阅读 560

手把手带你玩转k8s-完整的发布一个可对外访问的服务

前言

连续撸了两篇文,但是还没真正的将服务对外访问,本文还是基于前两篇文的环境,完整的发布一个可对外访问的服务。当然,肯定还是先部署nginx,这里先简单画一下图。

先梳理一下问题

如图,先决条件:

  1. 小A同学的公网ip为 47.92.133.211
  2. 负载均衡器的绑定的公网ip为 47.92.133.212
  3. 有两个域名a.mldong.comb.mldong.com
  4. k8s集群中有两个服务a和b

本文内容:

如何配置,使访问a.mldong.com即为访问服务a,访问b.mldong.com即为访问服务a。

随便贴一下当前集群信息

kubectl get nodes
复制代码

重新梳理k8s上部署Nginx的流程

├── /mldong/k8s/nginx
	├── mldong-test-ns.yaml
	├── nginx-cm.yaml
	├── nginx-pv.yaml
	├── nginx-pvc.yaml
	├── nginx-deployment.yaml
	├── nginx-service.yaml
	└── nginx-ingress.yaml
复制代码
├── /mnt
	├── a
		└── index.html
	└── b
		└── index.html
复制代码

选择镜像

​ 因为k8s集群目前不能联网,所以需要选择镜像,重新打tag,并推送到私有仓库(内网仓库)内。

  1. 小A服务器拉取最新的nginx镜像

    docker pull nginx:latest
    复制代码
  2. 给镜像添加新的标签

    docker tag nginx:latest registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
    复制代码
  3. 登录镜像仓库

    docker login --username=524719755@qq.com registry-vpc.cn-zhangjiakou.aliyuncs.com
    复制代码

    注意:这里的账号和地址要根据自己创建的阿里云的容器镜像仓库的信息填写。

  4. 将镜像推送到镜像仓库

    docker push registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
    复制代码

创建命名空间

mldong-test-ns.yaml

cat <<EOF > /mldong/k8s/nginx/mldong-test-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: mldong-test
  
EOF

复制代码

创建ConfigMap

nginx-cm.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-cm
  namespace: mldong-test
data:
  a.conf: |-
    server {
      listen       80;
      server_name  a.mldong.com;
      location / {
        root   /usr/share/nginx/html/a;
        index  index.html index.htm;
      }
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
        root   /usr/share/nginx/html;
      }
    }
  b.conf: |-
    server {
      listen       80;
      server_name  b.mldong.com;
      location / {
        root   /usr/share/nginx/html/b;
        index  index.html index.htm;
      }
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
        root   /usr/share/nginx/html;
      }
    }
    
EOF

复制代码

创建pv

nginx-pv.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nginx-pv
  labels:
    alicloud-pvname: nginx-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  csi:
    driver: nasplugin.csi.alibabacloud.com
    volumeHandle: nginx-pv
    volumeAttributes:
      server: "9fdd94bf87-wfq66.cn-zhangjiakou.nas.aliyuncs.com"
      path: "/"
      vers: "3"
  storageClassName: nas
    
EOF

复制代码

创建pvc

nginx-pvc.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-pv.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    pv.kubernetes.io/bind-completed: 'yes'
    pv.kubernetes.io/bound-by-controller: 'yes'
  finalizers:
    - kubernetes.io/pvc-protection
  name: nginx-pvc
  namespace: mldong-test
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  selector:
    matchLabels:
      alicloud-pvname: nginx-pv
  storageClassName: nas
  volumeMode: Filesystem
  volumeName: nginx-pv
    
EOF

复制代码

创建pod

nginx-deployment.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: mldong-test
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
              name: port
              protocol: TCP
          volumeMounts:
            - name: nginx-pvc
              mountPath: "/usr/share/nginx/html"
            - name: nginx-cm
              mountPath: "/etc/nginx/conf.d"
      volumes:
        - name: nginx-pvc
          persistentVolumeClaim: 
            claimName: nginx-pvc
        - name: nginx-cm
          configMap:
            name: nginx-cm
  
EOF

复制代码

创建Service

nginx-service.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx-nodeport
  namespace: mldong-test
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    nodePort: 32180 # 这里不指定就会随机(30000-32767)
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: mldong-test
spec:
  type: ClusterIP
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
    
EOF
复制代码

创建Ingress

nginx-ingress.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
  name: nginx-ingress
  namespace: mldong-test
spec:
  rules:
    - host: a.mldong.com
      http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
            path: /
    - host: b.mldong.com
      http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
            path: /
EOF
复制代码

依次执行

kubectl apply -f mldong-test-ns.yaml
kubectl apply -f nginx-cm.yaml
kubectl apply -f nginx-pv.yaml
kubectl apply -f nginx-pvc.yaml
kubectl apply -f nginx-deployment.yaml
kubectl apply -f nginx-service.yaml
kubectl apply -f nginx-ingress.yaml
复制代码

查询

查询ConfigMap

kubectl get configmap -n mldong-test
# 或者
kubectl get cm -n mldong-test
复制代码

查询pv

kubectl get pv
复制代码

查询pvc

kubectl get pvc -n mldong-test
复制代码

查询pod

kubectl get pods -n mldong-test
复制代码

查询Service

kubectl get service -n mldong-test
# 或者
kubectl get svc -n mldong-test
复制代码

这里的端口即为k8s服务对外访问的端口,可以通过工作节点ip:port的方式访问。

kubectl get ingress -n mldong-test
复制代码

这里的ADDRESS不出来,其实是负载均衡的内网ip。

访问集群服务

内网访问

  1. 先配置hosts

    echo "172.26.22.124 worker1" >> /etc/hosts
    echo "172.26.22.125 worker2" >> /etc/hosts
    echo "172.26.22.126 a.mldong.com" >> /etc/hosts
    echo "172.26.22.126 b.mldong.com" >> /etc/hosts
    复制代码

  2. curl访问

    直接访问节点1

    curl -H "a.mldong.com" worker1:32180
    curl -H "b.mldong.com" worker1:32180
    复制代码

    直接访问节点2

    curl -H "a.mldong.com" worker2:32180
    curl -H "b.mldong.com" worker2:32180
    复制代码

    访问内网的负载均衡器

    curl a.mldong.com
    curl b.mldong.com
    复制代码

    结果都为/mnt/a/index.html/mnt/a/index.html的内容

外网访问

方案一:给负载均衡实例绑定弹性公网ip。(略)

方案二:小A服务器上的nginx配置代理到a.mldong.comb.mldong.com,然后再做域名解析

注:小A的nginx和k8s的nginx不是同一个nginx,这里只是为了演示才在k8s上部署nginx的。

这里采用方案二:

小A服务器的nginx新增配置

a.mldong.com.conf

cat <<EOF > /etc/nginx/conf.d/a.mldong.com.conf
server {
      listen       80;
      server_name  a.mldong.com;
      location / {
           proxy_read_timeout      300;
           proxy_connect_timeout   300;
           proxy_redirect          off;
           proxy_set_header    Host                $http_host;
           proxy_set_header    X-Real-IP           $remote_addr;
           proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
           proxy_set_header    X-Forwarded-Proto   $scheme;
           proxy_set_header    X-Frame-Options     SAMEORIGIN;
           proxy_pass http://a.mldong.com; # 这里代理到k8s的nginx-ingress.yaml配置的host
      }
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
        root   /usr/share/nginx/html;
      }
}

EOF
复制代码

b.mldong.com

cat <<EOF > /etc/nginx/conf.d/a.mldong.com.conf
server {
      listen       80;
      server_name  b.mldong.com;
      location / {
           proxy_read_timeout      300;
           proxy_connect_timeout   300;
           proxy_redirect          off;
           proxy_set_header    Host                $http_host;
           proxy_set_header    X-Real-IP           $remote_addr;
           proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
           proxy_set_header    X-Forwarded-Proto   $scheme;
           proxy_set_header    X-Frame-Options     SAMEORIGIN;
           proxy_pass http://b.mldong.com; # 这里代理到k8s的nginx-ingress.yaml配置的host
      }
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
        root   /usr/share/nginx/html;
      }
}

EOF
复制代码

添加域名解析

浏览器访问

over!

小结

本文虽然发布的还是nginx这个简单的服务,但是基本上把如何在k8s上发布一个可对外的服务的流程走了一篇。写这一篇的目地也是想一步一步来,有了这个基础后,后续去发布springboot等服务也就变得简单了。

相关文章

手把手带你玩转k8s-集群创建和Hello World

手把手带你玩转k8s-ConfigMap与持久化存储