[kubernetes]101ingress四层代理、session保持、定制配置、流量控制（上）

 

 

10-1 ingress --- 四层代理、session保持、定制配置、流量控制（上）

查看之前部署的igress-nginx

kubectl get deploy -n ingress-nginx

kubectl get deploy -n ingress-nginx nginx-ingress-controller -o yaml

 

 

下面表示 只运行在app=ingress的节点上

      nodeSelector:

        app: ingress

 

保存ingress的配置文件

kubectl get deploy -n ingress-nginx nginx-ingress-controller -o yaml > nginx-ingress-controller.yaml

 

修改ingress的配置如下

apiVersion: extensions/v1beta1

kind: DaemonSet

metadata:

  labels:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

  name: nginx-ingress-controller

  namespace: ingress-nginx

spec:

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      app.kubernetes.io/name: ingress-nginx

      app.kubernetes.io/part-of: ingress-nginx

  updateStrategy:

    rollingUpdate:

      maxUnavailable: 1

    type: RollingUpdate

  template:

    metadata:

      annotations:

        prometheus.io/port: "10254"

        prometheus.io/scrape: "true"

      creationTimestamp: null

      labels:

        app.kubernetes.io/name: ingress-nginx

        app.kubernetes.io/part-of: ingress-nginx

    spec:

      containers:

      - args:

        - /nginx-ingress-controller

        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend

        - --cOnfigmap=$(POD_NAMESPACE)/nginx-configuration

        - --tcp-services-cOnfigmap=$(POD_NAMESPACE)/tcp-services

        - --udp-services-cOnfigmap=$(POD_NAMESPACE)/udp-services

        - --publish-service=$(POD_NAMESPACE)/ingress-nginx

        - --annotations-prefix=nginx.ingress.kubernetes.io

        env:

        - name: POD_NAME

          valueFrom:

            fieldRef:

              apiVersion: v1

              fieldPath: metadata.name

        - name: POD_NAMESPACE

          valueFrom:

            fieldRef:

              apiVersion: v1

              fieldPath: metadata.namespace

        image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.19.0

        imagePullPolicy: IfNotPresent

        livenessProbe:

          failureThreshold: 3

          httpGet:

            path: /healthz

            port: 10254

            scheme: HTTP

          initialDelaySeconds: 10

          periodSeconds: 10

          successThreshold: 1

          timeoutSeconds: 1

        name: nginx-ingress-controller

        ports:

        - containerPort: 80

          hostPort: 80

          name: http

          protocol: TCP

        - containerPort: 443

          hostPort: 443

          name: https

          protocol: TCP

        readinessProbe:

          failureThreshold: 3

          httpGet:

            path: /healthz

            port: 10254

            scheme: HTTP

          periodSeconds: 10

          successThreshold: 1

          timeoutSeconds: 1

        resources: {}

        securityContext:

          capabilities:

            add:

            - NET_BIND_SERVICE

            drop:

            - ALL

          runAsUser: 33

        terminationMessagePath: /dev/termination-log

        terminationMessagePolicy: File

      dnsPolicy: ClusterFirst

      hostNetwork: true

      nodeSelector:

        app: ingress

      restartPolicy: Always

      schedulerName: default-scheduler

      securityContext: {}

      serviceAccount: nginx-ingress-serviceaccount

      serviceAccountName: nginx-ingress-serviceaccount

      terminationGracePeriodSeconds: 30

 

删除原先ingress 并创建新的ingress

kubectl delete deploy -n ingress-nginx nginx-ingress-controller 

kubectl apply -f nginx-ingress-controller.yaml 

 

查看dns

kubectl get ds -n ingress-nginx

kubectl get pods -n ingress-nginx -o wide

查看到ingress 运行在node2 和之前的一样

 

去node2上查看日志

 

如果上面报错err services "ingress-nginx" not found 需要创建一个名为ingress-nginx的service 可能是因为被删掉了.老师视频中是不需要创建的

排错参考

https://cloud.tencent.com/developer/article/1475537

ingress-service.yaml 

kind: Service

apiVersion: v1

metadata:

  name: ingress-nginx

  namespace: ingress-nginx

  labels:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

spec:

  externalTrafficPolicy: Local

  type: LoadBalancer

  selector:

    app.kubernetes.io/name: ingress-nginx

    app.kubernetes.io/part-of: ingress-nginx

  ports:

    - name: http

      port: 80

      targetPort: http

    - name: https

      port: 443

      targetPort: https

 

测试之前的服务 还能访问不

http://web-dev.pdabc.com/hello?name=jiaminxu

容器日志也有

 

给节点3打上ingress标签

kubectl label node kubernetes-node-03 app=ingress

再次查看ingress-nginx的pod 在node3有新pod起来了

去掉节点的标签

kubectl label node kubernetes-node-03 app-

 

ingress-nginx 就会自动停掉

 

查看ingress-nginx的configmap

kubectl get cm -n ingress-nginx

查看对应configmap的配置文件

kubectl get cm -n ingress-nginx  tcp-services -o yaml

 

四层代理的配置

创建tcp-config.yaml 

 

apiVersion: v1

kind: ConfigMap

metadata:

  name: tcp-services

  namespace: ingress-nginx

# 需要暴露的端口 和 服务,对外端口30000

data:

  "30000": dev/web-demo:80

 

启动 在node2上发现30000端口已经启动

 

kubectl  apply -f tcp-config.yaml

 

kubectl get svc -n dev web-demo  -o yaml 

 

创建nginx-config.yaml 

 

kind: ConfigMap

apiVersion: v1

metadata:

  name: nginx-configuration

  namespace: ingress-nginx

  labels:

    app: ingress-nginx

data:

  proxy-body-size: "64m"

  proxy-read-timeout: "180"

  proxy-send-timeout: "180"

执行kubectl apply -f nginx-config.yaml 

执行完毕之后 会发现ingress-nginx的容器的配置 会多出一条client_max_body_size,他的值等于我们设置的64m 以及180s的时间.这个需要去网上 查对应的配置 修改