美文网首页
外部访问k8s内部网络的方式

外部访问k8s内部网络的方式

作者: 无处安放的躁动 | 来源:发表于2019-11-07 16:50 被阅读0次

    前言

    分析

    实现

    部署pod常规nginx

    • 清单文件
    vim nginx.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80
    • 实施并检验
    # 部署nginx
kubectl apply -f nginx.yaml

# 检查pod
[root@k8smaster james]# kubectl get pod -n james -o wide
NAME                                     READY   STATUS    RESTARTS   AGE     IP            NODE       NOMINATED NODE   READINESS GATES
nginx-pod-6c7f88b666-g59wr   1/1     Running   0          4m26s   10.244.1.67   k8snode2   <none>           <none>

# 集群内机器访问
[root@k8smaster james]# curl -I  10.244.1.67
HTTP/1.1 200 OK
Server: nginx/1.17.5
...
# 集群外界点无法访问

    部署hostnetwork 类型nginx

    • 清单文件
    [root@k8smaster james]# cat  nginx-hostnetwork.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      hostNetwork: True                                # 添加这一行启动引用节点所在的网络
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-npod
        ports:
        - containerPort: 80
    • 实施并验证
    # 执行更新pod
[root@k8smaster james]# kubectl apply -f  nginx-hostnetwork.yaml 
deployment.apps/nginx-hostnetwork-pod configured

# 旧pod销毁,新pod启动
[root@k8smaster james]# kubectl get pod -n james
NAME                                     READY   STATUS        RESTARTS   AGE
nginx-hostnetwork-pod-6c7f88b666-g59wr   0/1     Terminating   0          8m32s
nginx-hostnetwork-pod-b5c696fc-wpbg5     1/1     Running       0          10s

# ip变为node节点地址
[root@k8smaster james]# kubectl get pod -n james -o wide
NAME                                   READY   STATUS    RESTARTS   AGE   IP               NODE       NOMINATED NODE   READINESS GATES
nginx-hostnetwork-pod-b5c696fc-wpbg5   1/1     Running   0          23s   192.168.100.11   k8snode1   <none>           <none>

# 集群外节点验证 
[root@new ~]# curl -I 192.168.100.11
HTTP/1.1 200 OK
Server: nginx/1.17.5
...

    部署hostport 类型的nginx

    • 清单文件
    apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80
          hostPort: 80                    # 添加这一行
    • 实施并验证
    # 执行
[root@k8smaster james]# kubectl apply -f  nginx-hostport.yaml 
deployment.apps/nginx-pod created

# 查看pod所在node得ip
[root@k8smaster james]# kubectl get pod -n james -o wide
NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE       NOMINATED NODE   READINESS GATES
nginx-pod-b57895c56-ts6dh   1/1     Running   0          50m   10.244.1.68   k8snode2   <none>           <none>
# 集群外节点,通过node所在节点访问
[root@new ~]# curl -I 192.168.100.12
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Thu, 07 Nov 2019 03:53:31 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

[root@new ~]# curl -I 192.168.100.11
curl: (7) Failed connect to 192.168.100.11:80; Connection refused

    通过nodeport方式

    nodeport 方式不修改pod,而是通过对service进行nodeport设置

    • pod && service 资源清单
    apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-pod-service
  labels:
    app: nginx-pod               # 对应pod得label
spec:
  type: NodePort                # 类型ExternalName, ClusterIP, NodePort, and LoadBalancer
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30088            # 端口范围【30000-32767】
  selector:
    app: nginx-pod
    • 实施并验证
    # 执行
[root@k8smaster james]# kubectl apply -f nginx-nodeport.yaml 
deployment.apps/nginx-pod created
service/nginx-pod-service created

# 查看pod and service,得知port30080
 [root@k8smaster james]# kubectl get pod -n james -o wide
NAME                         READY   STATUS    RESTARTS   AGE   IP            NODE       NOMINATED NODE   READINESS GATES
nginx-pod-679c49788d-lgm5n   1/1     Running   0          77s   10.244.1.69   k8snode2   <none>           <none>
[root@k8smaster james]# kubectl get svc -n james -o wide
NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE    SELECTOR
nginx-pod-service    NodePort    10.104.242.225   <none>        80:30080/TCP   69s    app=nginx-pod

# 验证【集群任意IP可以访问】
[root@k8smaster james]# curl -I 192.168.100.11:30080
HTTP/1.1 200 OK
Server: nginx/1.17.5

    LoadBalancer 方式

    略,仅仅可以在云上,并且是设备内实施

    通过Ingress 方式
    -部署ingress-nginx

    # 下载资源清单
wget https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/mandatory.yaml
# 修改文件
sed -i '214ahostNetwork: true '  mandatory.yaml

    执行

    kubectl apply -f mandatory.yaml

    提案加ingress后端以及添加ingress 规则

    vim ingress-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-pod
  name: nginx-pod
  namespace: james
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx-pod
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-pod-service
  namespace: james
  labels:
    app: nginx-pod
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx-pod
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-pod-ingress
  namespace: james
spec:
  rules:
    - host: james.szlaozi.com         # 仅仅支持域名
      http:
        paths:
          - backend:
              serviceName: nginx-pod-service    # 上面servicename
              servicePort: 80                                # 端口
    • 执行
    kubectl app -f ingress-nginx.yaml
# 查看部署所在节点得IP,并解析成域名james.szlaozi.com
[root@k8smaster james]#  kubectl get pods -n ingress-nginx -owide
NAME                                        READY   STATUS    RESTARTS   AGE   IP               NODE       NOMINATED NODE   READINESS GATES
nginx-ingress-controller-5bbd46cd86-jhnw4   1/1     Running   0          50m   192.168.100.12   k8snode2   <none>           <none>
[root@k8smaster james]# kubectl get pod,svc -n james
NAME                             READY   STATUS    RESTARTS   AGE
pod/nginx-pod-679c49788d-8lt2c   1/1     Running   0          138m

NAME                         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/nginx-ds-pod-sb22h   ClusterIP   10.97.9.14      <none>        80/TCP    6h44m
service/nginx-ds-pod-xlm75   ClusterIP   10.108.109.91   <none>        80/TCP    6h46m
service/nginx-pod-service    ClusterIP   10.108.23.55    <none>        80/TCP    138m
# 修改hosts
vim /etc/hosts
192.168.100.12 james.szlaozi.com
# 验证
[root@k8smaster james]# curl -I  james.szlaozi.com
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Thu, 07 Nov 2019 08:27:48 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
ETag: "5daf1268-264"
Accept-Ranges: bytes

    关于ingress方式

    • ingress 的功能其实不是对外暴露访问,但是可以通过hostnetwork来实现,通过ingress暴露出多个service的集合
    • ingress可以通过DaemonSet进行部署,不让流量只走一个node节点,而是多个节点,从而实现负载均衡

    参考

    参考文本
    what-is-ingress

    相关文章

      网友评论

          本文标题:外部访问k8s内部网络的方式

          本文链接:https://www.haomeiwen.com/subject/oxvmbctx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|外部访问k8s内部网络的方式|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!