写在前面
本文接k8s之ingress 。
本文看一个基于ingress作为流量入口的实战例子,架构图如下:
接下来详细看下。
1:部署MariaDB
首先我们需要定义MariaDB使用的configmap,如下:
apiVersion: v1
kind: ConfigMap
metadata:
name: maria-cm
data:
DATABASE: 'db'
USER: 'wp'
PASSWORD: '123'
ROOT_PASSWORD: '123'
然后需要定义后MariaDB的deploy来维持MariaDB的POD数在一定个数,如下:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: maria-dep
name: maria-dep
spec:
replicas: 1
selector:
matchLabels:
app: maria-dep
template:
metadata:
labels:
app: maria-dep
spec:
containers:
- image: mariadb:10
name: mariadb
ports:
- containerPort: 3306
envFrom:
- prefix: 'MARIADB_'
configMapRef:
name: maria-cm
最后定义MariaDB的POD的service,这样可以域名方式访问POD,这样就不用关心POD的退出和新建而导致的IP地址变化问题,yaml如下:
apiVersion: v1
kind: Service
metadata:
labels:
app: maria-dep
name: maria-svc
spec:
ports:
- port: 3306
protocol: TCP
targetPort: 3306
selector:
app: maria-dep
最后我们使用---
将以上3个yaml定义在一个文件中,然后apply如下:
dongyunqi@mongodaddy:~/k8s$ kubectl apply -f wp-maria.yml
configmap/maria-cm created
deployment.apps/maria-dep created
service/maria-svc created
查看如下:
dongyunqi@mongodaddy:~/k8s$ kubectl get pod
NAME READY STATUS RESTARTS AGE
maria-dep-767bbdccb5-dbm2t 1/1 Running 0 41m
dongyunqi@mongodaddy:~/k8s$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
maria-dep 1/1 1 1 41m
dongyunqi@mongodaddy:~/k8s$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
...
maria-svc ClusterIP 10.108.87.240 <none> 3306/TCP 41m
2:部署WordPress
首先我们需要定义WordPress使用的ConfigMap,如下:
apiVersion: v1
kind: ConfigMap
metadata:
name: wp-cm
data:
HOST: 'maria-svc'
USER: 'wp'
PASSWORD: '123'
NAME: 'db'
注意HOST: 'maria-svc'
配置的是MariaDB的service 域名,这样就能屏蔽IP地址的变化带来的影响,然后定义deploy,控制WordPress的个数,这里定义2个POD,envFrom设置环境变量,如下:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: wp-dep
name: wp-dep
spec:
replicas: 2
selector:
matchLabels:
app: wp-dep
template:
metadata:
labels:
app: wp-dep
spec:
containers:
- image: wordpress:5
name: wordpress
ports:
- containerPort: 80
envFrom:
- prefix: 'WORDPRESS_DB_'
configMapRef:
name: wp-cm
最后设置service,实现负载均衡以及服务发现,并通过NodePort暴露端口号30088
(必须在30000~32767之间)到宿主机,这样我们就可以在ingress访问不正常时通过访问该service来排查问题。如下:
apiVersion: v1
kind: Service
metadata:
labels:
app: wp-dep
name: wp-svc
spec:
ports:
- name: http80
port: 80
protocol: TCP
targetPort: 80
nodePort: 30088
selector:
app: wp-dep
type: NodePort
接着我们将三个yaml以---
放在一个文件中,并apply,如下:
dongyunqi@mongodaddy:~/k8s$ kubectl apply -f wp-dep.yml
configmap/wp-cm created
deployment.apps/wp-dep created
service/wp-svc created
dongyunqi@mongodaddy:~/k8s$ kubectl get pod
NAME READY STATUS RESTARTS AGE
maria-dep-767bbdccb5-dbm2t 1/1 Running 0 81m
wp-dep-5b5586d79c-fvj86 1/1 Running 0 2m23s
wp-dep-5b5586d79c-qf2zt 1/1 Running 0 2m23s
dongyunqi@mongodaddy:~/k8s$ kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
maria-dep 1/1 1 1 81m
wp-dep 2/2 2 2 2m34s
dongyunqi@mongodaddy:~/k8s$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 46h
maria-svc ClusterIP 10.108.87.240 <none> 3306/TCP 81m
wp-svc NodePort 10.99.4.117 <none> 80:30088/TCP 2m48s
接着我们就可以通过任意一个节点的30088端口来访问WordPress网站了,如下:
最后我们来部署流量真正的入口ingress。
3:部署ingress
首先定义ingress class:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: wp-ink
spec:
controller: nginx.org/ingress-controller
然后用kubectl create命令生成ingress样板文件,指定域名是wp.test
,后端Service是wp-svc:80
,Ingress Class就是刚定义的wp-ink
,如下:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wp-ing
spec:
ingressClassName: wp-ink
rules:
- host: wp.test
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wp-svc
port:
number: 80
最后定义ingress controller yaml,如下:
dongyunqi@mongodaddy:~/k8s$ cat my-ingress-controller.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: wp-ing
namespace: nginx-ingress
spec:
replicas: 1
selector:
matchLabels:
app: ngx-kic-dep
template:
metadata:
labels:
app: ngx-kic-dep
spec:
hostNetwork: true
serviceAccountName: nginx-ingress
automountServiceAccountToken: true
containers:
- image: nginx/nginx-ingress:2.2-alpine
imagePullPolicy: IfNotPresent
name: nginx-ingress
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: readiness-port
containerPort: 8081
- name: prometheus
containerPort: 9113
readinessProbe:
httpGet:
path: /nginx-ready
port: readiness-port
periodSeconds: 1
resources:
requests:
cpu: "100m"
memory: "128Mi"
securityContext:
allowPrivilegeEscalation: true
runAsUser: 101 #nginx
runAsNonRoot: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
- -ingress-class=wp-ink
注意Nginx的pod配置了hostNetwork: true
即和宿主机共享网络。分别apply后还不能直接访问,还需要配置hosts,将域名wp.test
映射到Nginx的pod所在的Node的IP(通过-o wide查看POD会显示所在Node的IP地址信息)
,如下:
192.168.64.132 wp.test
测试如下:
这里页面报错是WordPress的,因为是我本地机器的资源不足,导致MariaDB的POD停止了,不过不影响我们测试,毕竟已经访问到WordPress了。
写在后面
转载:https://blog.csdn.net/wang0907/article/details/128694738