1. Common service access methods
1. Cluster internal services
(1)、DNS+ClusterIP
(2)、Headless
2. Access services outside the cluster within the cluster
(1)IP+Port
(2)OutService
2. Access services in the cluster from outside the cluster
(1)NodePort
(2)hostip
(3)ingress
1) The traditional way
The traditional way to resolve the domain name is to configure an Nginx, configure the corresponding domain name and the corresponding pod’s ip and port in nginx.conf, and the browser requests to nginx. Because nginx is inside the cluster, it can access all po’s ip, and the result can be requested normally.
But there is a problem: if the pod changes frequently, and the domain name often increases, if the configuration file needs to be modified every time it is modified, and the configuration file needs to be reloaded to restart, the process is cumbersome and complicated.
Kubernetes also took this issue into consideration and proposed the concept of ingress.
2)ingress
Like mature solutions: ingress nginx, ingress gce, etc.
Two, ingress-nginx installation and deployment
The k8s cluster we built before supports the above-mentioned service access methods, such as NodePort and Service , except for domain name access , this domain name access requires a domain name access solution. Let’s build one of them: ingress-nginx.
1. First go to the official website to find out
2. Download and install ingress-nginx
(1) github address
(2) Download configuration
(1) Download
download link:
链接:https://pan.baidu.com/s/1eK-XnD9hRmaWIwDUyApwcw?pwd=emr9
提取码:emr9
mkdir ingress-nginx
mv mandatory.yaml
(2) carry out apply
kubectl apply -f mandatory.yaml
check
kubectl get all -n ingress-nginx
Wait a minute. .
Because several images are used in this file
grep image mandatory.yaml
Note, go to node-2 and node-3 to verify whether these images can be downloaded normally! !
node-2:
docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0
node-3:
docker pull k8s.gcr.io/defaultbackend-amd64:1.5
Found that one cannot be downloaded.
go here to download
docker pull registry.cn-hangzhou.aliyuncs.com/liuyi01/defaultbackend-amd64:1.5
re-label
docker tag registry.cn-hangzhou.aliyuncs.com/liuyi01/defaultbackend-amd64:1.5 k8s.gcr.io/defaultbackend-amd64:1.5
Note that these images must be downloaded on node-2 and node-3.
(3) Go to verify again
Go to node-1 for verification
kubectl get all -n ingress-nginx
(4) Next, let's expose the port
Port 80 of our worker nodes is listening
netstat -ntlp|grep 80
This port is harbor
We stop the harbor of node-2, because our current nginx points to 121 which is node-3.
to node-2:
docker-compose down
Release port 80 of 120, and schedule the ingress controller on port 80.
Check port 80 and port 443 again
netstat -ntlp|grep 80
netstat -ntlp|grep 443
(5) Configure
to node-1
kubectl get nodes
Label node-2
kubectl label node dh-neibu-20.120-docker.cn app=ingress
Modify the configuration file
vi mandatory.yaml
Add the following:
kubectl apply -f mandatory.yaml
q
to verify:
kubectl get all -n ingress-nginx
Wait a mininute. .
kubectl get all -n ingress-nginx
Now let's check port 80 on node-2
netstat -ntlp|grep 80
Look at 443 again
netstat -ntlp|grep 443
3. Test
Here we start a service
Configure ingress-demo.yaml on node-1
The content is as follows:
File download address:
链接:https://pan.baidu.com/s/1s-TGvWM3yF2uDqYBUB6glg?pwd=mtrl
提取码:mtrl
Then we create
kubectl create -f ingress-demo.yaml
kubectl get pod -o wide
Next, we go to our local host file and add the following:
because our ingress-nginx is on 10.155.20.120.
10.155.20.120 tomcat.mooc.com
10.155.20.120 api.mooc.com
Open browser to visit
api.mooc.com
tomcat.imooc.com
Note that this pod is in an unavailable state of 503
Go back and verify:
kubectl get pod -o wide
Still being created.
Let's go to 121 to have a look
journalctl -f
Still in the download mirror.
verify again
tomcat.mooc.com