您的位置:首页 > 房产 > 家装 > 网页游戏平台app_品牌建设策略论文_网盟推广_网站制作软件免费下载

网页游戏平台app_品牌建设策略论文_网盟推广_网站制作软件免费下载

2024/12/26 6:10:27 来源:https://blog.csdn.net/qq_73797346/article/details/144253495  浏览:    关键词:网页游戏平台app_品牌建设策略论文_网盟推广_网站制作软件免费下载
网页游戏平台app_品牌建设策略论文_网盟推广_网站制作软件免费下载

1 ingress介绍

1.1 ingress架构图

在这里插入图片描述

1.2 ingress相关概念

ingress诞生背景:

在没有ingress之前,只能基于svc的NodePort或者LoadBalancer实现内部的pod对外访问,如果遇到多个服务要监听80端口时。
很明显无论哪种类型都无法实现,如果非要实现,就得在K8S集群外部部署一个LB设备,来代理到对应svc资源。而ingress就可以很好的解决这个问题。例如nginx的一个80端口可以给多个实例使用

所谓的ingress指的是一种规则,基于用户访问的请求头路由到正确的svc。简单来说说就是7层代理。

可惜K8S只是实现了ingress定义规则,这个规则被记录到etcd中,但并没有具体实现此功能,因此需要自行安装相应的附加组件
(ingress-nginx,trafik,…)

和svc的区别时,svc只能实现4层的代理。而ingress实现了7层的代理。ingress是定义域名到svc的解析规则,好比nginx.conf配置文件

Ingress Controller和内置的pod控制器有啥区别呢?

内置的pod控制器,比如ds、sts、deploy、jobs、cj、rs、rc等都是用来控制pod的副本数量

1.3 nginx基于域名的多实例演示

1.nginx配置

cat /etc/nginx/conf.d/more-instance.conf
server {listen 80; server_name name1.wzy.com;location /* {root /code/name1;index index.html;}
}
server {listen 80; server_name name2.wzy.com;location /* {root /code/name2;index index.html;}
}

2.nginx 页面文件:

[root@db51~]# tree -F /code/
/code/
├── name1/
│   └── index.html
└── name2/└── index.html

3.访问效果

[root@db51~]# curl -H Host:name1.wzy.com 10.0.0.51
name1
[root@db51~]# curl -H Host:name2.wzy.com 10.0.0.51
name2

2 安装ingress控制器

01 ingress-nginx 版本选择和安装方式

ingress-nginx 是K8S官方开源的一个ingress控制器。

安装方式有如下3种:

  • 使用 helm 安装
  • 使用 kubectl apply 创建yaml资源清单的方式进行安装,参考地址。yaml下载地址,修改uri对应版本即可下载需要的版本
  • 使用第三方插件的方式进行安装
upportedIngress-NGINX versionk8s supported versionAlpine VersionNginx VersionHelm Chart Version
🔄v1.12.0-beta.01.31, 1.30, 1.29, 1.283.20.31.25.54.12.0-beta.0
🔄v1.11.31.30, 1.29, 1.28, 1.27, 1.263.20.31.25.54.11.3
🔄v1.11.21.30, 1.29, 1.28, 1.27, 1.263.20.01.25.54.11.2
🔄v1.11.11.30, 1.29, 1.28, 1.27, 1.263.20.01.25.54.11.1
🔄v1.11.01.30, 1.29, 1.28, 1.27, 1.263.20.01.25.54.11.0
v1.10.51.30, 1.29, 1.28, 1.27, 1.263.20.31.25.54.10.5
v1.10.41.30, 1.29, 1.28, 1.27, 1.263.20.01.25.54.10.4
v1.10.31.30, 1.29, 1.28, 1.27, 1.263.20.01.25.54.10.3
v1.10.21.30, 1.29, 1.28, 1.27, 1.263.20.01.25.54.10.2
v1.10.11.30, 1.29, 1.28, 1.27, 1.263.19.11.25.34.10.1
v1.10.01.29, 1.28, 1.27, 1.263.19.11.25.34.10.0
v1.9.61.29, 1.28, 1.27, 1.26, 1.253.19.01.21.64.9.1
v1.9.51.28, 1.27, 1.26, 1.253.18.41.21.64.9.0
v1.9.41.28, 1.27, 1.26, 1.253.18.41.21.64.8.3
v1.9.31.28, 1.27, 1.26, 1.253.18.41.21.64.8.*
v1.9.11.28, 1.27, 1.26, 1.253.18.41.21.64.8.*
v1.9.01.28, 1.27, 1.26, 1.253.18.21.21.64.8.*
v1.8.41.27, 1.26, 1.25, 1.243.18.21.21.64.7.*
v1.7.11.27, 1.26, 1.25, 1.243.17.21.21.64.6.*
v1.6.41.26, 1.25, 1.24, 1.233.17.01.21.64.5.*
v1.5.11.25, 1.24, 1.233.16.21.21.64.4.*
v1.4.01.25, 1.24, 1.23, 1.223.16.21.19.10†4.3.0
v1.3.11.24, 1.23, 1.22, 1.21, 1.203.16.21.19.10†4.2.5
02 helm安装Ingress-nginx
节点IP地址
master23110.0.0.231
worker23210.0.0.232
worker23210.0.0.233

1.添加Ingress-nginx的官方仓库

[root@master231 05-ingress-nginx]# helm repo add zhiyong18-ingress-nginx \
https://kubernetes.github.io/ingress-nginx"zhiyong18-ingress-nginx" has been added to your repositories[root@master231 05-ingress-nginx]# helm repo list
NAME                   	URL                                                   
...
zhiyong18-ingress-nginx	https://kubernetes.github.io/ingress-nginx

2.更新helm软件源

[root@master231 05-ingress-nginx]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "zhiyong18-aliyun" chart repository
...Successfully got an update from the "zhiyong18-ingress-nginx" chart repository
...Successfully got an update from the "azure" chart repository
Update Complete. ⎈Happy Helming!

3.下载指定版本的ingres-nginx软件包。如果下载失败,可以直接去拉取官方拉取chart包:下载地址

[root@master231 05-ingress-nginx]# helm search repo ingress-nginx
NAME                                 	CHART VERSION	APP VERSION	DESCRIPTION                                       
zhiyong18-ingress-nginx/ingress-nginx	4.11.1       	1.11.1     	Ingress controller for Kubernetes using NGINX a...[root@master231 05-ingress-nginx]# helm pull zhiyong18-ingress-nginx/ingress-nginx --version 4.2.5

4.解压软件包,然后修改配置文件

ingress-nginx 要拉取的镜像为:

registry.k8s.io/ingress-nginx/controller:v1.3.1
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0
registry.k8s.io/defaultbackend-amd64:1.5
  • 修改镜像为国内的镜像,否则无法下载海外镜像,除非会FQ
  • 建议使用宿主机网络效率最高,但是使用宿主机网络将来DNS解析策略会直接使用宿主机的解析
  • 如果还想要继续使用K8S内部的svc名称解析,则需要将默认的 ClusterFirst 的DNS解析策略修改为 ClusterFirstWithHostNet
    • ClusterFirst:默认策略,Pod 的 DNS 查询会优先使用 K8S 集群内部的 DNS 解析服务(通常是 CoreDNS 或 kube-dns
    • ClusterFirstWithHostNet:强制使用K8S集群的 DNS 解析,即便 Pod 使用主机网络模式
  • 建议将Deployment类型改为 DaemonSet 类型,可以确保在各个节点部署一个Pod,也可以修改 nodeSelector 字段让其调度到指定节点
  • 如果仅有一个ingress controller,可以考虑将 ingressClassResource.default 设置为true,表示让其成为默认的ingress controller

方法一:使用第三方镜像

sed -i '/registry:/s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com#g' ingress-nginx/values.yaml
sed -i 's#ingress-nginx/controller#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml 
sed -i 's#ingress-nginx/kube-webhook-certgen#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
sed -i 's#v1.3.0#kube-webhook-certgen-v1.3.0#' ingress-nginx/values.yaml
sed -ri '/digest:/s@^@#@' ingress-nginx/values.yamlsed -i '/hostNetwork:/s#false#true#' ingress-nginx/values.yaml
sed -i  '/dnsPolicy/s#ClusterFirst#ClusterFirstWithHostNet#' ingress-nginx/values.yaml
sed -i '/kind/s#Deployment#DaemonSet#' ingress-nginx/values.yaml 
sed -i '/default:/s#false#true#'  ingress-nginx/values.yaml

方法二:用FQ的节点拉取官方镜像,然后导出为压缩包。然后在每一个节点手动导入,然后就可以少执行几条命令。(本次操作用的这一种)

sed -i '/hostNetwork:/s#false#true#' ingress-nginx/values.yaml
sed -i  '/dnsPolicy/s#ClusterFirst#ClusterFirstWithHostNet#' ingress-nginx/values.yaml
sed -i '/kind/s#Deployment#DaemonSet#' ingress-nginx/values.yaml 
sed -i '/default:/s#false#true#'  ingress-nginx/values.yaml

如果使用改名后的镜像,须删除chart包 value 的所有 digest 信息(注释掉也可以),否则会比对校验值失败,导致本地导入的镜像无效

在这里插入图片描述

5.创建Ingress专用的名称空间,使用helm一键安装Ingress

kubectl create ns zhiyong18-ingress
helm install luckyboy-ingress-nginx ingress-nginx -n zhiyong18-ingress NAME: luckyboy-ingress-nginx
LAST DEPLOYED: Wed Aug 14 10:07:47 2024
NAMESPACE: zhiyong18-ingress
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace zhiyong18-ingress get services -o wide -w luckyboy-ingress-nginx-controller'An example Ingress that makes use of the controller:apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: examplenamespace: foospec:ingressClassName: nginxrules:- host: www.example.comhttp:paths:- pathType: Prefixbackend:service:name: exampleServiceport:number: 80path: /# This section is only required if TLS is to be enabled for the Ingresstls:- hosts:- www.example.comsecretName: example-tlsIf TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:apiVersion: v1kind: Secretmetadata:name: example-tlsnamespace: foodata:tls.crt: <base64 encoded cert>tls.key: <base64 encoded key>type: kubernetes.io/tls

6.查看创建的创建的资源,daemonset控制器管理的2个pod(因为master有污点,不然就是3个pod)

[root@master23106-ingress]# kubectl -n zhiyong18-ingress get all
NAME                                          READY   STATUS    RESTARTS   AGE
pod/luckyboy-ingress-nginx-controller-mn5tn   1/1     Running   0          94s
pod/luckyboy-ingress-nginx-controller-stcf9   1/1     Running   0          94sNAME                                                  TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                    AGE
service/luckyboy-ingress-nginx-controller             LoadBalancer   10.200.43.110    <pending>     80:8856/TCP,443:9000/TCP   94s
service/luckyboy-ingress-nginx-controller-admission   ClusterIP      10.200.122.168   <none>        443/TCP                    94sNAME                                               DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/luckyboy-ingress-nginx-controller   2         2         2       2            2           kubernetes.io/os=linux   94s

7.测试访问。404为正常现象

http://10.0.0.232/
http://10.0.0.233

在这里插入图片描述

03 禁用admissionWebhooks功能

1.修改配置文件,禁用admissionWebhooks功能。如果此步骤不操作,后续自定义ingress规则会出现如下的报错信息:

Error from server (InternalError): error when creating “01-ingress-demo.yaml”: Internal error occurred: failed calling webhook “validate.nginx.ingress.kubernetes.io”: failed to call webhook: Post “https://luckyboy-ingress-nginx-controller-admission.zhiyong18-ingress.svc:443/networking/v1/ingresses?timeout=10s”: x509: certificate is not valid for any names, but wanted to match linux92-ingress-nginx-controller-admission.oldboyedu-ingress.svc

vim ingress-nginx/values.yamlcontroller:...admissionWebhooks:...# 大概在596行左右。# enabled: trueenabled: falseresses?timeout=10s": x509: certificate is not valid for any names, but wanted to match linux92-ingress-nginx-controller-admission.oldboyedu-ingress.svc```yaml
vim ingress-nginx/values.yamlcontroller:...admissionWebhooks:...# 大概在596行左右。# enabled: trueenabled: false

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com