1. 首頁
  2. 問答
  3. kubernetes入口控制器和資源使用nginx

kubernetes入口控制器和資源使用nginx

2016-12-15 80 views
0

任何人都可以提供一個完整的例子,說明如何運行不安全的(沒有TLS)入口控制器和資源與nginx的遠程訪問服務運行在kubernetes集羣?我沒有找到有用的東西。kubernetes入口控制器和資源使用nginx

PS:我的kubernetes羣集在裸機上運行,​​而不是在雲提供商上運行。 下一個就可能對我做了什麼有用的信息:

$ kubectl得到SVC

NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE attachmentservice 10.254.111.232 <none> 80/TCP 3d financeservice 10.254.38.228 <none> 80/TCP 3d gatewayservice 10.254.38.182 nodes 80/TCP 3d hrservice 10.254.61.196 <none> 80/TCP 3d kubernetes 10.254.0.1 <none> 443/TCP 31d messageservice 10.254.149.125 <none> 80/TCP 3d redis-service 10.254.201.241 <none> 6379/TCP 15d settingservice 10.254.157.155 <none> 80/TCP 3d trainingservice 10.254.166.92 <none> 80/TCP 3d

nginx的 - 進入 - rc.yml

apiVersion: v1 kind: ReplicationController metadata: name: nginx-ingress-rc labels: app: nginx-ingress spec: replicas: 1 selector: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: containers: - image: nginxdemos/nginx-ingress:0.6.0 imagePullPolicy: Always name: nginx-ingress ports: - containerPort: 80 hostPort: 80

服務,ingress.yml

apiVersion: extensions/v1beta1 kind: Ingress metadata: name: services-ingress spec: rules: - host: ctc-cicd2 http: paths: - path: /gateway backend: serviceName: gatewayservice servicePort: 80 - path: /training backend: serviceName: trainingservice servicePort: 80 - path: /attachment backend: serviceName: attachmentservice servicePort: 80 - path: /hr backend: serviceName: hrservice servicePort: 80 - path: /message backend: serviceName: messageservice servicePort: 80 - path: /settings backend: serviceName: settingservice servicePort: 80 - path: /finance backend: serviceName: financeservice servicePort: 80

nginx.conf新內容

upstream default-services-ingress-ctc-cicd2-trainingservice { 

    server 12.16.64.5:8190; 
    server 12.16.65.6:8190;

} upstream default-services-ingress-ctc-cicd2-attachmentservice {

server 12.16.64.2:8095;

} upstream default-services-ingress-ctc-cicd2-hrservice {

server 12.16.64.7:8077;

} upstream default-services-ingress-ctc-cicd2-messageservice {

server 12.16.64.9:8065;

} upstream default-services-ingress-ctc-cicd2-settingservice {

server 12.16.64.10:8098; 
    server 12.16.65.4:8098;

} upstream default-services-ingress-ctc-cicd2-financeservice {

server 12.16.64.4:8092;

} upstream default-services-ingress-ctc-cicd2-gatewayservice {

server 12.16.64.6:8090; 
    server 12.16.65.7:8090;

}`

server { listen 80;

server_name ctc-cicd2; 





    location /gateway { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-gatewayservice; 

    } 
    location /training { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-trainingservice; 

    } 
    location /attachment { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-attachmentservice; 

    } 
    location /hr { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-hrservice; 

    } 
    location /message { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-messageservice; 

    } 
    location /settings { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-settingservice; 

    } 
    location /finance { 
      proxy_http_version 1.1; 

      proxy_connect_timeout 60s; 
      proxy_read_timeout 60s; 
      client_max_body_size 1m; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $host; 
      proxy_set_header X-Forwarded-Port $server_port; 
      proxy_set_header X-Forwarded-Proto $scheme; 

      proxy_buffering on; 

      proxy_pass http://default-services-ingress-ctc-cicd2-financeservice; 

    }

}

來源

2016-12-15 mootez

回答

1

the Kubernetes ingress documentation,入口是規則允許的入站連接達到集羣服務的集合。這當然要求您在集羣中部署入口控制器。雖然有許多方法可以實現入口控制器,但可以找到一個簡單的方法來幫助您理解該概念,其中包括here。這個是寫在golang,基本上聽kubeapi新的入口資源。當它得到一個新進入的入口資源,它會根據關閉該配置重新建立一個新的nginx的conf並重新加載nginx的容器,使你進入控制器:

const (
    nginxConf = ` 
events { 
    worker_connections 1024; 
} 
http { 
    # http://nginx.org/en/docs/http/ngx_http_core_module.html 
    types_hash_max_size 2048; 
    server_names_hash_max_size 512; 
    server_names_hash_bucket_size 64; 
{{range $ing := .Items}} 
{{range $rule := $ing.Spec.Rules}} 
    server { 
    listen 80; 
    server_name {{$rule.Host}}; 
{{ range $path := $rule.HTTP.Paths }} 
    location {{$path.Path}} { 
     proxy_set_header Host $host; 
     proxy_pass http://{{$path.Backend.ServiceName}}.{{$ing.Namespace}}.svc.cluster.local:{{$path.Backend.ServicePort}}; 
    }{{end}} 
    }{{end}}{{end}} 
}` 
)

什麼這允許一個單一入口點到您的羣集,將流量代理到您的Kubernetes羣集內的所有服務。

假設您在名稱空間bar內有一個名爲foo的服務。 Kube-DNS允許我們從DNS地址foo.bar.svc.cluster.local的kubernetes羣集中獲取該服務。這基本上是Ingress爲我們做的。我們指定一條路徑,在該路徑中,我們希望使用該路徑來訪問服務,然後入口控制器將代理到羣集中的服務foo的路徑。

來源

2016-12-15 07:13:10 frankgreco

+0

感謝您的快速響應,您所說的只是對我而言。我對帖子做了一些修改。你能找出做錯了什麼嗎?其他的東西,什麼意思是入口yml文件中的'主機'標籤? – mootez

+0

請參閱[this](http://nginx.org/en/docs/http/server_names.html)以瞭解有關'host'指令的更多信息。另外,你是否遇到錯誤?你準確的問題是什麼? 捲曲HTTP:在這種情況下,說:「CTC-cicd2」是服務器的域名,其中// CTC-cicd2 /網關 注 – frankgreco

+0

同時運行上面的YML文件,我不能從外部例如使用捲曲如下達到我的服務nginx-controller作爲一個pod運行 – mootez

相關問題

 相關問題