知识分享 – Kubernetes 1.19.0——服务的发布

所谓发布指的是,如何让集群之外的主机能访问服务

创建一个svc

Cluster-IP只有集群内部可访问(图中命令显示只能通过80端口访问)

SVC并不是所有协议都能访问

NodePort

为某个服务配置了NodePort,此NodePort会在所有节点上映射

加上–tpye=NodePort会随机映射到物理机的一个30000以上的端口
[root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80 --type=NodePort
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl get svc
NAME   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
svc1   NodePort   10.100.69.97   <none>        80:32217/TCP   3s

所有节点均可访问
所有节点均可访问
所有节点均可访问
如果忘了指定type,也可在创建好svc后通过edit去改
[root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl edit svc svc1
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2020-10-07T04:31:13Z"
  labels:
    aa: bb
  name: svc1
  namespace: chap9-svc
  resourceVersion: "723282"
  selfLink: /api/v1/namespaces/chap9-svc/services/svc1
  uid: 4d758411-58ce-440d-82a0-595bb0b1d16f
spec:
  clusterIP: 10.107.137.53
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app2: web2
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

LoadBalancer

访问https://metallb.universe.tf/installation/

下载下来

这种方法不推荐,这里不作演示

Ingress(推荐)

在两个worker节点下载所需镜像
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0

将mandatory.yaml上传至服务器
[root@vms61 chap9-svc]# ls
blog.yaml  mandatory.yaml  web1.yaml
[root@vms61 chap9-svc]# grep image mandatory.yaml 
          image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0
[root@vms61 chap9-svc]# kubectl apply -f mandatory.yaml 
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created

会有一个ingress的命名空间生成,还会有一个反向代理的pod
注意创建的时候需指定命名空间
[root@vms61 chap9-svc]# kubectl get deploy -n ingress-nginx 
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
nginx-ingress-controller   1/1     1            1           23m
[root@vms61 chap9-svc]# kubectl expose --name=ingress deployment nginx-ingress-controller --port=80 --type=NodePort -n ingress-nginx 
service/ingress exposed

创建3个pod并添加一些测试数据
[root@vms61 chap9-svc]# kubectl run pod1 --image=nginx --image-pull-policy=IfNotPresent
pod/pod1 created
[root@vms61 chap9-svc]# kubectl run pod2 --image=nginx --image-pull-policy=IfNotPresent
pod/pod2 created
[root@vms61 chap9-svc]# kubectl run pod3 --image=nginx --image-pull-policy=IfNotPresent
pod/pod3 created
[root@vms61 chap9-svc]# kubectl exec -it pod1 -- bash
root@pod1:/# echo 11111 > /usr/share/nginx/html/index.html 
root@pod1:/# exit
exit
[root@vms61 chap9-svc]# kubectl exec -it pod2 -- bash
root@pod2:/# echo 22222 > /usr/share/nginx/html/index.html 
root@pod2:/# exit
exit
[root@vms61 chap9-svc]# kubectl exec -it pod3 -- bash
root@pod3:/# mkdir /usr/share/nginx/html/app
root@pod3:/# echo 33333 > /usr/share/nginx/html/index.html 
root@pod3:/# echo app > /usr/share/nginx/html/app/index.html
root@pod3:/# exit
exit

再创建3个svc与3个pod对应
[root@vms61 chap9-svc]# kubectl expose --name=svc1 pod pod1 --port=80
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl expose --name=svc2 pod pod2 --port=80
service/svc2 exposed
[root@vms61 chap9-svc]# kubectl expose --name=svc3 pod pod3 --port=80
service/svc3 exposed

创建出ingress并测试访问成功
[root@vms61 chap9-svc]# cat ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: myingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: www1.aa.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: svc1
          servicePort: 80
  - host: www2.aa.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: svc2
          servicePort: 80
[root@vms61 chap9-svc]# kubectl apply -f ingress.yaml 
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/myingress configured
[root@vms61 chap9-svc]# kubectl get svc -n ingress-nginx 
NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
ingress   NodePort   10.102.22.173   <none>        80:31256/TCP   79m
[root@vms61 chap9-svc]# curl www1.aa.com:31256
11111
[root@vms61 chap9-svc]# curl www2.aa.com:31256
22222

正文完