一:Ingress http代理tomcat
1:目标
对 tomcat.zyf.com 网站的访问设置 Ingress 策略,定义对其 / 路径的访问转发到后端 tomcat Service 的规则。
2:部署后端Tomcat服务
[root@k8s-node1 ingress]# kubectl apply -f myweb-demo.yaml
deployment.apps/tomcat-deploy created
service/tomcat created
[root@k8s-node1 ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 182d
nginx NodePort 10.105.226.103 <none> 80:30010/TCP 6d5h
readiness-http NodePort 10.96.106.97 <none> 80:30080/TCP 10d
tomcat ClusterIP 10.99.11.198 <none> 8080/TCP 5s
[root@k8s-node1 ingress]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-nginx-654f997cd5-jtf5q 1/1 Running 2 (6m ago) 6d5h
my-nginx-654f997cd5-qbsrz 1/1 Running 3 (5m51s ago) 6d5h
tomcat-deploy-ccd6bf4c6-6wp8g 0/1 ContainerCreating 0 12s
tomcat-deploy-ccd6bf4c6-844gj 0/1 ContainerCreating 0 12s
[root@k8s-node1 ingress]# kubectl get pods -w
NAME READY STATUS RESTARTS AGE
my-nginx-654f997cd5-jtf5q 1/1 Running 2 (6m8s ago) 6d5h
my-nginx-654f997cd5-qbsrz 1/1 Running 3 (5m59s ago) 6d5h
tomcat-deploy-ccd6bf4c6-6wp8g 0/1 ContainerCreating 0 20s
tomcat-deploy-ccd6bf4c6-844gj 0/1 ContainerCreating 0 20s
tomcat-deploy-ccd6bf4c6-6wp8g 1/1 Running 0 36s
tomcat-deploy-ccd6bf4c6-844gj 1/1 Running 0 100s
^C[root@k8s-node1 ingress]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-654f997cd5-jtf5q 1/1 Running 2 (7m44s ago) 6d5h 10.244.107.197 k8s-node3 <none> <none>
my-nginx-654f997cd5-qbsrz 1/1 Running 3 (7m35s ago) 6d5h 10.244.122.110 k8s-node4 <none> <none>
tomcat-deploy-ccd6bf4c6-6wp8g 1/1 Running 0 116s 10.244.122.112 k8s-node4 <none> <none>
tomcat-deploy-ccd6bf4c6-844gj 1/1 Running 0 116s 10.244.169.157 k8s-node2 <none> <none>
[root@k8s-node1 ingress]# curl ^C
[root@k8s-node1 ingress]# crul 10.244.122.112:8080
bash: crul: command not found...
Similar command is: 'curl'
[root@k8s-node1 ingress]# curl 10.244.122.112:8080
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/8.5.34</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<div id="navigation" class="curved container">
<span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span>
<span id="nav-hosts"><a href="/docs/">Documentation</a></span>
<span id="nav-config"><a href="/docs/config/">Configuration</a></span>
<span id="nav-examples"><a href="/examples/">Examples</a></span>
<span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span>
<span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span>
<span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span>
<br class="separator" />
</div>
<div id="asf-box">
<h1>Apache Tomcat/8.5.34</h1>
</div>
<div id="upper" class="curved container">
<div id="congrats" class="curved container">
<h2>If you're seeing this, you've successfully installed Tomcat. Congratulations!</h2>
</div>
<div id="notice">
<img src="tomcat.png" alt="[tomcat logo]" />
<div id="tasks">
<h3>Recommended Reading:</h3>
<h4><a href="/docs/security-howto.html">Security Considerations HOW-TO</a></h4>
<h4><a href="/docs/manager-howto.html">Manager Application HOW-TO</a></h4>
<h4><a href="/docs/cluster-howto.html">Clustering/Session Replication HOW-TO</a></h4>
</div>
</div>
<div id="actions">
<div class="button">
<a class="container shadow" href="/manager/status"><span>Server Status</span></a>
</div>
<div class="button">
<a class="container shadow" href="/manager/html"><span>Manager App</span></a>
</div>
<div class="button">
<a class="container shadow" href="/host-manager/html"><span>Host Manager</span></a>
</div>
</div>
<!--
<br class="separator" />
-->
<br class="separator" />
</div>
<div id="middle" class="curved container">
<h3>Developer Quick Start</h3>
<div class="col25">
<div class="container">
<p><a href="/docs/setup.html">Tomcat Setup</a></p>
<p><a href="/docs/appdev/">First Web Application</a></p>
</div>
</div>
<div class="col25">
<div class="container">
<p><a href="/docs/realm-howto.html">Realms & AAA</a></p>
<p><a href="/docs/jndi-datasource-examples-howto.html">JDBC DataSources</a></p>
</div>
</div>
<div class="col25">
<div class="container">
<p><a href="/examples/">Examples</a></p>
</div>
</div>
<div class="col25">
<div class="container">
<p><a href="https://wiki.apache.org/tomcat/Specifications">Servlet Specifications</a></p>
<p><a href="https://wiki.apache.org/tomcat/TomcatVersions">Tomcat Versions</a></p>
</div>
</div>
<br class="separator" />
</div>
<div id="lower">
<div id="low-manage" class="">
<div class="curved container">
<h3>Managing Tomcat</h3>
<p>For security, access to the <a href="/manager/html">manager webapp</a> is restricted.
Users are defined in:</p>
<pre>$CATALINA_HOME/conf/tomcat-users.xml</pre>
<p>In Tomcat 8.5 access to the manager application is split between
different users. <a href="/docs/manager-howto.html">Read more...</a></p>
<br />
<h4><a href="/docs/RELEASE-NOTES.txt">Release Notes</a></h4>
<h4><a href="/docs/changelog.html">Changelog</a></h4>
<h4><a href="https://tomcat.apache.org/migration.html">Migration Guide</a></h4>
<h4><a href="https://tomcat.apache.org/security.html">Security Notices</a></h4>
</div>
</div>
<div id="low-docs" class="">
<div class="curved container">
<h3>Documentation</h3>
<h4><a href="/docs/">Tomcat 8.5 Documentation</a></h4>
<h4><a href="/docs/config/">Tomcat 8.5 Configuration</a></h4>
<h4><a href="https://wiki.apache.org/tomcat/FrontPage">Tomcat Wiki</a></h4>
<p>Find additional important configuration information in:</p>
<pre>$CATALINA_HOME/RUNNING.txt</pre>
<p>Developers may be interested in:</p>
<ul>
<li><a href="https://tomcat.apache.org/bugreport.html">Tomcat 8.5 Bug Database</a></li>
<li><a href="/docs/api/index.html">Tomcat 8.5 JavaDocs</a></li>
<li><a href="https://svn.apache.org/repos/asf/tomcat/tc8.5.x/">Tomcat 8.5 SVN Repository</a></li>
</ul>
</div>
</div>
<div id="low-help" class="">
<div class="curved container">
<h3>Getting Help</h3>
<h4><a href="https://tomcat.apache.org/faq/">FAQ</a> and <a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></h4>
<p>The following mailing lists are available:</p>
<ul>
<li id="list-announce"><strong><a href="https://tomcat.apache.org/lists.html#tomcat-announce">tomcat-announce</a><br />
Important announcements, releases, security vulnerability notifications. (Low volume).</strong>
</li>
<li><a href="https://tomcat.apache.org/lists.html#tomcat-users">tomcat-users</a><br />
User support and discussion
</li>
<li><a href="https://tomcat.apache.org/lists.html#taglibs-user">taglibs-user</a><br />
User support and discussion for <a href="https://tomcat.apache.org/taglibs/">Apache Taglibs</a>
</li>
<li><a href="https://tomcat.apache.org/lists.html#tomcat-dev">tomcat-dev</a><br />
Development mailing list, including commit messages
</li>
</ul>
</div>
</div>
<br class="separator" />
</div>
<div id="footer" class="curved container">
<div class="col20">
<div class="container">
<h4>Other Downloads</h4>
<ul>
<li><a href="https://tomcat.apache.org/download-connectors.cgi">Tomcat Connectors</a></li>
<li><a href="https://tomcat.apache.org/download-native.cgi">Tomcat Native</a></li>
<li><a href="https://tomcat.apache.org/taglibs/">Taglibs</a></li>
<li><a href="/docs/deployer-howto.html">Deployer</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Other Documentation</h4>
<ul>
<li><a href="https://tomcat.apache.org/connectors-doc/">Tomcat Connectors</a></li>
<li><a href="https://tomcat.apache.org/connectors-doc/">mod_jk Documentation</a></li>
<li><a href="https://tomcat.apache.org/native-doc/">Tomcat Native</a></li>
<li><a href="/docs/deployer-howto.html">Deployer</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Get Involved</h4>
<ul>
<li><a href="https://tomcat.apache.org/getinvolved.html">Overview</a></li>
<li><a href="https://tomcat.apache.org/svn.html">SVN Repositories</a></li>
<li><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></li>
<li><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Miscellaneous</h4>
<ul>
<li><a href="https://tomcat.apache.org/contact.html">Contact</a></li>
<li><a href="https://tomcat.apache.org/legal.html">Legal</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Apache Software Foundation</h4>
<ul>
<li><a href="https://tomcat.apache.org/whoweare.html">Who We Are</a></li>
<li><a href="https://tomcat.apache.org/heritage.html">Heritage</a></li>
<li><a href="https://www.apache.org">Apache Home</a></li>
<li><a href="https://tomcat.apache.org/resources.html">Resources</a></li>
</ul>
</div>
</div>
<br class="separator" />
</div>
<p class="copyright">Copyright ©1999-2026 Apache Software Foundation. All Rights Reserved</p>
</div>
</body>
</html>
[root@k8s-node1 ingress]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 182d
nginx NodePort 10.105.226.103 <none> 80:30010/TCP 6d5h
readiness-http NodePort 10.96.106.97 <none> 80:30080/TCP 10d
tomcat ClusterIP 10.99.11.198 <none> 8080/TCP 2m44s
[root@k8s-node1 ingress]# curl 10.99.11.198:8080
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/8.5.34</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<div id="navigation" class="curved container">
<span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span>
<span id="nav-hosts"><a href="/docs/">Documentation</a></span>
<span id="nav-config"><a href="/docs/config/">Configuration</a></span>
<span id="nav-examples"><a href="/examples/">Examples</a></span>
<span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span>
<span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span>
<span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span>
<br class="separator" />
</div>
<div id="asf-box">
<h1>Apache Tomcat/8.5.34</h1>
</div>
<div id="upper" class="curved container">
<div id="congrats" class="curved container">
<h2>If you're seeing this, you've successfully installed Tomcat. Congratulations!</h2>
</div>
<div id="notice">
<img src="tomcat.png" alt="[tomcat logo]" />
<div id="tasks">
<h3>Recommended Reading:</h3>
<h4><a href="/docs/security-howto.html">Security Considerations HOW-TO</a></h4>
<h4><a href="/docs/manager-howto.html">Manager Application HOW-TO</a></h4>
<h4><a href="/docs/cluster-howto.html">Clustering/Session Replication HOW-TO</a></h4>
</div>
</div>
<div id="actions">
<div class="button">
<a class="container shadow" href="/manager/status"><span>Server Status</span></a>
</div>
<div class="button">
<a class="container shadow" href="/manager/html"><span>Manager App</span></a>
</div>
<div class="button">
<a class="container shadow" href="/host-manager/html"><span>Host Manager</span></a>
</div>
</div>
<!--
<br class="separator" />
-->
<br class="separator" />
</div>
<div id="middle" class="curved container">
<h3>Developer Quick Start</h3>
<div class="col25">
<div class="container">
<p><a href="/docs/setup.html">Tomcat Setup</a></p>
<p><a href="/docs/appdev/">First Web Application</a></p>
</div>
</div>
<div class="col25">
<div class="container">
<p><a href="/docs/realm-howto.html">Realms & AAA</a></p>
<p><a href="/docs/jndi-datasource-examples-howto.html">JDBC DataSources</a></p>
</div>
</div>
<div class="col25">
<div class="container">
<p><a href="/examples/">Examples</a></p>
</div>
</div>
<div class="col25">
<div class="container">
<p><a href="https://wiki.apache.org/tomcat/Specifications">Servlet Specifications</a></p>
<p><a href="https://wiki.apache.org/tomcat/TomcatVersions">Tomcat Versions</a></p>
</div>
</div>
<br class="separator" />
</div>
<div id="lower">
<div id="low-manage" class="">
<div class="curved container">
<h3>Managing Tomcat</h3>
<p>For security, access to the <a href="/manager/html">manager webapp</a> is restricted.
Users are defined in:</p>
<pre>$CATALINA_HOME/conf/tomcat-users.xml</pre>
<p>In Tomcat 8.5 access to the manager application is split between
different users. <a href="/docs/manager-howto.html">Read more...</a></p>
<br />
<h4><a href="/docs/RELEASE-NOTES.txt">Release Notes</a></h4>
<h4><a href="/docs/changelog.html">Changelog</a></h4>
<h4><a href="https://tomcat.apache.org/migration.html">Migration Guide</a></h4>
<h4><a href="https://tomcat.apache.org/security.html">Security Notices</a></h4>
</div>
</div>
<div id="low-docs" class="">
<div class="curved container">
<h3>Documentation</h3>
<h4><a href="/docs/">Tomcat 8.5 Documentation</a></h4>
<h4><a href="/docs/config/">Tomcat 8.5 Configuration</a></h4>
<h4><a href="https://wiki.apache.org/tomcat/FrontPage">Tomcat Wiki</a></h4>
<p>Find additional important configuration information in:</p>
<pre>$CATALINA_HOME/RUNNING.txt</pre>
<p>Developers may be interested in:</p>
<ul>
<li><a href="https://tomcat.apache.org/bugreport.html">Tomcat 8.5 Bug Database</a></li>
<li><a href="/docs/api/index.html">Tomcat 8.5 JavaDocs</a></li>
<li><a href="https://svn.apache.org/repos/asf/tomcat/tc8.5.x/">Tomcat 8.5 SVN Repository</a></li>
</ul>
</div>
</div>
<div id="low-help" class="">
<div class="curved container">
<h3>Getting Help</h3>
<h4><a href="https://tomcat.apache.org/faq/">FAQ</a> and <a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></h4>
<p>The following mailing lists are available:</p>
<ul>
<li id="list-announce"><strong><a href="https://tomcat.apache.org/lists.html#tomcat-announce">tomcat-announce</a><br />
Important announcements, releases, security vulnerability notifications. (Low volume).</strong>
</li>
<li><a href="https://tomcat.apache.org/lists.html#tomcat-users">tomcat-users</a><br />
User support and discussion
</li>
<li><a href="https://tomcat.apache.org/lists.html#taglibs-user">taglibs-user</a><br />
User support and discussion for <a href="https://tomcat.apache.org/taglibs/">Apache Taglibs</a>
</li>
<li><a href="https://tomcat.apache.org/lists.html#tomcat-dev">tomcat-dev</a><br />
Development mailing list, including commit messages
</li>
</ul>
</div>
</div>
<br class="separator" />
</div>
<div id="footer" class="curved container">
<div class="col20">
<div class="container">
<h4>Other Downloads</h4>
<ul>
<li><a href="https://tomcat.apache.org/download-connectors.cgi">Tomcat Connectors</a></li>
<li><a href="https://tomcat.apache.org/download-native.cgi">Tomcat Native</a></li>
<li><a href="https://tomcat.apache.org/taglibs/">Taglibs</a></li>
<li><a href="/docs/deployer-howto.html">Deployer</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Other Documentation</h4>
<ul>
<li><a href="https://tomcat.apache.org/connectors-doc/">Tomcat Connectors</a></li>
<li><a href="https://tomcat.apache.org/connectors-doc/">mod_jk Documentation</a></li>
<li><a href="https://tomcat.apache.org/native-doc/">Tomcat Native</a></li>
<li><a href="/docs/deployer-howto.html">Deployer</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Get Involved</h4>
<ul>
<li><a href="https://tomcat.apache.org/getinvolved.html">Overview</a></li>
<li><a href="https://tomcat.apache.org/svn.html">SVN Repositories</a></li>
<li><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></li>
<li><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Miscellaneous</h4>
<ul>
<li><a href="https://tomcat.apache.org/contact.html">Contact</a></li>
<li><a href="https://tomcat.apache.org/legal.html">Legal</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
</ul>
</div>
</div>
<div class="col20">
<div class="container">
<h4>Apache Software Foundation</h4>
<ul>
<li><a href="https://tomcat.apache.org/whoweare.html">Who We Are</a></li>
<li><a href="https://tomcat.apache.org/heritage.html">Heritage</a></li>
<li><a href="https://www.apache.org">Apache Home</a></li>
<li><a href="https://tomcat.apache.org/resources.html">Resources</a></li>
</ul>
</div>
</div>
<br class="separator" />
</div>
<p class="copyright">Copyright ©1999-2026 Apache Software Foundation. All Rights Reserved</p>
</div>
</body>
</html>
[root@k8s-node1 ingress]#3:定义Ingress文件
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
spec:
ingressClassName: nginx
rules:
- host: tomcat.zyf.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat
port:
number: 8080二:某企业真实生产环境流量总结
1:域名到Nginx
https://xxx.clound.com/yonxxp.scm.scct等URL域名经由外网解析之后,路由到真实企业的Nginx。
2:Nginx内部操作
检测uri找到其中的yonxxp.scm.scct微服务名称,基于为服务名称进行替换URL,Nginx内部基于Lua脚本维护了一套映射关系,可以通过URL当中的微服务编码拿到应用的FQDN。
map $app_code $target_backend {
'yonbip-scm-scct' online-yonbip-scm-scct.prod1.iuap-yks.local;
}Nginx将基于拿到的FQDN进行反向代理。
location ~ ^/yonbip-scm-scct/(?P<YYBIPURI>.*) {
set $app_code 'yonbip-scm-scct';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_http_version 1.1;
proxy_set_header Connection "";
if ( $nginx-flag = "out-nginx"){
set $yonyoubipnginx "public";
}
proxy_set_header x-network-type $yonyoubipnginx;
proxy_set_header x-app-code $app_code;
proxy_set_header Host $real_host;
proxy_hide_header "Access-Control-Expose-Headers";
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Methods';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Access-Control-Allow-Credentials';
proxy_hide_header 'Access-Control-Max-Age';
include crossDomain.conf;
proxy_pass http://$target_backend/$YYBIPURI$is_args$args;
}Nginx所在的服务器维护了FQDN和Ingress controller基于Load Balance之后的ip地址。这样就基于URL找到了真实的Ingress controller的Service资源统一入口。
proxy_pass http://online-yonbip-scm-scct.prod1.iuap-yks.local/$YYBIPURI$is_args$args;3:k8s的ingress controller是怎么回事?
ingress controller四种核心资源:
IngressClass提供Ingress规范,定义了这个岗位,Ingress controller是真正干活的。他的名字是name=nginx。
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.5
name: nginx
spec:
controller: k8s.io/ingress-nginx真实干活的ingressClass的实现,Ingress Controller通过args当中的参数与IngressClass关联。
- --ingress-class=nginx
会产生3个ingress controller的Pod
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.5
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
replicas: 3
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.5
spec:
hostNetwork: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/ingress
operator: In
values:
- nginx
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-nginx-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.9.5
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
# nodeSelector:
# kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admissioninress controller pod的对应的service采用tpye为loadbalacer可以通过将宿主机某一台地址+80和443进行提供服务。这样的话,入口地址就固定为:192.168.67.128:80/443了。
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.9.5
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
externalTrafficPolicy: Local
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: LoadBalancer我们自己编写ingress路由规则。我们搞完之后,会将这个规则接入到ingress Controller的container的Nginx的conf文件当中,并会主动给你更新。
这样的话,流量经由外部Nginx到达内部Ingress的pod之后,会判断你Http请求中的Host,【会将host改为:k8s当中的:online-yonbip-scm-scct】进行真实的路由规则。找到真实的Pod对应的Serivce应用名称,进而进行路由。
比方说:online-yonxxx-scm-scct.yonsuite-prod.yonyoucloud-k8s.com就是service的FQDN
ingress controller通过coredns解析FQND就能拿到真实的service的ip,通过ip就可以正常访问了。
{
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "online-yonbip-scm-scct",
"namespace": "yonbip",
"selfLink": "/apis/extensions/v1beta1/namespaces/yonxxx/ingresses/online-yonxxx-scm-scct",
"uid": "39f311cf-679b-482e-810c-e59f33e61e8b",
"resourceVersion": "7922492708",
"generation": 1,
"creationTimestamp": "2024-05-24T15:15:26Z",
"labels": {
"yyuap.io/app-id": "online-yonxxx-scm-scct",
"yyuap.io/traffic-group": "",
"yyuap.io/traffic-rule-type": "NORMAL"
},
"annotations": {
"ingress.kubernetes.io/rewrite-target": "/",
"kubernetes.io/ingress.class": "ingress-yonsuite-prod",
"nginx.ingress.kubernetes.io/load-balance": "round_robin"
}
},
"spec": {
"rules": [
{
"host": "online-yonxxx-scm-scct.yonsuite-prod.yonyoucloud-k8s.com",
"http": {
"paths": [
{
"backend": {
"serviceName": "online-yonxxx-scm-scct-out",
"servicePort": 8080
}
}
]
}
}
]
}
}4:k8s中的service和Pod是怎么回事
service和pod之间的关系是怎么回事,这个我们探讨了很多遍,就不需要赘述了。如果希望实现基于ingress实现对不同Pod的路由,基本的实现思路是这样的。
定义多套serivce+deployment+pod。区别就是pod的标签不同,或者是请求分配的资源不同。
ingress当中基于不同的路由策略,路由到不同的serivce上。service路由到不同的pod,同时,这个系统基于各自deployment的伸缩能力,结合hpa等能力完成各自pod的伸缩。