为Kubernetes集群提供反向代理,从集群外部通过标准http端口访问kube-Dashboard等内部应用
来源:互联网 发布:网络助手在哪里打开 编辑:程序博客网 时间:2024/05/17 06:55
- 安装Ingress Controller
- 部署default http backend
- 部署nginx ingress controller
- 安装并访问kubernetes dashboard
- 部署dashboard
- 配置ingress
- 在windows机器上访问dashboard网站
安装Ingress Controller
Ingress Controller运行于k8s集群的容器内,既让每台node监听80和443端口,为来自集群外部的请求提供反向代理,又能实时监听集群内Ingress配置,自动更新反向代理规则。
部署default http backend
nginx ingress controller要求有一个默认的http服务给它进行测试。
注意替换命令中的image下载路径
cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: Deploymentmetadata: name: default-http-backend labels: k8s-app: default-http-backend namespace: kube-systemspec: replicas: 1 template: metadata: labels: k8s-app: default-http-backend spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend # Any image is permissable as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint image: centos-master:5000/defaultbackend:1.0 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 8080 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi---apiVersion: v1kind: Servicemetadata: name: default-http-backend namespace: kube-system labels: k8s-app: default-http-backendspec: ports: - port: 80 targetPort: 8080 selector: k8s-app: default-http-backendEOF
部署nginx ingress controller
使用DaemonSet让每台node都运行一个反向代理,都开通80和443端口接受集群外的请求。
cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: DaemonSetmetadata: name: nginx-ingress-controller labels: k8s-app: nginx-ingress-controller namespace: kube-systemspec: template: metadata: labels: k8s-app: nginx-ingress-controller annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' spec: # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used # like with kubeadm # hostNetwork: true terminationGracePeriodSeconds: 60 containers: - image: centos-master:5000/nginx-ingress-controller:0.8.3 name: nginx-ingress-controller readinessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP livenessProbe: httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 1 ports: - containerPort: 80 hostPort: 80 - containerPort: 443 hostPort: 443 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace args: - /nginx-ingress-controller - --default-backend-service=\$(POD_NAMESPACE)/default-http-backendEOF
安装并访问kubernetes dashboard
dashboard让管理员在web页面上查看k8s集群的状态、容器的日志。
部署dashboard
这里通过设置NodePort来监听node的30090端口的配置并不是必要的,因为已有nginx ingress controller提供的反向代理。
cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: Deploymentmetadata: name: kube-dashboard namespace: kube-system labels: k8s-app: kube-dashboard version: v1.6.0 kubernetes.io/cluster-service: "true"spec: replicas: 1 template: metadata: labels: k8s-app: kube-dashboard version: v1.6.0 kubernetes.io/cluster-service: "true" annotations: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: containers: - name: kube-dashboard image: centos-master:5000/kubernetes-dashboard-amd64:v1.6.0 resources: limits: cpu: 100m memory: 50Mi requests: cpu: 100m memory: 50Mi ports: - containerPort: 9090 livenessProbe: httpGet: path: / port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30---apiVersion: v1kind: Servicemetadata: name: kube-dashboard namespace: kube-system labels: k8s-app: kube-dashboard kubernetes.io/cluster-service: "true"spec: type: NodePort selector: k8s-app: kube-dashboard ports: - port: 80 targetPort: 9090 nodePort: 30090EOF
配置ingress
ingress目前提供HTTP层的负载均衡配置,可根据HTTP请求里的host+路径,把请求转发给集群内的相应Service。
cat <<EOF | kubectl apply -f -apiVersion: extensions/v1beta1kind: Ingressmetadata: name: kube-dashboard-ingress namespace: kube-systemspec: rules: - host: dashboard.wzp.local http: paths: - backend: serviceName: kube-dashboard servicePort: 80EOF
在windows机器上访问dashboard网站
在hosts文件里,把上述ingress里指定的域名的IP配置为某台node的IP,即可访问dashboard网站。
在生产环境里,可能就要更新子域名服务器,让其解析子域名到node的IP。
0 0
- 为Kubernetes集群提供反向代理,从集群外部通过标准http端口访问kube-Dashboard等内部应用
- 如何从外部访问Kubernetes集群中的应用?
- Kubernetes集群中部署dashboard
- kubernetes集群中部署kube-ui
- kubernetes集群中部署kube-ui
- <转>kubernetes集群中部署kube-ui
- 初试 Kubernetes 集群中使用 Traefik 反向代理
- Ceph RBD为Kubernetes集群提供分布式数据存储
- 通过minikube安装kubernetes集群
- 为Kubernetes集群安装helm
- 服务器集群和反向代理
- kubernetes学习记录(3)——集群外部访问Pod或Service
- kubernetes集群
- 为Kubernetes集群里的容器提供DNS服务,用于解析service名称
- 集群中通过外网8088端口访问不到
- Kubernetes中暴露外部IP地址来访问集群中的应用
- 配置远程工具访问kubernetes集群
- kubernetes从零到有,集群部署使用
- CvMat、Mat、IplImage之间的转换详解及实例
- 4.用Intent传输数据
- Android自动化测试框架Espresso(五)——测试AdapterView
- 进程间通信-命名管道
- centos搭建DNS服务
- 为Kubernetes集群提供反向代理,从集群外部通过标准http端口访问kube-Dashboard等内部应用
- 图像算法研究---超高速指数模糊算法的实现和优化
- Android 8.0
- 【图解】js中的各种尺寸(高度、宽度)
- memcached在大负载高并发网站上的应用(2)
- bind(this)和es6箭头函数
- 链队列
- npm常用命令
- Docker删除所有启动的容器