K8s反向代理负载均衡组件ingress

K8s反向代理负载均衡组件ingress

参考文档

https://github.com/kubernetes/ingress/tree/master/examples

https://mritd.me/2017/03/04/how-to-use-nginx-ingress/

http://www.dockerinfo.net/1132.html

k8s集群安装部署

http://jerrymin.blog.51cto.com/3002256/1898243

k8s集群RC、SVC、POD部署

http://jerrymin.blog.51cto.com/3002256/1900260 

k8s集群组件kubernetes-dashboard和kube-dns部署

http://jerrymin.blog.51cto.com/3002256/1900508

k8s集群监控组件heapster部署

http://jerrymin.blog.51cto.com/3002256/1904460

k8s集群反向代理负载均衡组件部署

http://jerrymin.blog.51cto.com/3002256/1904463 

k8s集群挂载volume之nfs

http://jerrymin.blog.51cto.com/3002256/1906778

k8s集群挂载volume之glusterfs

http://jerrymin.blog.51cto.com/3002256/1907274

架构

Ingress是对外(公网)服务到集群内的Service之间规则的集合:允许进入集群的请求被转发至集群内的Service,过程类似下图:

部署步骤

1,下载组件ingress源代码

[root@k8s-master ~]# wgethttps://github.com/kubernetes/ingress/archive/nginx-0.9.0-beta.2.tar.gz

[root@k8s-master~]# cd ingress-nginx-0.9.0-beta.2/

[root@k8s-masteringress-nginx-0.9.0-beta.2]# ls

CONTRIBUTING.md  controllers core  docs  examples Godeps  hack  images LICENSE  Makefile  OWNERS README.md  vendor

2,找到安装方法,一般在部署目录

[root@k8s-masternginx]# pwd

/root/ingress-nginx-0.9.0-beta.2/examples/deployment/nginx

[root@k8s-masternginx]# ls

default-backend.yaml  kubeadm nginx-ingress-controller.yaml README.md

[root@k8s-masternginx]# cat README.md

#Deploying the Nginx Ingress controller

Thisexample aims to demonstrate the deployment of an nginx ingress controller.

##Default Backend

The defaultbackend is a Service capable of handling all url paths and hosts the

nginxcontroller doesn't understand. This most basic implementation just returns

a 404page:

```console

$kubectl apply -f default-backend.yaml

deployment"default-http-backend" created

service"default-http-backend" created

$kubectl -n kube-system get po

NAME                                    READY     STATUS   RESTARTS   AGE

default-http-backend-2657704409-qgwdd   1/1      Running   0          28s

```

##Controller

You candeploy the controller as follows:

```console

$kubectl apply -f nginx-ingress-controller.yaml

deployment"nginx-ingress-controller" created

$kubectl -n kube-system get po

NAME                                      READY     STATUS    RESTARTS  AGE

default-http-backend-2657704409-qgwdd      1/1      Running   0          2m

nginx-ingress-controller-873061567-4n3k2   1/1      Running   0          42s

```

Notethe default settings of this controller:

*serves a `/healthz` url on port 10254, as both a liveness and readiness probe

*takes a `--default-backend-service` argument pointing to the Service createdabove

3,在节点上先下载需要的镜像

[root@k8s-node1~]# docker images|grep ingress

gcr.io/google_containers/nginx-ingress-controller                0.9.0-beta.2        c465518591e5        12 days ago         121.1 MB

4,按照ReadME介绍方法安装部署

[root@k8s-masternginx]# kubectl apply -f default-backend.yaml

deployment"default-http-backend" created

service"default-http-backend" created

[root@k8s-masternginx]# kubectl apply -f nginx-ingress-controller.yaml

deployment"nginx-ingress-controller" created

[root@k8s-masternginx]# kubectl -n kube-system get po

NAME                                       READY     STATUS    RESTARTS  AGE

default-http-backend-2657704409-jltgk       1/1      Running   0          12s

heapster-791010959-78jz8                    1/1       Running  0          14h

kube-dns-3019842428-fkgh5                   3/3       Running  3          4d

kube-dns-autoscaler-2715466192-q0t0c        1/1       Running  1          4d

kubernetes-dashboard-47555765-2w64l         1/1       Running  1          4d

monitoring-grafana-3730655072-gq4h9         1/1       Running  0          14h

monitoring-influxdb-957705310-424kg         1/1       Running  0          14h

nginx-ingress-controller-3752011415-xj5rr   0/1      Running   0          6s

5,创建测试Ingress记录

先创建规则,命名空间kube-system前期安装了dashboard和监控,虽然可以通过nodeport发布,现在试试ingress

[root@k8s-masternginx]# cat k8s.yaml

apiVersion:extensions/v1beta1

kind:Ingress

metadata:

  name: dashboard-monitor-ingress

  namespace: kube-system

spec:

  rules:

  - host: dashboard.test.com

    http:

      paths:

      - backend:

          serviceName: kubernetes-dashboard

          servicePort: 80

  - host: monitor.test.com

    http:

      paths:

      - backend:

[root@k8s-masternginx]# kubectl create -f k8s.yaml

ingress"dashboard-monitor-ingress" created

后进入容器查看配置,下面贴出的都是Ingress自动添加的

[root@k8s-masternginx]# kubectl exec -ti nginx-ingress-controller-3752011415-xj5rr -nkube-system -- bash

root@nginx-ingress-controller-3752011415-xj5rr:/#cat /etc/nginx/nginx.conf

    # In case of errors try the next upstreamserver before returning an error
    proxy_next_upstream                     error timeoutinvalid_header http_502 http_503 http_504;
 
    upstreamkube-system-kubernetes-dashboard-80 {
        least_conn;
        server 10.1.15.7:9090 max_fails=0fail_timeout=0;
    }
    upstream kube-system-monitoring-grafana-80{
        least_conn;
        server 10.1.39.6:3000 max_fails=0fail_timeout=0;
    }
 
    server {
        server_name dashboard.test.com;
        listen [::]:80;
 
        location / {
            set $proxy_upstream_name "kube-system-kubernetes-dashboard-80";
 
            port_in_redirect off;
            client_max_body_size                    "1m";
 
            proxy_set_header Host                   $host;
 
            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;
 
            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;
 
            proxy_set_headerX-Forwarded-For       $proxy_add_x_forwarded_for;
            proxy_set_headerX-Forwarded-Host       $host;
            proxy_set_headerX-Forwarded-Port       $pass_port;
            proxy_set_headerX-Forwarded-Proto      $pass_access_scheme;
 
            # mitigate HTTPoxy Vulnerability
            #https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
            proxy_set_header Proxy                  "";
 
            # Custom headers
 
            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;
 
            proxy_redirect                          off;
            proxy_buffering                         off;
            proxy_buffer_size                       "4k";
 
            proxy_http_version                      1.1;
            proxy_passhttp://kube-system-kubernetes-dashboard-80;
        }
    }
    
    server {
        server_name monitor.test.com;
        listen [::]:80;
 
        location / {
            set $proxy_upstream_name"kube-system-monitoring-grafana-80";
 
            port_in_redirect off;
            client_max_body_size                    "1m";
 
            proxy_set_header Host                   $host;
 
            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;
 
            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;
 
            proxy_set_headerX-Forwarded-For       $proxy_add_x_forwarded_for;
            proxy_set_headerX-Forwarded-Host       $host;
            proxy_set_headerX-Forwarded-Port       $pass_port;
            proxy_set_headerX-Forwarded-Proto     $pass_access_scheme;
 
            # mitigate HTTPoxy Vulnerability
            #https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
            proxy_set_header Proxy                  "";
 
            # Custom headers
 
            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;
 
            proxy_redirect                          off;
            proxy_buffering                         off;
            proxy_buffer_size                       "4k";
 
            proxy_http_version                      1.1;
            proxy_passhttp://kube-system-monitoring-grafana-80;
        }
    }

6,测试验证

此时绑定host到ingress所在Node节点的ip就可以访问上面两个域名了,默认节点80端口监控所有的状态

http://monitor.test.com/dashboard/db/cluster

http://dashboard.test.com/#/workload?namespace=default

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏耕耘实录

Kubernetes中,两种常见类型的Volume深度实践

版权声明:本文为耕耘实录原创文章,各大自媒体平台同步更新。欢迎转载,转载请注明出处,谢谢

932
来自专栏轻量级微服务

Kubernetes 环境搭建 - CentOS

三台 CentOS 7.4 服务器:kube1 、kube2 、kube3 ,配置:2 核 16G

1061
来自专栏bboysoul

使用minikube安装k8s单节点集群

minikube是一款快速在本地笔记本电脑上开启一个虚拟机搭建kubernets单节点kubernetes集群的工具,因为一些网络的原因,所以我这里使用的是阿里...

2042
来自专栏杂烩

Rancher运行dubbo服务 原

        5、dubbo是dubbo-spring-boot-starter:1.0.0

1592
来自专栏小狼的世界

Kubernetes中Pod的健康检查

我们先来看一下Kubernetes的架构图,每个Node节点上都有 kubelet ,Container Probe 也就是容器的健康检查是由 kubelet ...

3111
来自专栏云计算教程系列

如何在Ubuntu 16.04上使用Docker Swarm安装和保护OpenFaaS

无服务器架构从开发人员隐藏服务器实例,并且通常公开允许开发人员在云中运行其应用程序的API。这种方法可以帮助开发人员快速部署应用程序,因为他们可以将配置和维护实...

4581
来自专栏偏前端工程师的驿站

CentOS6.5菜鸟之旅:U盘安装CentOS64位

一、前言                                      之前下载了个CentOS7 32位版,一下就安装成功了,但由于其目录结构等与...

3055
来自专栏圣杰的专栏

eShopOnContainers 知多少[2]:Run起来

执行命令git clone https://github.com/dotnet/eShopOnContainers.gitclone代码到本地。使用默认DEV分...

4542
来自专栏SDNLAB

Network Namespace在Openstack中的应用

本文以DHCP为例,介绍了network namespace的基本原理,以及他在OpenStack中的应用。 基本概念 1: Linux系统的全局资源 1)...

3898
来自专栏小狼的世界

Kubernetes基础:Pod的详细介绍

Pod是Kubernetes中能够创建和部署的最小单元,是Kubernetes集群中的一个应用实例,总是部署在同一个节点Node上。Pod中包含了一个或多个容器...

1464

扫码关注云+社区

领取腾讯云代金券