[单master节点k8s部署]35.ingress 反向代理(二)
成功部署ingress controller
[root@master 35ingress]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-7dc5458bc6-fpv96 1/1 Running 10 (4d16h ago) 9d
calico-node-d9492 1/1 Running 5 (4d1h ago) 9d
calico-node-nlfph 1/1 Running 5 (4d16h ago) 9d
calico-node-z8zmg 1/1 Running 4 (4d2h ago) 9d
coredns-7c445c467-k8vtx 1/1 Running 5 (4d16h ago) 9d
coredns-7c445c467-rm98p 1/1 Running 5 (4d16h ago) 9d
default-http-backend-96868495f-dc6mw 1/1 Running 0 4d
etcd-master 1/1 Running 5 (4d16h ago) 9d
kube-apiserver-master 1/1 Running 5 (4d16h ago) 9d
kube-controller-manager-master 1/1 Running 15 (4d16h ago) 9d
kube-proxy-6szdl 1/1 Running 5 (4d2h ago) 9d
kube-proxy-jpkgj 1/1 Running 5 (4d16h ago) 9d
kube-proxy-zm7gh 1/1 Running 5 (4d1h ago) 9d
kube-scheduler-master 1/1 Running 15 (4d16h ago) 9d
kube-state-metrics-66b85747b7-4bqmn 1/1 Running 0 4d2h
monitoring-grafana30-5785b5b69-gch55 1/1 Running 0 4d2h
nginx-ingress-controller-67685fb594-khhs6 1/1 Running 0 31s
[root@master 35ingress]# kubectl logs nginx-ingress-controller-67685fb594-khhs6 -n kube-system
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v1.9.5
Build: f503c4bb5fa7d857ad29e94970eb550c2bc00b7c
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.21.6
-------------------------------------------------------------------------------
W1011 05:04:31.470197 7 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I1011 05:04:31.470499 7 main.go:205] "Creating API client" host="https://10.96.0.1:443"
I1011 05:04:31.478962 7 main.go:249] "Running in Kubernetes cluster" major="1" minor="30" git="v1.30.0" state="clean" commit="7c48c2bd72b9bf5c44d21d7338cc7bea77d0ad2a" platform="linux/amd64"
I1011 05:04:31.481068 7 main.go:83] "Valid default backend" service="kube-system/default-http-backend"
I1011 05:04:31.623444 7 main.go:101] "SSL fake certificate created" file="/etc/ingress-controller/ssl/default-fake-certificate.pem"
I1011 05:04:31.650576 7 nginx.go:260] "Starting NGINX Ingress controller"
I1011 05:04:31.660913 7 event.go:298] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"kube-system", Name:"nginx-configuration", UID:"11b6a56f-d772-4ae6-8838-233241499e0a", APIVersion:"v1", ResourceVersion:"1606978", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap kube-system/nginx-configuration
I1011 05:04:32.755601 7 store.go:440] "Found valid IngressClass" ingress="default/ingress-myapp" ingressclass="nginx"
I1011 05:04:32.755918 7 event.go:298] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ingress-myapp", UID:"1e7137d2-cfc2-4968-8486-39fe0e9329bf", APIVersion:"networking.k8s.io/v1", ResourceVersion:"1608405", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
I1011 05:04:32.853228 7 nginx.go:303] "Starting NGINX process"
I1011 05:04:32.853351 7 leaderelection.go:245] attempting to acquire leader lease kube-system/ingress-controller-leader...
I1011 05:04:32.854105 7 controller.go:190] "Configuration changes detected, backend reload required"
I1011 05:04:32.856566 7 status.go:84] "New leader elected" identity="nginx-ingress-controller-5959964446-shz2n"
I1011 05:04:32.933605 7 controller.go:210] "Backend successfully reloaded"
I1011 05:04:32.933748 7 controller.go:221] "Initial sync, sleeping for 1 second"
I1011 05:04:32.933849 7 event.go:298] Event(v1.ObjectReference{Kind:"Pod", Namespace:"kube-system", Name:"nginx-ingress-controller-67685fb594-khhs6", UID:"b9bb377b-f407-4623-8586-a118a12cb779", APIVersion:"v1", ResourceVersion:"1608901", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration
I1011 05:05:13.817828 7 leaderelection.go:255] successfully acquired lease kube-system/ingress-controller-leader
I1011 05:05:13.817979 7 status.go:84] "New leader elected" identity="nginx-ingress-controller-67685fb594-khhs6"
I1011 05:05:13.825218 7 status.go:304] "updating Ingress status" namespace="default" ingress="ingress-myapp" currentValue=null newValue=[{"ip":"192.168.244.129"}]
I1011 05:05:13.829589 7 event.go:298] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ingress-myapp", UID:"1e7137d2-cfc2-4968-8486-39fe0e9329bf", APIVersion:"networking.k8s.io/v1", ResourceVersion:"1609024", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
成功部署default backend
[root@master 35ingress]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend ClusterIP 10.103.76.255 <none> 80/TCP 4d
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 9d
kube-state-metrics ClusterIP 10.108.120.73 <none> 8080/TCP 9d
monitoring-grafana NodePort 10.96.63.74 <none> 80:32555/TCP 9d
部署一个后端tomcat服务
这个tomcat将由nginx-ingress-contoller代理,我们在这里通过tomcat服务来测试反向代理。可以看到这个tomcat包括两个pods和一个服务。
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc35
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
targetPort: 8080
port: 8080
- name: ajp
port: 8009
targetPort: 8009
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat
spec:
replicas: 2
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: docker.io/tomcat:8.5-jdk8
imagePullPolicy: Never
ports:
- name: http
containerPort: 8080
- name: ajp
containerPort: 8009
部署ingress
这个ingress就是引导nginx-ingress-controller与部署的tomcat服务之间的一个连接。这里的host是可以自己定义的,后续对tomcat服务的访问将通过这个host 名称。
[root@master 35ingress]# cat ingress-myapp.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myapp
annotations:
ingressClassName: "nginx"
spec:
rules:
- host: tomcat.lucky.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-svc35
port:
number: 8080
得到一个ingress资源,host为tomcat.lucky.com,是一个nginx ingress资源。
[root@master 35ingress]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-myapp nginx tomcat.lucky.com 192.168.244.129 80 3d14h
查看ingress,发现他成功识别到了service tomcat-svc35。
[root@master 35ingress]# kubectl describe ingress ingress-myapp
Name: ingress-myapp
Labels: <none>
Namespace: default
Address: 192.168.244.129
Ingress Class: nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
tomcat.lucky.com
/ tomcat-svc35:8080 (10.244.104.47:8080,10.244.166.172:8080)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 43m nginx-ingress-controller Scheduled for sync
Normal Sync 42m (x2 over 42m) nginx-ingress-controller Scheduled for sync
Normal Sync 37m (x2 over 38m) nginx-ingress-controller Scheduled for sync
这里的event信息表明,这个ingress信息是被传到了nginx-ingress-controller里,表明生效了。可以通过访问host:tomcat.lucy.com进行测试:
[root@master 35ingress]# curl http://tomcat.lucky.com
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/8.5.41</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
<body>
...
值得注意的是,有的时候在集群内用curl测试时可以访问,但是通过外部浏览器访问的时候,有可能浏览器会带上请求头,造成不能访问,这里用chrome的请求头进行测试,发现仍然可以。
[root@master 35ingress]# curl -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36" \
> -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" \
> -H "Upgrade-Insecure-Requests: 1" \
> -H "Sec-Fetch-Site: none" \
> -H "Sec-Fetch-Mode: navigate" \
> -H "Sec-Fetch-User: ?1" \
> -H "Sec-Fetch-Dest: document" \
> -H "Accept-Encoding: gzip, deflate, br" \
> -H "Accept-Language: en-US,en;q=0.9" \
> http://tomcat.lucky.com
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/8.5.41</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
...
为了防止出现以下的请求头错误造成的不能访问,可以将环境变量:use-proxy-protocol设为false。
[error] broken header: "GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: tomcat.lucky.com
Accept: */*
" while reading PROXY protocol, client: 192.168.244.128, server: 0.0.0.0:80此时继续查看ingress-controller的日志,发现记录了一条请求:
W1011 07:38:39.755918 7 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I1011 07:38:39.756110 7 main.go:205] "Creating API client" host="https://10.96.0.1:443"
I1011 07:38:39.764046 7 main.go:249] "Running in Kubernetes cluster" major="1" minor="30" git="v1.30.0" state="clean" commit="7c48c2bd72b9bf5c44d21d7338cc7bea77d0ad2a" platform="linux/amd64"
I1011 07:38:39.767296 7 main.go:83] "Valid default backend" service="kube-system/default-http-backend"
I1011 07:38:39.821166 7 main.go:101] "SSL fake certificate created" file="/etc/ingress-controller/ssl/default-fake-certificate.pem"
I1011 07:38:39.852623 7 nginx.go:260] "Starting NGINX Ingress controller"
I1011 07:38:39.864591 7 event.go:298] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"kube-system", Name:"nginx-configuration", UID:"11b6a56f-d772-4ae6-8838-233241499e0a", APIVersion:"v1", ResourceVersion:"1634693", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap kube-system/nginx-configuration
I1011 07:38:40.956704 7 store.go:440] "Found valid IngressClass" ingress="default/ingress-myapp" ingressclass="nginx"
I1011 07:38:40.957552 7 event.go:298] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ingress-myapp", UID:"1e7137d2-cfc2-4968-8486-39fe0e9329bf", APIVersion:"networking.k8s.io/v1", ResourceVersion:"1609024", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
I1011 07:38:41.054924 7 nginx.go:303] "Starting NGINX process"
I1011 07:38:41.055352 7 leaderelection.go:245] attempting to acquire leader lease kube-system/ingress-controller-leader...
I1011 07:38:41.056822 7 controller.go:190] "Configuration changes detected, backend reload required"
I1011 07:38:41.061010 7 status.go:84] "New leader elected" identity="nginx-ingress-controller-67685fb594-tl7mq"
I1011 07:38:41.141208 7 controller.go:210] "Backend successfully reloaded"
I1011 07:38:41.141470 7 event.go:298] Event(v1.ObjectReference{Kind:"Pod", Namespace:"kube-system", Name:"nginx-ingress-controller-67685fb594-8j2gv", UID:"d455926f-e6e6-411a-8096-6bde39ec3f04", APIVersion:"v1", ResourceVersion:"1635841", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration
I1011 07:38:41.141506 7 controller.go:221] "Initial sync, sleeping for 1 second"
I1011 07:39:19.055251 7 leaderelection.go:255] successfully acquired lease kube-system/ingress-controller-leader
I1011 07:39:19.055360 7 status.go:84] "New leader elected" identity="nginx-ingress-controller-67685fb594-8j2gv"
192.168.244.128 - - [11/Oct/2024:07:49:07 +0000] "GET / HTTP/1.1" 200 11217 "-" "curl/7.29.0" 80 0.012 [default-tomcat-svc35-8080] [] 10.244.166.170:8080 11204 0.012 200 34a616f7c18c570d50fc218a7c7896bc 可以看到如下信息
最后一条:Ingress Controller 成功处理了一个 HTTP 请求。请求来源是 IP 地址 192.168.244.128,它发起了一个 GET / 请求,使用了 curl/7.29.0 作为 User-Agent。
- 请求结果:HTTP 状态码
200,表示请求成功。 - 响应大小:11217 字节。
- 处理时间:0.012 秒。
- 后端服务:这个请求被转发到
default命名空间中的tomcat-svc35服务,目标 Pod 的 IP 地址是10.244.166.170:8080。
浏览器访问tomcat
修改电脑hosts文件,将该网址写入。
原文地址:https://blog.csdn.net/weixin_45396500/article/details/142746330
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!