k8s之ingress实战小栗子
| 阿里云国内75折 回扣 微信号:monov8 |
| 阿里云国际,腾讯云国际,低至75折。AWS 93折 免费开户实名账号 代冲值 优惠多多 微信号:monov8 飞机:@monov6 |
写在前面
本文接k8s之ingress 。
本文看一个基于ingress作为流量入口的实战例子,架构图如下:
接下来详细看下。
1:部署MariaDB
首先我们需要定义MariaDB使用的configmap,如下:
apiVersion: v1
kind: ConfigMap
metadata:
name: maria-cm
data:
DATABASE: 'db'
USER: 'wp'
PASSWORD: '123'
ROOT_PASSWORD: '123'然后需要定义后MariaDB的deploy来维持MariaDB的POD数在一定个数,如下:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: maria-dep
name: maria-dep
spec:
replicas: 1
selector:
matchLabels:
app: maria-dep
template:
metadata:
labels:
app: maria-dep
spec:
containers:
- image: mariadb:10
name: mariadb
ports:
- containerPort: 3306
envFrom:
- prefix: 'MARIADB_'
configMapRef:
name: maria-cm最后定义MariaDB的POD的service,这样可以域名方式访问POD,这样就不用关心POD的退出和新建而导致的IP地址变化问题,yaml如下:
apiVersion: v1
kind: Service
metadata:
labels:
app: maria-dep
name: maria-svc
spec:
ports:
- port: 3306
protocol: TCP
targetPort: 3306
selector:
app: maria-dep最后我们使用---将以上3个yaml定义在一个文件中,然后apply如下:
dongyunqi@mongodaddy:~/k8s$ kubectl apply -f wp-maria.yml
configmap/maria-cm created
deployment.apps/maria-dep created
service/maria-svc created查看如下:
dongyunqi@mongodaddy:~/k8s$ kubectl get pod
NAME READY STATUS RESTARTS AGE
maria-dep-767bbdccb5-dbm2t 1/1 Running 0 41m
dongyunqi@mongodaddy:~/k8s$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
maria-dep 1/1 1 1 41m
dongyunqi@mongodaddy:~/k8s$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
...
maria-svc ClusterIP 10.108.87.240 <none> 3306/TCP 41m2:部署WordPress
首先我们需要定义WordPress使用的ConfigMap,如下:
apiVersion: v1
kind: ConfigMap
metadata:
name: wp-cm
data:
HOST: 'maria-svc'
USER: 'wp'
PASSWORD: '123'
NAME: 'db'注意HOST: 'maria-svc'配置的是MariaDB的service 域名,这样就能屏蔽IP地址的变化带来的影响,然后定义deploy,控制WordPress的个数,这里定义2个POD,envFrom设置环境变量,如下:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: wp-dep
name: wp-dep
spec:
replicas: 2
selector:
matchLabels:
app: wp-dep
template:
metadata:
labels:
app: wp-dep
spec:
containers:
- image: wordpress:5
name: wordpress
ports:
- containerPort: 80
envFrom:
- prefix: 'WORDPRESS_DB_'
configMapRef:
name: wp-cm最后设置service,实现负载均衡以及服务发现,并通过NodePort暴露端口号30088(必须在30000~32767之间)到宿主机,这样我们就可以在ingress访问不正常时通过访问该service来排查问题。如下:
apiVersion: v1
kind: Service
metadata:
labels:
app: wp-dep
name: wp-svc
spec:
ports:
- name: http80
port: 80
protocol: TCP
targetPort: 80
nodePort: 30088
selector:
app: wp-dep
type: NodePort接着我们将三个yaml以---放在一个文件中,并apply,如下:
dongyunqi@mongodaddy:~/k8s$ kubectl apply -f wp-dep.yml
configmap/wp-cm created
deployment.apps/wp-dep created
service/wp-svc created
dongyunqi@mongodaddy:~/k8s$ kubectl get pod
NAME READY STATUS RESTARTS AGE
maria-dep-767bbdccb5-dbm2t 1/1 Running 0 81m
wp-dep-5b5586d79c-fvj86 1/1 Running 0 2m23s
wp-dep-5b5586d79c-qf2zt 1/1 Running 0 2m23s
dongyunqi@mongodaddy:~/k8s$ kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
maria-dep 1/1 1 1 81m
wp-dep 2/2 2 2 2m34s
dongyunqi@mongodaddy:~/k8s$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 46h
maria-svc ClusterIP 10.108.87.240 <none> 3306/TCP 81m
wp-svc NodePort 10.99.4.117 <none> 80:30088/TCP 2m48s接着我们就可以通过任意一个节点的30088端口来访问WordPress网站了,如下:
最后我们来部署流量真正的入口ingress。
3:部署ingress
首先定义ingress class:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: wp-ink
spec:
controller: nginx.org/ingress-controller然后用kubectl create命令生成ingress样板文件,指定域名是wp.test,后端Service是wp-svc:80,Ingress Class就是刚定义的wp-ink,如下:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wp-ing
spec:
ingressClassName: wp-ink
rules:
- host: wp.test
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wp-svc
port:
number: 80最后定义ingress controller yaml,如下:
dongyunqi@mongodaddy:~/k8s$ cat my-ingress-controller.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: wp-ing
namespace: nginx-ingress
spec:
replicas: 1
selector:
matchLabels:
app: ngx-kic-dep
template:
metadata:
labels:
app: ngx-kic-dep
spec:
hostNetwork: true
serviceAccountName: nginx-ingress
automountServiceAccountToken: true
containers:
- image: nginx/nginx-ingress:2.2-alpine
imagePullPolicy: IfNotPresent
name: nginx-ingress
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: readiness-port
containerPort: 8081
- name: prometheus
containerPort: 9113
readinessProbe:
httpGet:
path: /nginx-ready
port: readiness-port
periodSeconds: 1
resources:
requests:
cpu: "100m"
memory: "128Mi"
securityContext:
allowPrivilegeEscalation: true
runAsUser: 101 #nginx
runAsNonRoot: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
- -ingress-class=wp-ink注意Nginx的pod配置了hostNetwork: true即和宿主机共享网络。分别apply后还不能直接访问,还需要配置hosts,将域名wp.test映射到Nginx的pod所在的Node的IP(通过-o wide查看POD会显示所在Node的IP地址信息),如下:
192.168.64.132 wp.test测试如下:
这里页面报错是WordPress的,因为是我本地机器的资源不足,导致MariaDB的POD停止了,不过不影响我们测试,毕竟已经访问到WordPress了。
写在后面
| 阿里云国内75折 回扣 微信号:monov8 |
| 阿里云国际,腾讯云国际,低至75折。AWS 93折 免费开户实名账号 代冲值 优惠多多 微信号:monov8 飞机:@monov6 |