一、问题背景
在采用 k8s 后,一些遗留系统或者因为迁移不方便或者因为为了同时服务于多个环境,而仍然以原来的方式运行着(不受 k8s 管理)。
如果想让 k8s 内的 pods 访问这些遗留的服务,怎么办?
现在有集群外的1个微服务(多实例):
upstream upsmicroservice {
server 192.168.26.141:12345;
server 192.168.26.142:12345;
server 192.168.26.143:12345;
}
location /microservice {
proxy_pass http://upsmicroservice;
}
如何在ingress中配置 ,访问 https://www.example.com/microservice 接口 能访问到对应的后端实例?
二、 k8s ingress 代理操作
如果 upsmicroservice 有多个实例,可以通过 Endpoints 资源来配置这些服务。
以下是如何配置它们,以确保流量能分发到所有实例。
1. 更新 Service 配置
service-microservice.yaml
apiVersion: v1
kind: Service
metadata:
name: microservice
namespace: test
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 123456
2. 创建 Endpoints
创建 Endpoints 资源,以便指向所有实例的 IP。
endpoints-microservice.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: microservice
namespace: test
subsets:
- addresses:
- ip: 192.168.26.141
- ip: 192.168.26.142
- ip: 192.168.26.143
ports:
- port: 123456
3. 为该服务创建Ingress 代理规则
test-ingress-nginx-microservice.yaml
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: test-ingress-nginx-outer
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
creationTimestamp: "2023-08-24T07:56:43Z"
generation: 55
name: test-ingress-nginx-microservice
namespace: test
resourceVersion: "111101388"
uid: 81e435c1-3f03-4303-xxxx-c56cb1d50d8a
spec:
rules:
- host: www.example.com
http:
paths:
- path: /microservice
pathType: Prefix
backend:
service:
name: microservice
port:
number: 80
- 部署Service、Endpoints和Ingress
4.1. 部署服务:
kubectl apply -f service-microservice.yaml
kubectl desribe service microservice -n test
4.2. 部署端点:
kubectl apply -f endpoints-microservice.yaml
kubectl desribe endpoints microservice -n test
4.3. 部署 Ingress:
kubectl apply -f test-ingress-nginx-microservice.yaml
kubectl desribe ingress test-ingress-nginx-microservice -n test
$ kubectl describe service microservice -n test
Name: microservice
Namespace: test
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP Families: <none>
IP: 10.96.80.213
IPs: 10.96.80.213
Port: <unset> 80/TCP
TargetPort: 12345/TCP
Endpoints: 192.168.26.141:12345,192.168.26.142:12345,192.168.26.143:12345
Session Affinity: None
Events: <none>
$ kubectl describe endpoints microservice -n test
Name: microservice
Namespace: test
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 192.168.26.141,192.168.26.142,192.168.26.143
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 12345 TCP
Events: <none>
$ kubectl describe ingress test-ingress-nginx-microservice -n test
Name: test-ingress-nginx-microservice
Namespace: test
Address: 10.96.92.163
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
www.example.com
/microservice microservice :80 (192.168.26.141:12345,192.168.26.142:12345,192.168.26.143:12345)
/ai-embedding ai-embedding:80 (192.168.26.141:11633,192.168.26.142:11633,192.168.26.143:11633)
Annotations: kubernetes.io/ingress.class: test-ingress-nginx-outer
nginx.ingress.kubernetes.io/force-ssl-redirect: false
nginx.ingress.kubernetes.io/ssl-redirect: false
Events: <none>
三、 访问测试
curl -vvv https://www.example.com/microservice
看 ingress 日志,请求是否打到了 microservice 后端实例。
四、参考
Ingress 代理集群外服务
https://mp.weixin.qq.com/s/F9s__YGqG5Jjzb0SnWXVAg
Kubernetes使用ingress反向代理外部IP
https://zahui.fan/posts/0ad6df1b/
图解 Kubernetes Ingress
https://www.qikqiak.com/post/visually-explained-k8s-ingress/
如何将外部服务纳入到k8s集群内
https://beloved.family/wx/%E5%A6%82%E4%BD%95%E5%B0%86%E5%A4%96%E9%83%A8%E6%9C%8D%E5%8A%A1%E7%BA%B3%E5%85%A5%E5%88%B0k8s%E9%9B%86%E7%BE%A4%E5%86%85
网友评论