知识分享 - Kubernetes 1.19.0——服务的发布 - V2CE

所谓发布指的是，如何让集群之外的主机能访问服务

Cluster-IP只有集群内部可访问（图中命令显示只能通过80端口访问）

SVC并不是所有协议都能访问

NodePort

为某个服务配置了NodePort，此NodePort会在所有节点上映射

 [root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80 --type=NodePort
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl get svc
NAME   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
svc1   NodePort   10.100.69.97   <none>        80:32217/TCP   3s

所有节点均可访问

如果忘了指定type，也可在创建好svc后通过edit去改

 [root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl edit svc svc1
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2020-10-07T04:31:13Z"
  labels:
    aa: bb
  name: svc1
  namespace: chap9-svc
  resourceVersion: "723282"
  selfLink: /api/v1/namespaces/chap9-svc/services/svc1
  uid: 4d758411-58ce-440d-82a0-595bb0b1d16f
spec:
  clusterIP: 10.107.137.53
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app2: web2
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

LoadBalancer

访问https://metallb.universe.tf/installation/

下载下来

这种方法不推荐，这里不作演示

Ingress（推荐）

在两个worker节点下载所需镜像

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0

将mandatory.yaml上传至服务器

 [root@vms61 chap9-svc]# ls
blog.yaml  mandatory.yaml  web1.yaml
[root@vms61 chap9-svc]# grep image mandatory.yaml 
          image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0
[root@vms61 chap9-svc]# kubectl apply -f mandatory.yaml 
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created

会有一个ingress的命名空间生成，还会有一个反向代理的pod

注意创建的时候需指定命名空间

 [root@vms61 chap9-svc]# kubectl get deploy -n ingress-nginx 
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
nginx-ingress-controller   1/1     1            1           23m
[root@vms61 chap9-svc]# kubectl expose --name=ingress deployment nginx-ingress-controller --port=80 --type=NodePort -n ingress-nginx 
service/ingress exposed

创建3个pod并添加一些测试数据

 [root@vms61 chap9-svc]# kubectl run pod1 --image=nginx --image-pull-policy=IfNotPresent
pod/pod1 created
[root@vms61 chap9-svc]# kubectl run pod2 --image=nginx --image-pull-policy=IfNotPresent
pod/pod2 created
[root@vms61 chap9-svc]# kubectl run pod3 --image=nginx --image-pull-policy=IfNotPresent
pod/pod3 created
[root@vms61 chap9-svc]# kubectl exec -it pod1 -- bash
root@pod1:/# echo 11111 > /usr/share/nginx/html/index.html 
root@pod1:/# exit
exit
[root@vms61 chap9-svc]# kubectl exec -it pod2 -- bash
root@pod2:/# echo 22222 > /usr/share/nginx/html/index.html 
root@pod2:/# exit
exit
[root@vms61 chap9-svc]# kubectl exec -it pod3 -- bash
root@pod3:/# mkdir /usr/share/nginx/html/app
root@pod3:/# echo 33333 > /usr/share/nginx/html/index.html 
root@pod3:/# echo app > /usr/share/nginx/html/app/index.html
root@pod3:/# exit
exit

再创建3个svc与3个pod对应

 [root@vms61 chap9-svc]# kubectl expose --name=svc1 pod pod1 --port=80
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl expose --name=svc2 pod pod2 --port=80
service/svc2 exposed
[root@vms61 chap9-svc]# kubectl expose --name=svc3 pod pod3 --port=80
service/svc3 exposed

创建出ingress并测试访问成功

 [root@vms61 chap9-svc]# cat ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: myingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: www1.aa.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: svc1
          servicePort: 80
  - host: www2.aa.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: svc2
          servicePort: 80
[root@vms61 chap9-svc]# kubectl apply -f ingress.yaml 
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/myingress configured
[root@vms61 chap9-svc]# kubectl get svc -n ingress-nginx 
NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
ingress   NodePort   10.102.22.173   <none>        80:31256/TCP   79m
[root@vms61 chap9-svc]# curl www1.aa.com:31256
11111
[root@vms61 chap9-svc]# curl www2.aa.com:31256
22222

	[root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80 --type=NodePort
	service/svc1 exposed
	[root@vms61 chap9-svc]# kubectl get svc
	NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
	svc1 NodePort 10.100.69.97 <none> 80:32217/TCP 3s

	[root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80
	service/svc1 exposed
	[root@vms61 chap9-svc]# kubectl edit svc svc1
	# Please edit the object below. Lines beginning with a '#' will be ignored,
	# and an empty file will abort the edit. If an error occurs while saving this file will be
	# reopened with the relevant failures.
	#
	apiVersion: v1
	kind: Service
	metadata:
	creationTimestamp: "2020-10-07T04:31:13Z"
	labels:
	aa: bb
	name: svc1
	namespace: chap9-svc
	resourceVersion: "723282"
	selfLink: /api/v1/namespaces/chap9-svc/services/svc1
	uid: 4d758411-58ce-440d-82a0-595bb0b1d16f
	spec:
	clusterIP: 10.107.137.53
	ports:
	- port: 80
	protocol: TCP
	targetPort: 80
	selector:
	app2: web2
	sessionAffinity: None
	type: NodePort
	status:
	loadBalancer: {}

	[root@vms61 chap9-svc]# ls
	blog.yaml mandatory.yaml web1.yaml
	[root@vms61 chap9-svc]# grep image mandatory.yaml
	image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0
	[root@vms61 chap9-svc]# kubectl apply -f mandatory.yaml
	namespace/ingress-nginx created
	configmap/nginx-configuration created
	configmap/tcp-services created
	configmap/udp-services created
	serviceaccount/nginx-ingress-serviceaccount created
	Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
	clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
	Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
	role.rbac.authorization.k8s.io/nginx-ingress-role created
	Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
	rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
	Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
	clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
	deployment.apps/nginx-ingress-controller created

	[root@vms61 chap9-svc]# kubectl get deploy -n ingress-nginx
	NAME READY UP-TO-DATE AVAILABLE AGE
	nginx-ingress-controller 1/1 1 1 23m
	[root@vms61 chap9-svc]# kubectl expose --name=ingress deployment nginx-ingress-controller --port=80 --type=NodePort -n ingress-nginx
	service/ingress exposed

	[root@vms61 chap9-svc]# kubectl run pod1 --image=nginx --image-pull-policy=IfNotPresent
	pod/pod1 created
	[root@vms61 chap9-svc]# kubectl run pod2 --image=nginx --image-pull-policy=IfNotPresent
	pod/pod2 created
	[root@vms61 chap9-svc]# kubectl run pod3 --image=nginx --image-pull-policy=IfNotPresent
	pod/pod3 created
	[root@vms61 chap9-svc]# kubectl exec -it pod1 -- bash
	root@pod1:/# echo 11111 > /usr/share/nginx/html/index.html
	root@pod1:/# exit
	exit
	[root@vms61 chap9-svc]# kubectl exec -it pod2 -- bash
	root@pod2:/# echo 22222 > /usr/share/nginx/html/index.html
	root@pod2:/# exit
	exit
	[root@vms61 chap9-svc]# kubectl exec -it pod3 -- bash
	root@pod3:/# mkdir /usr/share/nginx/html/app
	root@pod3:/# echo 33333 > /usr/share/nginx/html/index.html
	root@pod3:/# echo app > /usr/share/nginx/html/app/index.html
	root@pod3:/# exit
	exit

	[root@vms61 chap9-svc]# cat ingress.yaml
	apiVersion: networking.k8s.io/v1beta1
	kind: Ingress
	metadata:
	name: myingress
	annotations:
	nginx.ingress.kubernetes.io/rewrite-target: /
	spec:
	rules:
	- host: www1.aa.com
	http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	serviceName: svc1
	servicePort: 80
	- host: www2.aa.com
	http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	serviceName: svc2
	servicePort: 80
	[root@vms61 chap9-svc]# kubectl apply -f ingress.yaml
	Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
	ingress.networking.k8s.io/myingress configured
	[root@vms61 chap9-svc]# kubectl get svc -n ingress-nginx
	NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
	ingress NodePort 10.102.22.173 <none> 80:31256/TCP 79m
	[root@vms61 chap9-svc]# curl www1.aa.com:31256
	11111
	[root@vms61 chap9-svc]# curl www2.aa.com:31256
	22222

知识分享 – Kubernetes 1.19.0——服务的发布

NodePort

LoadBalancer

Ingress（推荐）