ingress nginx and tomcat


###首先创建Service and Deployment

service和pod仅可在集群内部网络中通过IP地址访问。所有到达边界路由器的流量或被丢弃或被转发到其他地方。从概念上讲,可能像下面这样:

service模式 分为cluster IP and nodePort

nodePort模式映射端口 可映射为固定端口,也可为随机端口。

upload successful
cluster IP模式 定义cluster IP 通过访问cluster IP达到访问效果。

nodeport模式 将本地80端口映射为32080端口 通过外部访问每个node节点 32080端口即可达到访问效果 默认负载均衡。。。

upload successful
Internet =====》 services

Ingress是授权入站连接到达集群服务的规则集合。

intetnet =====》 ingress =====》services ======》 pods

  你可以给Ingress配置提供外部可访问的URL、负载均衡、SSL、基于名称的虚拟主机等。用户通过POST Ingress资源到API server的方式来请求ingress。 Ingress controller负责实现Ingress,通常使用负载平衡器,它还可以配置边界路由和其他前端,这有助于以HA方式处理流量。

[root@master1 ing]# cat demo.yaml ###这是service and deployment的配置清单

apiVersion: v1                                  #版本
kind: Service                                    #类型
metadata:                                          #元数据
     name: myapp          #元数据名字
     namespace: default      #名称空间
spec:              #规格
    selector:            #标签选择
        app: myapp          #标签
        release: stable
ports:              #端口  object 对象
- name: myapp        #端口名字
   port: 80          #service端口
targetPort: 80        #pod端口
---              ###分割   

apiVersion: apps/v1      #版本
kind: Deployment       # 类型
metadata:          #元数据
     name: myapp        #deployment的名字
     namespace: default      ##所属的名称空间
spec:              #规格
    selector:            ###标签选择器
        matchLabels:          ###匹配标签   
             app: myapp                             ###标签
             release: stable
    replicas: 3          ###副本数
    template:          ###资源 又包括 metadata and spec
       metadata:        
            labels:
    app: myapp
    release: stable
       spec:
    containers:               ###这里跟pod创建模式一样 
     - name: myapp      ##容器名
     image: nginx    ###镜像
     ports:      ###端口
      - name: http      ###定义端口名字
  services

      containerPort: 80    ###pod端口

kubectl apply -f 加上配置清单name

upload successful
services

upload successful
#####创建nodePort

#####创建nodePort

apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
  labels:                      ###至于labels  可写可不写
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
    type: NodePort
    ports:
     - name: http
   port: 80
  targetPort: 80
  protocol: TCP
  nodePort: 32080 #http
  - name: https
  port: 443
  targetPort: 443
  protocol: TCP
  nodePort: 32443 #https
    selector:
  app.kubernetes.io/name: ingress-nginx
  app.kubernetes.io/part-of: ingress-nginx

upload successful

##########ingress 配置

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: httpd.hequan.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80

upload successful

upload successful

upload successful

##########tomcat配置文件

[root@master1 ing]# cat tomncat.yaml

apiVersion: v1
kind: Service
metadata: 
  name: tomcat-svc
  namespace: default
spec:
  selector:
      app: tomcat
      release: canary
  ports:
  - name: http
     targetPort: 8080
     port: 8080
  -  name: ajp 
     targetPort: 8009
     port: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
     name: tomcat-deploy
     namespace: default
spec:
    replicas: 3
    selector:
        matchLabels:
             app: tomcat
             release: canary
    template:
       metadata: 
            labels:
               app: tomcat
               release: canary
        spec:
            containers:
            - name: tomcat
              image: tomcat:8.5.32-jre8-alpine
              ports:
              - name: http
                containerPort: 8080
              - name: ajp
                containerPort: 8009

###############

upload successful

upload successful
###########如若需要namespace

kubectl create ns ingress-tomcat

将各配置文件metadata模块 namespace换成同一个即可

######tls 443端口

openssl genrsa -out tls.key 2048

openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Shanghai/L=Shanghai/O=Devops/CN=tomcat.magedu.com

kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key 

 kubectl get secret

kubectl describe secret tomcat-ingress-secret

 kubectl explain ingress.spec.tls

upload successful
kubectl apply -f ing-tomcat.yaml

upload successful


Author: Qianli
Reprint policy: All articles in this blog are used except for special statements CC BY 4.0 reprint policy. If reproduced, please indicate source Qianli !
  TOC