector:
app: nginx-default-backend
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nginx-default-backend
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: nginx-default-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: chenliujin/defaultbackend
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
ports:
- name: http
containerPort: 8080
protocol: TCP
ingress_nginx_ctl.yaml
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
spec:
type: LoadBalancer
selector:
app: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: ingress-nginx
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
serviceAccount: lb
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0
name: ingress-nginx
imagePullPolicy: Always
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend
我的配置有什么问题吗?或者有关故障排除命令的任何提示,以便我可以自己管理?
====
=======================================================再版
1. 我的虚拟机 centOs(7.x( 在我的主机 win10 专业版中运行。我不使用谷歌云或AWS。我没有任何负载均衡器,我想nginx是反向代理,所以它具有负载均衡器功能。ingress_nginx_ctl.yaml中的图像:quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0是入口和nginx之间的连接器,它本身不是nginx吗?
2 a( 我编辑/etc/hosts,我放了以下两个条目:
172.16.100.83 gearbox-rack-eureka-server.sup.com
172.16.100.83 gearbox-rack-config-server.sup.com
b( 我看到 k8s 集群中有 dns 服务器,如何将这两个条目添加到 dns 中?或者 DNS 控制台在哪里,以便我可以放置这两个条目?
我不知道你的环境,你确定你有"负载均衡器"吗?为了简化起见,您只需使用"hostNetwork: true"来设置nginx-controller-deploy,这样您就可以直接通过主机IP访问控制器。
而且,由于我们通过入口控制器访问各种服务,我们如何区分不同的服务?使用域名。我们可以将 gearbox-rack-eureka-server.your.domain 指向 gearbox-rack-eureka-server:8761,而使用 gearbox-rack-config-server.your.domain 在入口中指向 gearbox-rack-config-server:8888,如下所示:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- host: gearbox-rack-eureka-server.your.domain
http:
paths:
- backend:
serviceName: gearbox-rack-eureka-server
servicePort: 8761
- host: gearbox-rack-config-server.your.domain
http:
paths:
- backend:
serviceName: gearbox-rack-config-server
servicePort: 8888
并将域名配置到您的主机 ip,然后使用域名访问这些服务。
我在这里发现了几个问题:
-
就 Kubernetes 而言,当您为 Service 指定
type: LoadBalancer时,它依赖于云提供商提供的外部负载均衡器。因此,如果您的集群中没有此类负载均衡器,则无法在 ingress-nginx 服务的设置中使用type: LoadBalancer。但是你仍然必须分享你对外部世界的入口,最简单的方法是使用type: NodePort。例如:kind: Service apiVersion: v1 metadata: name: ingress-nginx spec: type: NodePort selector: app: ingress-nginx ports: - port: 80 nodePort: 31080 name: http现在,您可以使用地址
http://<ip-address-of-any-node>:31080访问入口。例如,http://172.16.100.83:31080 -
下一步,您需要为入口提供配置。您可以将入口抽象想象为入口控制器的配置(在您的例子中为 Nginx 配置(。
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: my-ingress spec: rules: - http: paths: - path: /eureka backend: serviceName: gearbox-rack-eureka-server servicePort: 8761 - path: /config backend: serviceName: gearbox-rack-config-server servicePort: 8888正如您所提到的,在这里,作为入口控制器的 Nginx 扮演反向代理的角色,并将
http://<ip-address-of-any-node>:31080/<path>中的路径与服务和端口匹配。 -
此外,对通过 Ingress 公开的服务使用
type: NodePort是不正确的。最好使用type: ClusterIP.因此,对于您的服务:apiVersion: v1 kind: Service metadata: name: gearbox-rack-eureka-server labels: name: gearbox_rack_eureka_server spec: selector: app: gearbox-rack-eureka-server type: ClusterIP ports: - port: 8761 name: tcp --- apiVersion: v1 kind: Service metadata: name: gearbox-rack-config-server labels: name: gearbox-rack-config-server spec: selector: app: gearbox-rack-config-server type: ClusterIP ports: - port: 8888 name: tcp现在,您可以在
http://172.16.100.83:31080/eureka上访问尤里卡,并在http://172.16.100.83:31080/config上进行配置