Kubernetes,侵入资源配置,路由到同一主机,但端口不同
Kubernetes,侵入资源配置,路由到同一主机,但端口不同
提问于 2018-05-31 10:28:30
这个问题与another question有关。从this link,我可以说,使用入口路由到不同的港口服务是可行的。
我首先列出了我的两个服务:(eureka和config),ingress_nginx_res.yaml如下所示:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- host:
http:
paths:
- backend:
serviceName: gearbox-rack-eureka-server
servicePort: 8761
- host:
http:
paths:
- path:
backend:
serviceName: gearbox-rack-config-server
servicePort: 8888可以看到,变速箱-机架-eureka-服务器正在监听端口8761,而变速箱-机架-配置服务器正在侦听端口8888。
现在,所有服务和k8s都安装在我的本地虚拟盒(Centos7x)上,172.16.100.83,在kubectl apply -f ingress_nginx_res.yaml之后,我可以看到它已经启动了。
[root@master3 ingress]# kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
my-ingress * 80 11s我试着核实入口,然后我把172.16.100.83:8761,它说不能访问这个网站。所以我相信我的配置有问题。我将所有相关配置和步骤如下:
eureka_pod.yaml:
apiVersion: v1
kind: Pod
metadata:
name: gearbox-rack-eureka-server
labels:
app: gearbox-rack-eureka-server
purpose: platform_eureka_demo
spec:
containers:
- name: gearbox-rack-eureka-server
image: 192.168.1.229:5000/gearboxrack/gearbox-rack-eureka-server
ports:
- containerPort: 8761eureka_svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-eureka-server
labels:
name: gearbox_rack_eureka_server
spec:
selector:
app: gearbox-rack-eureka-server
type: NodePort
ports:
- port: 8761
nodePort: 31501
name: tcpconfig_pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: gearbox-rack-config-server
labels:
app: gearbox-rack-config-server
purpose: platform-demo
spec:
containers:
- name: gearbox-rack-config-server
image: 192.168.1.229:5000/gearboxrack/gearbox-rack-config-server
ports:
- containerPort: 8888
env:
- name: EUREKA_SERVER
value: http://172.16.100.83:8761config_svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: gearbox-rack-config-server
labels:
name: gearbox-rack-config-server
spec:
selector:
app: gearbox-rack-config-server
type: NodePort
ports:
- port: 8888
nodePort: 31502
name: tcpingress_nginx_role_rb.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: lb
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-normal
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-minimal
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- "ingress-controller-leader-dev"
- "ingress-controller-leader-prod"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-minimal
subjects:
- kind: ServiceAccount
name: lb
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-normal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-normal
subjects:
- kind: ServiceAccount
name: lb
namespace: kube-systemnginx_default-backend.yaml
kind: Service
apiVersion: v1
metadata:
name: nginx-default-backend
namespace: kube-system
spec:
ports:
- port: 80
targetPort: http
selector:
app: nginx-default-backend
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nginx-default-backend
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: nginx-default-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: chenliujin/defaultbackend
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
ports:
- name: http
containerPort: 8080
protocol: TCPingress_nginx_ctl.yaml
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
spec:
type: LoadBalancer
selector:
app: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: ingress-nginx
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
serviceAccount: lb
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0
name: ingress-nginx
imagePullPolicy: Always
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend我的配置有什么问题吗?或者有什么关于解决问题的建议,这样我就可以自己解决了?
=====================================================
第二版
- 我的虚拟机centOs(7.x)运行在我的主机win10,专业版。我不使用谷歌云或AWS。我没有任何负载均衡器,我认为nginx是反向代理,所以它有负载均衡器功能。
ingress_nginx_ctl.yaml:quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0中的图像是入口和nginx之间的连接器,而不是nginx本身吗?
2
( a)我编辑/etc/主机,并将以下两个条目:
172.16.100.83 gearbox-rack-eureka-server.sup.com
172.16.100.83 gearbox-rack-config-server.sup.com我看到k8s集群中有dns服务器,如何将这两个条目添加到dns中?或者dns控制台在哪里,这样我就可以放置这两个条目了?
回答 2
Stack Overflow用户
发布于 2018-06-01 02:46:16
我不知道你的环境,你确定你有“负载平衡器”吗?为了简化,您只需使用'hostNetwork: true‘来设置nginx控制器部署,这样您就可以通过主机ip直接访问控制器。
而且,既然我们通过入口控制器访问各种服务,那么我们如何区分不同的服务呢?使用域名。我们可以将变速箱-齿条-eureka-server.you.域指向变速箱-齿条-eureka-服务器:8761,而使用变速箱-齿条-配置-服务器.您的域名指向齿轮箱-机架-配置-服务器:8888在入口,如下:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- host: gearbox-rack-eureka-server.your.domain
http:
paths:
- backend:
serviceName: gearbox-rack-eureka-server
servicePort: 8761
- host: gearbox-rack-config-server.your.domain
http:
paths:
- backend:
serviceName: gearbox-rack-config-server
servicePort: 8888并将域名配置到主机ip,然后使用domainname访问这些服务。
Stack Overflow用户
发布于 2018-06-05 16:32:16
我在这里发现了几个问题:
- 就Kubernetes而言,当您为服务指定
type: LoadBalancer时,它依赖于云提供商提供的外部负载均衡器。因此,如果集群中没有这样的负载均衡器,则不能在您的设置中使用type: LoadBalancer作为ingress服务。但是,您仍然需要共享您对外部世界的入口,而最简单的方法就是使用type: NodePort。例如: 类别:服务apiVersion: v1元数据:名称::type: NodePort选择器: app: ingress端口:- port: 80 nodePort: 31080 name: http 现在,您可以通过使用addresshttp://<ip-address-of-any-node>:31080来到达In匀浆。例如,http://172.16.100.83:31080 - 下一步,您需要为Ingress提供配置。您可以将宏抽象想象为对宏控制器的配置(在您的示例中是对Nginx的配置)。
apiVersion:扩展/v1beta 1类:入口元数据:名称:my规范:规则:- http: path:- path: /eureka后端: serviceName: gearbox-apiVersion server servicePort: 8761 -path: /config后端: serviceName: gearbox-rack config-server servicePort: 8888
正如您所提到的,在这里,Nginx作为侵入控制器扮演反向代理的角色,并将
http://<ip-address-of-any-node>:31080/<path>中的路径与服务和端口相匹配。 - 此外,将
type: NodePort用于您使用incorrect公开的服务也是不正确的。最好使用type: ClusterIP。所以,为了你的服务: apiVersion: v1种类:服务元数据:名称:齿轮箱-机架-eureka-服务器标签:名称: gearbox_rack_eureka_server规范:选择器: app: gearbox-齿条-eureka-服务器类型: ClusterIP端口:-端口: 8761名称: tcp -- apiVersion: v1类别:服务元数据:名称:gearbox-app config-server标签: name: gearbox-app config-server spec: selector: app: gearbox-app config-server类型: ClusterIP端口:-端口: 8888名称: tcp 现在,您可以在http://172.16.100.83:31080/eureka上访问eureka,在http://172.16.100.83:31080/config上访问config。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50622149
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号