美文网首页
外部访问k8s内部网络的方式

外部访问k8s内部网络的方式

作者: 无处安放的躁动 | 来源:发表于2019-11-07 16:50 被阅读0次

前言

分析

实现

部署pod常规nginx

  • 清单文件
vim nginx.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80
  • 实施并检验
# 部署nginx
kubectl apply -f nginx.yaml

# 检查pod
[root@k8smaster james]# kubectl get pod -n james -o wide
NAME                                     READY   STATUS    RESTARTS   AGE     IP            NODE       NOMINATED NODE   READINESS GATES
nginx-pod-6c7f88b666-g59wr   1/1     Running   0          4m26s   10.244.1.67   k8snode2   <none>           <none>

# 集群内机器访问
[root@k8smaster james]# curl -I  10.244.1.67
HTTP/1.1 200 OK
Server: nginx/1.17.5
...
# 集群外界点无法访问

部署hostnetwork 类型nginx

  • 清单文件
[root@k8smaster james]# cat  nginx-hostnetwork.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      hostNetwork: True                                # 添加这一行启动引用节点所在的网络
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-npod
        ports:
        - containerPort: 80
  • 实施并验证
# 执行更新pod
[root@k8smaster james]# kubectl apply -f  nginx-hostnetwork.yaml 
deployment.apps/nginx-hostnetwork-pod configured

# 旧pod销毁,新pod启动
[root@k8smaster james]# kubectl get pod -n james
NAME                                     READY   STATUS        RESTARTS   AGE
nginx-hostnetwork-pod-6c7f88b666-g59wr   0/1     Terminating   0          8m32s
nginx-hostnetwork-pod-b5c696fc-wpbg5     1/1     Running       0          10s

# ip变为node节点地址
[root@k8smaster james]# kubectl get pod -n james -o wide
NAME                                   READY   STATUS    RESTARTS   AGE   IP               NODE       NOMINATED NODE   READINESS GATES
nginx-hostnetwork-pod-b5c696fc-wpbg5   1/1     Running   0          23s   192.168.100.11   k8snode1   <none>           <none>

# 集群外节点验证 
[root@new ~]# curl -I 192.168.100.11
HTTP/1.1 200 OK
Server: nginx/1.17.5
...

部署hostport 类型的nginx

  • 清单文件
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80
          hostPort: 80                    # 添加这一行
  • 实施并验证
# 执行
[root@k8smaster james]# kubectl apply -f  nginx-hostport.yaml 
deployment.apps/nginx-pod created

# 查看pod所在node得ip
[root@k8smaster james]# kubectl get pod -n james -o wide
NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE       NOMINATED NODE   READINESS GATES
nginx-pod-b57895c56-ts6dh   1/1     Running   0          50m   10.244.1.68   k8snode2   <none>           <none>
# 集群外节点,通过node所在节点访问
[root@new ~]# curl -I 192.168.100.12
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Thu, 07 Nov 2019 03:53:31 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

[root@new ~]# curl -I 192.168.100.11
curl: (7) Failed connect to 192.168.100.11:80; Connection refused

通过nodeport方式

nodeport 方式不修改pod,而是通过对service进行nodeport设置

  • pod && service 资源清单
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-pod-service
  labels:
    app: nginx-pod               # 对应pod得label
spec:
  type: NodePort                # 类型ExternalName, ClusterIP, NodePort, and LoadBalancer
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30088            # 端口范围【30000-32767】
  selector:
    app: nginx-pod
  • 实施并验证
# 执行
[root@k8smaster james]# kubectl apply -f nginx-nodeport.yaml 
deployment.apps/nginx-pod created
service/nginx-pod-service created

# 查看pod and service,得知port30080
 [root@k8smaster james]# kubectl get pod -n james -o wide
NAME                         READY   STATUS    RESTARTS   AGE   IP            NODE       NOMINATED NODE   READINESS GATES
nginx-pod-679c49788d-lgm5n   1/1     Running   0          77s   10.244.1.69   k8snode2   <none>           <none>
[root@k8smaster james]# kubectl get svc -n james -o wide
NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE    SELECTOR
nginx-pod-service    NodePort    10.104.242.225   <none>        80:30080/TCP   69s    app=nginx-pod

# 验证【集群任意IP可以访问】
[root@k8smaster james]# curl -I 192.168.100.11:30080
HTTP/1.1 200 OK
Server: nginx/1.17.5

LoadBalancer 方式

略,仅仅可以在云上,并且是设备内实施

通过Ingress 方式
-部署ingress-nginx

# 下载资源清单
wget https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/mandatory.yaml
# 修改文件
sed -i '214ahostNetwork: true '  mandatory.yaml

执行

kubectl apply -f mandatory.yaml

提案加ingress后端以及添加ingress 规则

vim ingress-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-pod-service
  namespace: james
  labels:
    app: nginx-pod
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx-pod
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-pod-ingress
  namespace: james
spec:
  rules:
    - host: james.szlaozi.com         # 仅仅支持域名
      http:
        paths:
          - backend:
              serviceName: nginx-pod-service    # 上面servicename
              servicePort: 80                                # 端口
  • 执行
kubectl app -f ingress-nginx.yaml
# 查看部署所在节点得IP,并解析成域名james.szlaozi.com
[root@k8smaster james]#  kubectl get pods -n ingress-nginx -owide
NAME                                        READY   STATUS    RESTARTS   AGE   IP               NODE       NOMINATED NODE   READINESS GATES
nginx-ingress-controller-5bbd46cd86-jhnw4   1/1     Running   0          50m   192.168.100.12   k8snode2   <none>           <none>
[root@k8smaster james]# kubectl get pod,svc -n james
NAME                             READY   STATUS    RESTARTS   AGE
pod/nginx-pod-679c49788d-8lt2c   1/1     Running   0          138m

NAME                         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/nginx-ds-pod-sb22h   ClusterIP   10.97.9.14      <none>        80/TCP    6h44m
service/nginx-ds-pod-xlm75   ClusterIP   10.108.109.91   <none>        80/TCP    6h46m
service/nginx-pod-service    ClusterIP   10.108.23.55    <none>        80/TCP    138m
# 修改hosts
vim /etc/hosts
192.168.100.12 james.szlaozi.com
# 验证
[root@k8smaster james]# curl -I  james.szlaozi.com
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Thu, 07 Nov 2019 08:27:48 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
ETag: "5daf1268-264"
Accept-Ranges: bytes

关于ingress方式

  • ingress 的功能其实不是对外暴露访问,但是可以通过hostnetwork来实现,通过ingress暴露出多个service的集合
  • ingress可以通过DaemonSet进行部署,不让流量只走一个node节点,而是多个节点,从而实现负载均衡

参考

参考文本
what-is-ingress

相关文章

  • k8s-service

    Service 内部访问方式 外部访问方式

  • 外部访问k8s内部网络的方式

    前言 分析 实现 部署pod常规nginx 清单文件 实施并检验 部署hostnetwork 类型nginx 清单...

  • 使用开发联调神器做k8s的ingress

    背景 K8S集群内部的服务在外部不能访问,如需外部访问需要ingress做代理。官方有nginx-ingress,...

  • Pod内进程访问k8s服务

    Pod内进程访问k8s服务 外部服务可以通过kubeconfig访问k8s服务,那k8s集群内部服务(Pos内服务...

  • scala-10-嵌套类

    嵌套类的使用 成员内部类和静态内部类 内部类访问外部类的属性方法 访问方式1:外部类名.this.属性名访问方式2...

  • kubernetes 服务访问

    简介 kubernetes 使用service和ingress共同构建了,外部访问k8s内部容器的通道。 Serv...

  • nginx作为tcp代理

    有时候我们需要从外部网络访问内部网络的服务的时候,可能需要使用到tcp代理,比如从外部连接内部网络的redis,这...

  • block浅谈

    block内部不能直接修改外部变量,因为block内部访问外部变量的时候,是以const的方式进行拷贝到block...

  • docker容器内部访问外部网络

    我们知道容器默认指定了网关为docker0网桥上的docker0内部接口。docker0内部接口同时是宿主机的一个...

  • k8s Ingress 服务部署方式

    k8s Ingress 服务部署方式 通常情况下,service和pod仅可在集群内部网络中通过IP地址访问。所有...

网友评论

      本文标题:外部访问k8s内部网络的方式

      本文链接:https://www.haomeiwen.com/subject/oxvmbctx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|外部访问k8s内部网络的方式|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!