您的位置: 首页  >  技术问答  >  kubernetes入口控制器和资源使用nginx

kubernetes入口控制器和资源使用nginx

分类: 技术问答 2022-09-26 21:20:37
问题描述:

任何人都可以提供一个完整的例子,说明如何运行不安全的(没有TLS)入口控制器和资源与nginx的远程访问服务运行在kubernetes集群?我没有找到有用的东西。kubernetes入口控制器和资源使用nginx

PS:我的kubernetes群集在裸机上运行,​​而不是在云提供商上运行。 下一个就可能对我做了什么有用的信息:

$ kubectl得到SVC

NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE attachmentservice 10.254.111.232 <none> 80/TCP 3d financeservice 10.254.38.228 <none> 80/TCP 3d gatewayservice 10.254.38.182 nodes 80/TCP 3d hrservice 10.254.61.196 <none> 80/TCP 3d kubernetes 10.254.0.1 <none> 443/TCP 31d messageservice 10.254.149.125 <none> 80/TCP 3d redis-service 10.254.201.241 <none> 6379/TCP 15d settingservice 10.254.157.155 <none> 80/TCP 3d trainingservice 10.254.166.92 <none> 80/TCP 3d

nginx的 - 进入 - rc.yml

apiVersion: v1 kind: ReplicationController metadata: name: nginx-ingress-rc labels: app: nginx-ingress spec: replicas: 1 selector: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: containers: - image: nginxdemos/nginx-ingress:0.6.0 imagePullPolicy: Always name: nginx-ingress ports: - containerPort: 80 hostPort: 80

服务,ingress.yml

apiVersion: extensions/v1beta1 kind: Ingress metadata: name: services-ingress spec: rules: - host: ctc-cicd2 http: paths: - path: /gateway backend: serviceName: gatewayservice servicePort: 80 - path: /training backend: serviceName: trainingservice servicePort: 80 - path: /attachment backend: serviceName: attachmentservice servicePort: 80 - path: /hr backend: serviceName: hrservice servicePort: 80 - path: /message backend: serviceName: messageservice servicePort: 80 - path: /settings backend: serviceName: settingservice servicePort: 80 - path: /finance backend: serviceName: financeservice servicePort: 80

nginx.conf新内容

upstream default-services-ingress-ctc-cicd2-trainingservice { 

    server 12.16.64.5:8190; 
    server 12.16.65.6:8190;

} upstream default-services-ingress-ctc-cicd2-attachmentservice {

server 12.16.64.2:8095;

} upstream default-services-ingress-ctc-cicd2-hrservice {

server 12.16.64.7:8077;

} upstream default-services-ingress-ctc-cicd2-messageservice {

server 12.16.64.9:8065;

} upstream default-services-ingress-ctc-cicd2-settingservice {

server 12.16.64.10:8098; 
    server 12.16.65.4:8098;

} upstream default-services-ingress-ctc-cicd2-financeservice {

server 12.16.64.4:8092;

} upstream default-services-ingress-ctc-cicd2-gatewayservice {

server 12.16.64.6:8090; 
    server 12.16.65.7:8090;

}`

server { listen 80;

server_name ctc-cicd2; 





    location /gateway { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-gatewayservice; 

    } 
    location /training { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-trainingservice; 

    } 
    location /attachment { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-attachmentservice; 

    } 
    location /hr { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-hrservice; 

    } 
    location /message { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-messageservice; 

    } 
    location /settings { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-settingservice; 

    } 
    location /finance { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-financeservice; 

    }

}

the Kubernetes ingress documentation,入口是规则允许的入站连接达到集群服务的集合。这当然要求您在集群中部署入口控制器。虽然有许多方法可以实现入口控制器,但可以找到一个简单的方法来帮助您理解该概念,其中包括here。这个是写在golang,基本上听kubeapi新的入口资源。当它得到一个新进入的入口资源,它会根据关闭该配置重新建立一个新的nginx的conf并重新加载nginx的容器,使你进入控制器:

const (
    nginxConf = ` 
events { 
    worker_connections 1024; 
} 
http { 
    # http://nginx.org/en/docs/http/ngx_http_core_module.html 
    types_hash_max_size 2048; 
    server_names_hash_max_size 512; 
    server_names_hash_bucket_size 64; 
{{range $ing := .Items}} 
{{range $rule := $ing.Spec.Rules}} 
    server { 
    listen 80; 
    server_name {{$rule.Host}}; 
{{ range $path := $rule.HTTP.Paths }} 
    location {{$path.Path}} { 
     proxy_set_header Host $host; 
     proxy_pass http://{{$path.Backend.ServiceName}}.{{$ing.Namespace}}.svc.cluster.local:{{$path.Backend.ServicePort}}; 
    }{{end}} 
    }{{end}}{{end}} 
}` 
)

什么这允许一个单一入口点到您的群集,将流量代理到您的Kubernetes群集内的所有服务。

假设您在名称空间bar内有一个名为foo的服务。 Kube-DNS允许我们从DNS地址foo.bar.svc.cluster.local的kubernetes群集中获取该服务。这基本上是Ingress为我们做的。我们指定一条路径,在该路径中,我们希望使用该路径来访问服务,然后入口控制器将代理到群集中的服务foo的路径。

+0

感谢您的快速响应,您所说的只是对我而言。我对帖子做了一些修改。你能找出做错了什么吗?其他的东西,什么意思是入口yml文件中的'主机'标签? – mootez

+0

请参阅[this](http://nginx.org/en/docs/http/server_names.html)以了解有关'host'指令的更多信息。另外,你是否遇到错误?你准确的问题是什么? 卷曲HTTP:在这种情况下,说:“CTC-cicd2”是服务器的域名,其中// CTC-cicd2 /网关 注 – frankgreco

+0

同时运行上面的YML文件,我不能从外部例如使用卷曲如下达到我的服务nginx-controller作为一个pod运行 – mootez

相关推荐