K8S学习之ingress网络实验

实验一

使用镜像

docker pull tomcat:9.0.20-jre8-alpine 
docker pull quay.io/kubernetes-ingress-controller/nginx-ingress- controller:0.30.0

运行ingress-controller

在mandatory.yaml文件的Deployment资源中增加属性sepc.template.sepc.hostNetWork 
hostNetwork: true 
hostNetwork网络，这是一种直接定义Pod网络的方式。如果在Pod中使用hostNetwork:true配置网络，那么Pod中运行的应用程序可以直接使用node节点的端口 

运行ingress/mandatory.yaml文件 

kubectl apply -f mandatory.yaml

运行ingress服务

运行ingress/service-nodeport.yaml文件 
kubectl apply -f service-nodeport.yaml

部署tomcat-服务

ingress/tomcat-service.yml

apiVersion: apps/v1 
kind: Deployment 
metadata: 
  name: tomcat-deploy 
  labels: 
    app: tomcat-deploy 
spec: 
  replicas: 1 
  template: 
    metadata: 
      name: tomcat-deploy 
      labels: 
        app: tomcat-deploy 
    spec: 
      containers: 
        - name: tomcat-deploy 
          image: tomcat:9.0.20-jre8-alpine 
          imagePullPolicy: IfNotPresent 
          ports: 
            - containerPort: 8080 
      restartPolicy: Always 
  selector: 
    matchLabels: 
      app: tomcat-deploy 
--- 
apiVersion: v1 
kind: Service 
metadata: 
  name: tomcat-svc 
spec: 
  selector: 
    app: tomcat-deploy 
  ports: 
    - port: 8080 
      targetPort: 8080
  type: NodePort

运行tomcat-service

kubectl apply -f tomcat-service.yml

部署ingress规则文件

ingress/ingress-tomcat.yml

apiVersion: extensions/v1beta1 
kind: Ingress 
metadata: 
  name: nginx-ingress-test 
spec: 
  backend: 
    serviceName: tomcat-svc 
    servicePort: 8080

运行ingress规则

kubectl apply -f ingress-tomcat.yml 

查看ingress 
kubectl get ingress 

查看ingress服务:查看service的部署端口号 
kubectl get svc -n ingress-nginx 

查看ingress-controller运行在那个node节点 
kubectl get pod -n ingress-nginx -o wide

通过ingress访问tomcat

http://192.168.198.158:31530/

实验二

上边案例的部署方式只能通过ingress-controller部署的节点访问。集群内其他节点无法访问ingress规则。本章节通过修改mandatory.yaml文件的控制类类型，让集群内每一个节点都可以正常访问ingress规则。

ingress-controller

ingress/mandatory.yaml

修改mandatory.yaml配置文件 

1.将Deployment类型控制器修改为：DaemonSet 
2.属性：replicas: 1 # 删除这行

service-nodeport固定端口

ingress/service-nodeport.yml

apiVersion: v1 
kind: Service 
metadata: 
  name: ingress-nginx 
  namespace: ingress-nginx 
  labels: 
    app.kubernetes.io/name: ingress-nginx 
    app.kubernetes.io/part-of: ingress-nginx 
spec: 
  type: NodePort 
  ports: 
    - name: http 
      port: 80 
      targetPort: 80 
      nodePort: 31188 
      protocol: TCP 
    - name: https 
      port: 443 
      targetPort: 443 
      nodePort: 31443 
      protocol: TCP 
  selector: 
    app.kubernetes.io/name: ingress-nginx 
    app.kubernetes.io/part-of: ingress-nginx

域名访问ingress规则

service/ingress-tomcat.yml

apiVersion: extensions/v1beta1 
kind: Ingress 
metadata: 
  name: nginx-ingress-test 
spec: 
  rules: 
    - host: ingress-tomcat.lagou.com 
      http: 
        paths: 
          - path: / 
            backend: 
              serviceName: nodeporttomcat-svc 
              servicePort: 8080

修改宿主机hosts文件

C:\Windows\System32\drivers\etc\hosts

增加ingress-tomcat.lagou.com 域名配置： 
192.168.198.157 ingress-tomcat.lagou.com

部署服务

kubectl apply -f .

浏览器测试

http://ingress-tomcat.lagou.com:31188/

nginx-controller原理

查看ingress-nginx 命名空间下的pod 
kubectl get pods -n ingress-nginx 

进入ingress-nginx 的pod 
kubectl exec -it nginx-ingress-controller-5gt4l -n ingress-nginx sh 

查看nginx反向代理域名ingress-tomcat.lagou.com 
cat nginx.conf