文章 59
评论 0
浏览 30511
k8s运行服务

k8s运行服务

一、运行web服务

k8s运行规划图

image-20210619103917579

k8s中镜像设计规划

image-20210619103956067

#镜像存放目录结构如下
[10:41:45 root@k8s-master1 ~]#tree /k8s-data/dockerfile/
/k8s-data/dockerfile/
├── system
│   ├── alpine
│   ├── centos
│   └── ubuntu
└── web
    ├── nginx
    └── tomcat

1.1 运行nginx服务

将nginx运行在k8s中并可以从外部访问到nginx的web页面。

1.1.1 centos基础镜像制作

#文件列表
[11:02:51 root@harbor centos]#pwd
/k8s-data/dockerfile/system/centos
[11:02:53 root@harbor centos]#tree 
.
├── build-command.sh
├── Dockerfile
└── filebeat-7.12.1-x86_64.rpm

#Dockerfile文件内容
[11:08:03 root@harbor centos]#cat Dockerfile 
from centos:7
maintainer zhangzhuo "1191400158@qq.com"
add filebeat-7.12.1-x86_64.rpm /tmp/   #安装filebeat为以后容器日志收集做准备
run yum localinstall -y /tmp/filebeat-7.12.1-x86_64.rpm && rm -rf /tmp/filebeat-7.12.1-x86_64.rpm
run yum install -y wget  #
run rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #修改时区
run wget -O /etc/yum.repos.d/CentOS-Base.repo https://repo.huaweicloud.com/repository/conf/CentOS-7-reg.repo #修改yum源为国内的源

#build-command脚本
基于脚本实现镜像自动build及上传到harbor功能
[11:08:08 root@harbor centos]#cat build-command.sh 
#!/bin/bash
docker build -t harbor.zhangzhuo.org/image/centos-base:7 . #镜像构建
sleep 1
docker push harbor.zhangzhuo.org/image/centos-base:7   #镜像上传harbor

#执行构建脚本
[11:10:33 root@harbor centos]#./build-command.sh

1.1.2 Nginx 基础镜像制作

制作一个通用的Ningx镜像

#文件列表
[11:35:56 root@harbor nginx]#pwd
/k8s-data/dockerfile/web/nginx
[11:25:20 root@harbor nginx]#tree 
.
├── build-command.sh
├── Dockerfile
└── nginx-1.18.0.tar.gz

#Dockerfile文件
[11:31:42 root@harbor nginx]#cat Dockerfile 
from harbor.zhangzhuo.org/image/centos-base:7  #源镜像使用刚刚创建的centos镜像
maintainer zhangzhuo
run yum install -y gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel  #安装编译环境
run groupadd -g 2020 nginx && useradd nginx -u 2020 -g 2020 #创建nginx用户
ADD nginx-1.18.0.tar.gz /tmp/  #添加nginx源码包
run cd /tmp/nginx-1.18.0 && ./configure --prefix=/apps/nginx --user=nginx --group=nginx && make && make install && chown -R nginx: /apps/nginx && ln -sv /apps/nginx/sbin/nginx /usr/bin/nginx  #编译安装
run rm -rf /tmp/nginx-1.18.0    #删除源码包文件

#脚本文件
[11:31:54 root@harbor nginx]#cat build-command.sh 
#!/bin/bash
docker build -t harbor.zhangzhuo.org/image/nginx-base:v1.18.0 .
sleep 1
docker push harbor.zhangzhuo.org/image/nginx-base:v1.18.0

#执行构建
[11:34:35 root@harbor nginx]#./build-command.sh

1.1.3 构建nginx业务镜像

基于Nginx基础镜像,制作N个不同服务的Nginx业务镜像

创建业务镜像目录

[11:37:47 root@harbor ~]#tree /k8s-data/ -d
/k8s-data/
└── dockerfile
    ├── system
    │   ├── alpine
    │   ├── centos
    │   └── ubuntu
    ├── web
    │   ├── nginx
    │   └── tomcat
    └── zhangzhuo
        ├── nginx
        └── tomcat

创建nginx业务镜像

#镜像文件列表
[11:38:40 root@harbor nginx]#pwd
/k8s-data/dockerfile/zhangzhuo/nginx
[12:13:12 root@harbor nginx]#tree 
.
├── build-command.sh
├── Dockerfile
├── html   
│   ├── image
│   │   └── 1.jpg
│   └── index.html
├── index.html
└── nginx.conf

#Docekrfile文件
[12:13:20 root@harbor nginx]#cat Dockerfile 
from harbor.zhangzhuo.org/image/nginx-base:v1.18.0
add nginx.conf /apps/nginx/conf/nginx.conf
add html /apps/nginx/html/zhangzhuo
add index.html /apps/nginx/html/index.html
run chown -R nginx.nginx /apps/nginx
expose 80 443
cmd ["nginx"]

#nginx配置文件
[12:14:02 root@harbor nginx]#cat nginx.conf 
daemon off;  #关闭后台运行其他默认

#测试文件页面
[12:14:17 root@harbor nginx]#cat index.html 
<h1>zhangzhuo</h1>

#构建脚本
[12:15:01 root@harbor nginx]#cat build-command.sh 
#!/bin/bash
docker build -t harbor.zhangzhuo.org/zhangzhuo/nginx-web1:v1 .
sleep 1
docker push harbor.zhangzhuo.org/zhangzhuo/nginx-web1:v1

#执行构建
[12:15:36 root@harbor nginx]#./build-command.sh

#启动容器访问测试
[12:15:36 root@harbor nginx]#docker run -it -d --rm --name nginx-zhangzhuo -p 8082:80 harbor.zhangzhuo.org/zhangzhuo/nginx:v1
[12:16:21 root@harbor nginx]#curl 192.168.10.185:8082
<h1>zhangzhuo</h1>

1.1.4 k8s的yaml文件语法基础

需要提前创建好yaml文件,并创建好好pod运行所需要的namespace、yaml文件等资源

#为项目创建命名空间yaml文件
[12:24:26 root@k8s-master1 namespaces]#cat zhangzhuo-namespace.yaml 
apiVersion: v1 #API版本
kind: Namespace #类型为namespac
metadata:  #定义元数据
  name: zhangzhuo  #namespace名称
#创建验证namespace
[12:37:37 root@k8s-master1 namespaces]#kubectl apply -f zhangzhuo-namespace.yaml 
namespace/zhangzhuo created
[12:37:47 root@k8s-master1 namespaces]#kubectl get namespaces 
NAME                   STATUS   AGE
default                Active   23h
kube-node-lease        Active   23h
kube-public            Active   23h
kube-system            Active   23h
kubernetes-dashboard   Active   23h
zhangzhuo              Active   37s

1.1.5 Nginx yaml文件

#service文件
[14:27:20 root@k8s-master1 zhangzhuo]#cat service/zhangzhuo-nginx-service.yaml 
apiVersion: v1
kind: Service
metadata:
  labels:
    app: zhangzhuo-nginx
  name: zhangzhuo-nginx-spec
  namespace: zhangzhuo
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30080
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
    nodePort: 30443
  selector:
    app: zhangzhuo-nginx-selector

#Deployment文件
[14:27:40 root@k8s-master1 zhangzhuo]#cat Deployment/zhangzhuo-nginx-deployment.yaml 
 apiVersion: apps/v1  
 kind: Deployment
 metadata:  
   labels:
     app: zhangzhuo-nginx-deployment-label 
   name: zhangzhuo-nginx-deployment 
   namespace: zhangzhuo
 spec:
   replicas: 2
   selector:
     matchLabels:
       app: zhangzhuo-nginx-selector
   template:
     metadata:
       labels:
         app: zhangzhuo-nginx-selector
     spec:
       containers:
       - name: zhangzhuo-nginx-container
         image: harbor.zhangzhuo.org/zhangzhuo/nginx-web1:v1
         imagePullPolicy: Always
         ports:
         - containerPort: 80
           protocol: TCP
           name: http
         - containerPort: 443
           protocol: TCP
           name: https
         readinessProbe:
           httpGet:
             scheme: HTTP
             path: /index.html
             port: 80      
           initialDelaySeconds: 10 
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         livenessProbe:
           tcpSocket:
             port: 80
           initialDelaySeconds: 10
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         env:
         - name: "password"
           value: "123456"
         - name: "age"  
           value: "18"    
         resources:       
           limits:       
             memory: "50Mi"
             cpu: "100m"
           requests:
             cpu: "100m"
             memory: "50Mi"

执行创建nginx pod

[14:30:01 root@k8s-master1 zhangzhuo]#kubectl apply -f Deployment/zhangzhuo-nginx-deployment.yaml 
deployment.apps/zhangzhuo-nginx-deployment created
[14:30:12 root@k8s-master1 zhangzhuo]#kubectl apply -f service/zhangzhuo-nginx-service.yaml 
service/zhangzhuo-nginx-spec created

验证测试nginx

#查看pod
[14:30:17 root@k8s-master1 zhangzhuo]#kubectl get pod -n zhangzhuo 
NAME                                         READY   STATUS    RESTARTS   AGE
zhangzhuo-nginx-deployment-9b598db96-bn45h   1/1     Running   0          33s
zhangzhuo-nginx-deployment-9b598db96-ph54b   1/1     Running   0          33s

#查看service
[14:31:15 root@k8s-master1 zhangzhuo]#kubectl get service -n zhangzhuo 
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
zhangzhuo-nginx-spec   NodePort   10.200.147.96   <none>        80:30080/TCP,443:30443/TCP   101s

#查看service后端pod
[14:33:42 root@k8s-master1 zhangzhuo]#kubectl describe service -n zhangzhuo  zhangzhuo-nginx-spec 
Name:                     zhangzhuo-nginx-spec
Namespace:                zhangzhuo
Labels:                   app=zhangzhuo-nginx
Annotations:              <none>
Selector:                 app=zhangzhuo-nginx-selector
Type:                     NodePort
IP:                       10.200.147.96
Port:                     http  80/TCP
TargetPort:               80/TCP
NodePort:                 http  30080/TCP
Endpoints:                10.100.224.134:80,10.100.50.133:80
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  30443/TCP
Endpoints:                10.100.224.134:443,10.100.50.133:443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

#测试访问
[14:33:54 root@k8s-master1 zhangzhuo]#curl 192.168.10.181:30080
<h1>zhangzhuo</h1>

1.2 运行tomcat服务

基于基础的centos镜像,制作公司内部基础镜像--jdk镜像--tomcat基础镜像--tomcat业务镜像

1.2.1 JDK基础镜像制作

#文件列表
[15:01:06 root@harbor jdk]#pwd
/k8s-data/dockerfile/system/jdk
[14:56:59 root@harbor jdk]#tree 
.
├── build-command.sh
├── Dockerfile
├── jdk-8u281-linux-x64.tar.gz
└── profile
#Dockerfile文件
[14:57:03 root@harbor jdk]#cat Dockerfile 
from harbor.zhangzhuo.org/image/centos-base:7
maintainer zhangzhuo
add jdk-8u281-linux-x64.tar.gz /usr/local/src/
run cd /usr/local/src/ && mv jdk1.8.0_281 jdk
add profile /etc/profile

ENV JAVA_HOME /usr/local/src/jdk  #给容器添加变量
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin
#脚本文件
[14:57:26 root@harbor jdk]#cat build-command.sh 
#!/bin/bash
docker build -t harbor.zhangzhuo.org/image/centos-jdk:v8u281 .
sleep 1
docker push harbor.zhangzhuo.org/image/centos-jdk:v8u281
#profile文件,最后添加
[14:57:58 root@harbor jdk]#tail profile 
export JAVA_HOME=/usr/local/src/jdk
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
export PATH=$PATH:$JAVA_HOME/bin
#执行构建
[14:59:11 root@harbor jdk]#./build-command.sh

#启动容器测试
[14:56:38 root@harbor jdk]#docker run -it --rm harbor.zhangzhuo.org/image/centos-jdk:v8u281 bash
[root@65a2daf73dce /]# java -version
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 1.8.0_281-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.281-b09, mixed mode)

1.2.2 tomcat基础镜像制作

#文件列表
[15:01:22 root@harbor tomcat]#pwd
/k8s-data/dockerfile/web/tomcat
[15:06:53 root@harbor tomcat]#tree 
.
├── apache-tomcat-8.5.64.tar.gz
├── build-command.sh
└── Dockerfile
#Dockerfile文件
[15:10:46 root@harbor tomcat]#cat Dockerfile 
from harbor.zhangzhuo.org/image/centos-jdk:v8u281
maintainer zhangzhuo
ADD apache-tomcat-8.5.64.tar.gz /apps/
run cd /apps && mv apache-tomcat-8.5.64 tomcat
run groupadd -g 8080 tomcat && useradd -g 8080 -u 8080 tomcat
#脚本文件
[15:07:16 root@harbor tomcat]#cat build-command.sh 
#!/bin/bash
docker build -t harbor.zhangzhuo.org/image/tomcat-base:v8.5.64 .
sleep 1
docker push harbor.zhangzhuo.org/image/tomcat-base:v8.5.64
#构建镜像
[15:05:53 root@harbor tomcat]#./build-command.sh 

1.2.3 tomcat业务镜像app1制作

#文件列表
[15:12:18 root@harbor app1]#pwd
/k8s-data/dockerfile/zhangzhuo/tomcat/app1
[15:28:09 root@harbor app1]#tree 
.
├── app1
│   └── index.html
├── app1.tar.gz
├── catalina.sh
├── Dockerfile
├── run_tomcat.sh
└── server.xml
#Dockerfile文件
[15:31:05 root@harbor app1]#cat Dockerfile 
from harbor.zhangzhuo.org/image/tomcat-base:v8.5.64  #使用tomcat基础镜像
add catalina.sh /apps/tomcat/bin/catalina.sh         #导入启动文件
add server.xml /apps/tomcat/conf/server.xml          #导入配置文件
add run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh     #导入启动脚本
add app1.tar.gz /apps/tomcat/webapps/                #导入代码
run chown -R tomcat: /apps/tomcat                    #设置文件所有者
expose 8080 8443
cmd ["/apps/tomcat/bin/run_tomcat.sh"]               #执行启动tomcat脚本
#构建镜像脚本
[15:33:55 root@harbor app1]#cat build-command.sh 
#!/bin/bash
docker build -t harbor.zhangzhuo.org/zhangzhuo/tomcat-app1:v1 .
sleep 1
docker push harbor.zhangzhuo.org/zhangzhuo/tomcat-app1:v1
#tomcat启动脚本
[15:33:57 root@harbor app1]#cat run_tomcat.sh 
#!/bin/bash
su - tomcat -c "/apps/tomcat/bin/catalina.sh start"
su - tomcat -c "tail -f /etc/hosts"
#构建镜像
[15:34:19 root@harbor app1]#./build-command.sh

#测试镜像
[15:30:46 root@harbor tomcat]#docker run -it --rm -p 8080:8080 harbor.zhangzhuo.org/zhangzhuo/tomcat-app1:v1
[15:34:55 root@harbor app1]#curl 192.168.10.185:8080/app1/
<h1>tomcat app1<h1>

1.2.4 在k8s环境中运行tomcat

#创建tomcat-app1的yaml文件
#service文件
[15:43:18 root@k8s-master1 zhangzhuo]#cat service/zhangzhuo-tomcat-app1-service.yaml 
apiVersion: v1
kind: Service
metadata:
  labels:
    app: zhangzhuo-tomcat-app1
  name: zhangzhuo-tomcat-app1-spec
  namespace: zhangzhuo
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: zhangzhuo-tomcat-app1-selector
# Deployment文件
[16:03:43 root@k8s-master1 zhangzhuo]#cat Deployment/zhangzhuo-tomcat-app1-deployment.yaml 
 apiVersion: apps/v1  
 kind: Deployment
 metadata:  
   labels:
     app: zhangzhuo-tomcat-app1-deployment-label 
   name: zhangzhuo-tomcat-app1-deployment 
   namespace: zhangzhuo
 spec:
   replicas: 2
   selector:
     matchLabels:
       app: zhangzhuo-tomcat-app1-selector
   template:
     metadata:
       labels:
         app: zhangzhuo-tomcat-app1-selector
     spec:
       containers:
       - name: zhangzhuo-tomcat-app1-container
         image: harbor.zhangzhuo.org/zhangzhuo/tomcat-app1:v1
         imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
           name: http
         readinessProbe:
           httpGet:
             scheme: HTTP
             path: /app1/index.html
             port: 8080  
           initialDelaySeconds: 30
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         livenessProbe:
           tcpSocket:
             port: 8080
           initialDelaySeconds: 30
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         env:
         - name: "password"
           value: "123456"
         - name: "age"  
           value: "18"    
         resources:       
           limits:       
             memory: "200Mi"
             cpu: "200m"
           requests:
             cpu: "200m"
             memory: "100Mi"
#启动容器测试
[15:44:00 root@k8s-master1 zhangzhuo]#kubectl apply -f service/zhangzhuo-tomcat-app1-service.yaml 
service/zhangzhuo-tomcat-app1-spec created
[15:44:47 root@k8s-master1 zhangzhuo]#kubectl apply -f Deployment/zhangzhuo-tomcat-app1-deployment.yaml 
deployment.apps/zhangzhuo-tomcat-app1-deployment created
#验证容器
#查看pod信息
[16:03:28 root@k8s-master1 zhangzhuo]#kubectl get pod -n zhangzhuo 
NAME                                               READY   STATUS    RESTARTS   AGE
zhangzhuo-nginx-deployment-9b598db96-bn45h         1/1     Running   0          93m
zhangzhuo-nginx-deployment-9b598db96-ph54b         1/1     Running   0          93m
zhangzhuo-tomcat-app1-deployment-774b5c6d6-skjgq   1/1     Running   0          2m10s
zhangzhuo-tomcat-app1-deployment-774b5c6d6-wbn8l   1/1     Running   0          2m10s
#service信息
[16:03:59 root@k8s-master1 zhangzhuo]#kubectl describe service -n zhangzhuo zhangzhuo-tomcat-app1-spec 
Name:              zhangzhuo-tomcat-app1-spec
Namespace:         zhangzhuo
Labels:            app=zhangzhuo-tomcat-app1
Annotations:       <none>
Selector:          app=zhangzhuo-tomcat-app1-selector
Type:              ClusterIP
IP:                10.200.155.49
Port:              http  8080/TCP
TargetPort:        8080/TCP
Endpoints:         10.100.224.138:8080,10.100.50.137:8080
Session Affinity:  None
Events:            <none>
#访问测试
[16:04:27 root@k8s-master1 zhangzhuo]#curl 10.200.155.49:8080/app1/
<h1>tomcat app1<h1>

1.3 k8s中nginx+tomcat实现动静分离

实现一个通用的nginx+tomcat动静分离web架构,即用户访问的静态页面和图片在由nginx直接响应,而动态请求 则基于location转发至tomcat。

重点:Nginx基于tomcat的service name转发用户请求到tomcat业务app

查看tomcat app1的server name

[16:09:02 root@k8s-master1 zhangzhuo]#kubectl get service -n zhangzhuo 
NAME                         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
zhangzhuo-nginx-spec         NodePort    10.200.147.96   <none>        80:30080/TCP,443:30443/TCP   98m
zhangzhuo-tomcat-app1-spec   ClusterIP   10.200.155.49   <none>        8080/TCP                     24m

1.3.1 nginx业务镜像配置

1.3.1.1 nginx配置文件修改

[16:14:58 root@harbor nginx]#cat nginx.conf 
    upstream tomcat_app1 {
        server zhangzhuo-tomcat-app1-spec.zhangzhuo.svc.zhangzhuo.org:8080;
    }
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
        location /app1 {
            proxy_pass http://tomcat_app1;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

重新构建nginx业务镜像

[16:15:49 root@harbor nginx]#./build-command.sh 

镜像启动为容容器并验证配置文件

[16:18:45 root@harbor nginx]#docker run -it --rm harbor.zhangzhuo.org/zhangzhuo/nginx-web1:v1 bash
[root@933eb7a7a982 /]# cat /apps/nginx/conf/nginx.conf
   upstream tomcat_app1 {
        server zhangzhuo-tomcat-app1-spec.zhangzhuo.svc.zhangzhuo.org:8080;
    }
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
        location /app1 {
            proxy_pass http://tomcat_app1;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

1.3.2 重新创建业务nginx pod

两种实现方式

1.3.2.1 删除并重新创建nginx业务镜像

#删除
[16:20:48 root@k8s-master1 zhangzhuo]#kubectl delete -f Deployment/zhangzhuo-nginx-deployment.yaml

#新建
[16:20:48 root@k8s-master1 zhangzhuo]#kubectl apply -f Deployment/zhangzhuo-nginx-deployment.yaml 

1.3.2.2 更新nginx业务镜像版本号

重新构建新版本镜像,然后打一个新的tag号,然后通过指定镜像的方式对pod进行更新。

#修改yaml文件
[16:33:33 root@k8s-master1 zhangzhuo]#cat Deployment/zhangzhuo-nginx-deployment.yaml
  image: harbor.zhangzhuo.org/zhangzhuo/nginx-web1:v2
#更新
[16:34:17 root@k8s-master1 zhangzhuo]#kubectl apply -f Deployment/zhangzhuo-nginx-deployment.yaml
deployment.apps/zhangzhuo-nginx-deployment configured

#访问测试
[16:36:08 root@k8s-master1 ~]#curl 192.168.10.181:30080
<h1>zhangzhuo</h1>
[16:36:11 root@k8s-master1 ~]#curl 192.168.10.181:30080/app1/
<h1>tomcat app1<h1>

1.4 基于NFS实现动静分离

图片的上传由后端服务器tomcat完成,图片的读取由前端的nginx响应,就需要nginx与tomcat的数据保持一致性,因此需要将数据保存到k8s环境外部的存储服务器,然后再挂载到各nginx与tomcat 的容器中进行相应的操作。

存储卷类型及使用:http://docs.kubernetes.org.cn/429.html

1.4.1 NFS服务环境准备

#创建数据总目录
[16:48:26 root@harbor ~]#mkdir /data/zhangzhuo -p
#图片目录
[16:48:36 root@harbor ~]#mkdir /data/zhangzhuo/images
#静态文件目录
[16:49:02 root@harbor ~]#mkdir /data/zhangzhuo/static

#修改nfs配置文件
[16:50:13 root@harbor ~]#cat /etc/exports
/data/zhangzhuo *(rw,no_root_squash)

#重启服务
[16:50:16 root@harbor ~]#systemctl restart nfs-server.service

#NFS客户端挂载测试写入文件
[16:50:45 root@harbor ~]#mount -t nfs 192.168.10.185:/data/zhangzhuo /mnt/
[16:51:30 root@harbor ~]#cp /etc/fstab /mnt/
[16:51:40 root@harbor ~]#ls /mnt/
fstab  images  static

1.4.2 nginx业务容器yaml

[17:11:32 root@k8s-master1 Deployment]#cat zhangzhuo-nginx-deployment.yaml 
 apiVersion: apps/v1  
 kind: Deployment
 metadata:  
   labels:
     app: zhangzhuo-nginx-deployment-label 
   name: zhangzhuo-nginx-deployment 
   namespace: zhangzhuo
 spec:
   replicas: 2
   selector:
     matchLabels:
       app: zhangzhuo-nginx-selector
   template:
     metadata:
       labels:
         app: zhangzhuo-nginx-selector
     spec:
       volumes:
       - name: zhangzhuo-image
         nfs:
           server: 192.168.10.185
           path: /data/zhangzhuo/images
       - name: zhangzhuo-static
         nfs:
           server: 192.168.10.185
           path: /data/zhangzhuo/static
       containers:
       - name: zhangzhuo-nginx-container
         image: harbor.zhangzhuo.org/zhangzhuo/nginx-web1:v2
         imagePullPolicy: Always
         ports:
         - containerPort: 80
           protocol: TCP
           name: http
         - containerPort: 443
           protocol: TCP
           name: https
         readinessProbe:
           httpGet:
             scheme: HTTP
             path: /index.html
             port: 80      
           initialDelaySeconds: 10 
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         livenessProbe:
           tcpSocket:
             port: 80
           initialDelaySeconds: 10
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         volumeMounts:
         - name: zhangzhuo-image
           mountPath: /apps/nginx/html/zhangzhuo/image
           readOnly: false
         - name: zhangzhuo-static
           mountPath: /apps/nginx/html/zhangzhuo/static
           readOnly: false
         env:
         - name: "password"
           value: "123456"
         - name: "age"  
           value: "18"    
         resources:       
           limits:       
             memory: "50Mi"
             cpu: "100m"
           requests:
             cpu: "100m"
             memory: "50Mi"
#执行更新yaml文件
[17:11:30 root@k8s-master1 Deployment]#kubectl apply -f zhangzhuo-nginx-deployment.yaml 
deployment.apps/zhangzhuo-nginx-deployment configured

pod中验证挂载NFS

[root@zhangzhuo-nginx-deployment-847fbb58b8-fpwx6 /]# df -h
Filesystem                             Size  Used Avail Use% Mounted on
overlay                                 20G  7.5G   12G  41% /
tmpfs                                   64M     0   64M   0% /dev
tmpfs                                  994M     0  994M   0% /sys/fs/cgroup
/dev/sda2                               20G  7.5G   12G  41% /etc/hosts
shm                                     64M     0   64M   0% /dev/shm
192.168.10.185:/data/zhangzhuo/static   20G  8.9G  9.7G  48% /apps/nginx/html/zhangzhuo/static
tmpfs                                  994M   12K  994M   1% /run/secrets/kubernetes.io/serviceaccount
192.168.10.185:/data/zhangzhuo/images   20G  8.9G  9.7G  48% /apps/nginx/html/zhangzhuo/image
tmpfs                                  994M     0  994M   0% /proc/acpi
tmpfs                                  994M     0  994M   0% /proc/scsi
tmpfs                                  994M     0  994M   0% /sys/firmware
[root@zhangzhuo-nginx-deployment-847fbb58b8-fpwx6 /]# ls /apps/nginx/html/zhangzhuo/
image  index.html  static

1.4.3 tomcat业务pod更新挂载

[17:19:32 root@k8s-master1 Deployment]#cat zhangzhuo-tomcat-app1-deployment.yaml
 apiVersion: apps/v1  
 kind: Deployment
 metadata:  
   labels:
     app: zhangzhuo-tomcat-app1-deployment-label 
   name: zhangzhuo-tomcat-app1-deployment 
   namespace: zhangzhuo
 spec:
   replicas: 2
   selector:
     matchLabels:
       app: zhangzhuo-tomcat-app1-selector
   template:
     metadata:
       labels:
         app: zhangzhuo-tomcat-app1-selector
     spec:
       volumes:
       - name: zhangzhuo-image
         nfs:
           server: 192.168.10.185
           path: /data/zhangzhuo/images
       - name: zhangzhuo-static
         nfs:   #类型
           server: 192.168.10.185  #服务器地址
           path: /data/zhangzhuo/static #共享目录
       containers:
       - name: zhangzhuo-tomcat-app1-container
         image: harbor.zhangzhuo.org/zhangzhuo/tomcat-app1:v1
         imagePullPolicy: Always
         ports:
         - containerPort: 8080
           protocol: TCP
           name: http
         readinessProbe:
           httpGet:
             scheme: HTTP
             path: /app1/index.html
             port: 8080  
           initialDelaySeconds: 30
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         livenessProbe:
           tcpSocket:
             port: 8080
           initialDelaySeconds: 30
           periodSeconds: 3
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 3
         volumeMounts:
         - name: zhangzhuo-image
           mountPath: /apps/tomcat/webapps/app1/image
           readOnly: false
         - name: zhangzhuo-static
           mountPath: /apps/tomcat/webapps/app1/static
           readOnly: false
         env:
         - name: "password"
           value: "123456"
         - name: "age"  
           value: "18"    
         resources:       
           limits:       
             memory: "200Mi"
             cpu: "200m"
           requests:
             cpu: "200m"
             memory: "100Mi"
#执行更新tomcat app1业务容器
[17:19:28 root@k8s-master1 Deployment]#kubectl apply -f zhangzhuo-tomcat-app1-deployment.yaml
deployment.apps/zhangzhuo-tomcat-app1-deployment configured

验证挂载

[root@zhangzhuo-tomcat-app1-deployment-794d9c6445-bnfn7 /]# ls /apps/tomcat/webapps/app1/
image  index.html  static
[root@zhangzhuo-tomcat-app1-deployment-794d9c6445-bnfn7 /]# df
Filesystem                            1K-blocks    Used Available Use% Mounted on
overlay                                20508240 7785604  11657832  41% /
tmpfs                                     65536       0     65536   0% /dev
tmpfs                                   1016956       0   1016956   0% /sys/fs/cgroup
/dev/sda2                              20508240 7785604  11657832  41% /etc/hosts
shm                                       65536       0     65536   0% /dev/shm
192.168.10.185:/data/zhangzhuo/static  20508288 9278848  10164672  48% /apps/tomcat/webapps/app1/static
tmpfs                                   1016956      12   1016944   1% /run/secrets/kubernetes.io/serviceaccount
192.168.10.185:/data/zhangzhuo/images  20508288 9278848  10164672  48% /apps/tomcat/webapps/app1/image
tmpfs                                   1016956       0   1016956   0% /proc/acpi
tmpfs                                   1016956       0   1016956   0% /proc/scsi
tmpfs                                   1016956       0   1016956   0% /sys/firmware

1.4.4 上传数据到NFS访问测试

#生成数据
[17:39:11 root@harbor zhangzhuo]#tree 
.
├── fstab
├── images
│   └── 1.jpg
└── static
    └── index.html
#访问测试
[17:40:44 root@harbor zhangzhuo]#curl 192.168.10.181:30080/app1/static/
<h1>nginx to tomcat</h1>
<h2>zhangzhuo</h2>
<img src="../image/1.jpg"/>
[17:41:33 root@harbor zhangzhuo]#curl 192.168.10.181:30080/zhangzhuo/static/
<h1>nginx to tomcat</h1>
<h2>zhangzhuo</h2>
<img src="../image/1.jpg"/>

命令总结

#查看service信息
[17:43:47 root@k8s-master1 ~]#kubectl get service -n zhangzhuo -o wide
NAME                         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE     SELECTOR
zhangzhuo-nginx-spec         NodePort    10.200.147.96   <none>        80:30080/TCP,443:30443/TCP   3h13m   app=zhangzhuo-nginx-selector
zhangzhuo-tomcat-app1-spec   ClusterIP   10.200.155.49   <none>        8080/TCP                     119m    app=zhangzhuo-tomcat-app1-selector

#查看pod信息
[17:43:50 root@k8s-master1 ~]#kubectl get pod -n zhangzhuo -o wide
NAME                                                READY   STATUS    RESTARTS   AGE    IP               NODE             NOMINATED NODE   READINESS GATES
zhangzhuo-nginx-deployment-847fbb58b8-7tp8b         1/1     Running   0          32m    10.100.50.139    192.168.10.183   <none>           <none>
zhangzhuo-nginx-deployment-847fbb58b8-fpwx6         1/1     Running   0          32m    10.100.224.140   192.168.10.182   <none>           <none>
zhangzhuo-tomcat-app1-deployment-794d9c6445-bnfn7   1/1     Running   0          9m4s   10.100.50.146    192.168.10.183   <none>           <none>
zhangzhuo-tomcat-app1-deployment-794d9c6445-xq87z   1/1     Running   0          9m4s   10.100.224.143   192.168.10.182   <none>           <none>

#查看节点信息
[17:44:42 root@k8s-master1 ~]#kubectl get node -o wide
NAME             STATUS                     ROLES    AGE   VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
192.168.10.181   Ready,SchedulingDisabled   master   28h   v1.19.5   192.168.10.181   <none>        Ubuntu 18.04.4 LTS   4.15.0-76-generic   docker://19.3.15
192.168.10.182   Ready                      node     28h   v1.19.5   192.168.10.182   <none>        Ubuntu 18.04.4 LTS   4.15.0-76-generic   docker://19.3.15
192.168.10.183   Ready                      node     28h   v1.19.5   192.168.10.183   <none>        Ubuntu 18.04.4 LTS   4.15.0-76-generic   docker://19.3.15

#查看deployment控制器信息
[17:45:36 root@k8s-master1 ~]#kubectl get deployments.apps -n zhangzhuo -o wide
NAME                               READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS                        IMAGES                                          SELECTOR
zhangzhuo-nginx-deployment         2/2     2            2           3h15m   zhangzhuo-nginx-container         harbor.zhangzhuo.org/zhangzhuo/nginx-web1:v2    app=zhangzhuo-nginx-selector
zhangzhuo-tomcat-app1-deployment   2/2     2            2           10m     zhangzhuo-tomcat-app1-container   harbor.zhangzhuo.org/zhangzhuo/tomcat-app1:v1   app=zhangzhuo-tomcat-app1-selector

#查看某个资源的详细信息
[17:45:39 root@k8s-master1 ~]#kubectl describe service -n zhangzhuo zhangzhuo-tomcat-app1-spec 
[17:46:24 root@k8s-master1 ~]#kubectl describe pod -n zhangzhuo zhangzhuo-nginx-deployment-847fbb58b8-fpwx6
[17:46:48 root@k8s-master1 ~]#kubectl describe deployments.apps -n zhangzhuo zhangzhuo-nginx-deployment 

#利用yaml创建资源
[17:47:10 root@k8s-master1 ~]#kubectl apply -f file.yaml
#删除资源
[17:47:10 root@k8s-master1 ~]#kubectl delete -f file.yaml

#进入容器执行命令
[17:48:39 root@k8s-master1 ~]#kubectl exec -it -n zhangzhuo zhangzhuo-nginx-deployment-847fbb58b8-fpwx6 bash

#查看容器日志
[17:49:30 root@k8s-master1 ~]#kubectl logs -n zhangzhuo zhangzhuo-tomcat-app1-deployment-794d9c6445-xq87z 

#删除pod
[17:49:45 root@k8s-master1 ~]#kubectl delete pods -n zhangzhuo zhangzhuo-tomcat-app1-deployment-794d9c6445-bnfn7 

二、ingress介绍

ingress官方文档:https://kubernetes.io/zh/docs/concepts/services-networking/ingress/

ingress是kubernetes API中的标准资源类型之一,ingress实现的功能是将客户端请求的hostmc或请求的URL路径把请求转发到指定的service资源的规则,即用于将kubernetes集群外的请求资源转发至集群内部的service,在被service转发至pod处理客户端请求。

ingress controller 官方文档:https://kubernetes.io/zh/docs/concepts/services-networking/ingress-controllers/

ingress资源需要指定监听地址,请求的host和URL等配置,然后根据这些规则的匹配机制将客户端的请求进行转发,这种能够为ingress配置资源监听并转发流量的组件称为ingress控制器(ingress controller),ingress controller是keburnetes的一个附件,类似于dashboard或者flannel一样,需要单独部署

2.1 部署ingress controller

nginx-Ingress 控制器是由k8s官方进行维护的其他的ingress是由第三方进行维护

nginx-ingress的git地址:https://github.com/kubernetes/ingress-nginx/

官方部署文档:https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

#下载部署的yaml文件
[11:46:08 root@k8s-master1 ingress-controller]#wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
[11:46:20 root@k8s-master1 ingress-controller]#ls
deploy.yaml
#下载相关的镜像
[11:47:11 root@harbor ~]#docker pull pollyduan/ingress-nginx-controller:v0.46.0
[11:56:19 root@harbor ~]#docker tag pollyduan/ingress-nginx-controller:v0.46.0 harbor.zhangzhuo.org/image/ingress-nginx-controller:v0.46.0
[11:56:48 root@harbor ~]#docker push harbor.zhangzhuo.org/image/ingress-nginx-controller:v0.46.0

[11:53:15 root@harbor ~]#docker pull docker.io/jettech/kube-webhook-certgen:v1.5.1
[11:57:36 root@harbor ~]#docker tag docker.io/jettech/kube-webhook-certgen:v1.5.1 har
[11:57:59 root@harbor ~]#docker push harbor.zhangzhuo.org/image/kube-webhook-certgen:v1.5.1

#修改yaml文件
[12:08:41 root@k8s-master1 ingress-controller]#vim deploy.yaml
  image: harbor.zhangzhuo.org/image/ingress-nginx-controller:v0.46.0
  image: harbor.zhangzhuo.org/image/kube-webhook-certgen:v1.5.1
  image: harbor.zhangzhuo.org/image/kube-webhook-certgen:v1.5.1
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      protocol: TCP 
      targetPort: http
      nodePort: 40080   #添加监听端口
    - name: https
      port: 443 
      protocol: TCP 
      targetPort: https
      nodePort: 40443  #添加监听端口
#启动服务
[12:09:41 root@k8s-master1 ingress-controller]#kubectl apply -f deploy.yaml

#验证,正确状态
[12:09:41 root@k8s-master1 ingress-controller]#kubectl get pod -n ingress-nginx -o wide
NAME                                       READY   STATUS      RESTARTS   AGE     IP               NODE             NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-622ll       0/1     Completed   0          6m17s   10.100.224.157   192.168.10.182   <none>           <none>
ingress-nginx-admission-patch-2jkdt        0/1     Completed   0          6m17s   10.100.224.158   192.168.10.182   <none>           <none>
ingress-nginx-controller-55ccfb46f-rfxjq   1/1     Running     0          6m18s   10.100.224.159   192.168.10.182   <none>           <none>

#监听地址验证
[12:10:14 root@k8s-master1 ingress-controller]#ss -ntl | grep -E "(40080|40443)"
LISTEN   0         20480                0.0.0.0:40443            0.0.0.0:*    
LISTEN   0         20480                0.0.0.0:40080            0.0.0.0:* 

2.2 ingress代理详解

2.2.1 代理单个service

image-20210620135509288

yaml文件配置

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zhangzhuo-web-ingress
  namespace: zhangzhuo
  labels:
    name: zhangzhuo-web-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
#    nginx.ingress.kubernetes.io/rewrite-target: /index.html            #URL重写,当用户访问的页面不存在跳转首页
#    nginx.ingress.kubernetes.io/app-root: /index.html        #当客户端不写URL时,补全
spec:
  rules:   #路由规则
  - host:  #主机名称,也就是匹配域名,如果不写表示默认
    http: 
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: zhangzhuo-nginx-spec
            port: 
              number: 80

#创建
[13:57:20 root@k8s-master1 ingress]#kubectl apply -f zhangzhuo-web-ingress.yaml 
ingress.networking.k8s.io/zhangzhuo-web-ingress configured
#验证
[13:59:10 root@k8s-master1 ingress]#kubectl get ingress -n zhangzhuo 
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME                    CLASS    HOSTS   ADDRESS          PORTS   AGE
zhangzhuo-web-ingress   <none>   *       192.168.10.182   80      74m

#访问测试
[13:59:38 root@k8s-master1 ingress]#curl 192.168.10.181:40080
<h1>zhangzhuo</h1>

2.2.2 根据请求URL将来自同一个IP地址的流量转发到多个service

image-20210620140205430

yaml文件

piVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zhangzhuo-web-ingress
  namespace: zhangzhuo
  labels:
    name: zhangzhuo-web-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
#    nginx.ingress.kubernetes.io/rewrite-target: /index.html            #URL重写,当用户访问的页面不存在跳转首页
#    nginx.ingress.kubernetes.io/app-root: /index.html        #当客户端不写URL时,补全
spec:
  rules:
  - host:
    http: 
      paths:
      - pathType: Prefix
        path: "/zhangzhuo"
        backend:
          service:
            name: zhangzhuo-nginx-spec
            port: 
              number: 80
      - pathType: Prefix
        path: "/app1"
        backend:
          service:
            name: zhangzhuo-tomcat-app1-spec
            port: 
              number: 8080

2.2.3 基于名称的虚拟主机进行转发

image-20210620140927090

yaml文件

....
spec:
  rules:
  - host: nginx.zhangzhuo.org
    http: 
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: zhangzhuo-nginx-spec
            port: 
              number: 80
  - host: tomcat.zhangzhuo.org
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: zhangzhuo-tomcat-app1-spec
            port: 
              number: 8080
  - host:
    http:
      paths:
      - pathType: Prefix
        path: "/" 
        backend:
          service:
            name: zhangzhuo-nginx-spec
            port: 
              number: 80
#如果访问的域名是nginx.zhangzhuo.org转发到zhangzhuo-nginx-spec的service
#如果访问的域名是tomcat.zhangzhuo.org转发到zhangzhuo-tomcat-app1-spec的service
#如果访问的域名未知或直接访问的IP转发到zhangzhuo-nginx-spec的service

2.2.4 path路径说明

Ingress 中的每个路径都需要有对应的路径类型(Path Type)。未明确设置 pathType 的路径无法通过合法性检查。当前支持的路径类型有三种:

  • ImplementationSpecific:对于这种路径类型,匹配方法取决于 IngressClass。 具体实现可以将其作为单独的pathType 处理或者与PrefixExact 类型作相同处理。
  • Exact:精确匹配 URL 路径,且区分大小写。
  • Prefix:基于以/ 分隔的 URL 路径前缀匹配。匹配区分大小写,并且对路径中的元素逐个完成。 路径元素指的是由/ 分隔符分隔的路径中的标签列表。 如果每个p 都是请求路径p 的元素前缀,则请求与路径p 匹配。

示例:

image-20210620142005624

2.4.5 主机名配置

主机名可以是精确匹配(例如“foo.bar.com”)或者使用通配符来匹配 (例如“*.foo.com”)。 精确匹配要求 HTTP host 头部字段与 host 字段值完全匹配。 通配符匹配则要求 HTTP host 头部字段与通配符规则中的后缀部分相同。

示例:

image-20210620142117490

2.3 TLS配置

你可以通过设定包含 TLS 私钥和证书的Secret 来保护 Ingress。 Ingress 只支持单个 TLS 端口 443,并假定 TLS 连接终止于 Ingress 节点 (与 Service 及其 Pod 之间的流量都以明文传输)。 如果 Ingress 中的 TLS 配置部分指定了不同的主机,那么它们将根据通过 SNI TLS 扩展指定的主机名 (如果 Ingress 控制器支持 SNI)在同一端口上进行复用。 TLS Secret 必须包含名为 tls.crttls.key 的键名。 这些数据包含用于 TLS 的证书和私钥。

创建自签名证书文件

#创建CA证书
[14:25:48 root@k8s-master1 ssl]#openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=zhangzhuo.org'
#生成主机证书私钥与申请文件
[14:26:39 root@k8s-master1 ssl]#openssl req -new -newkey rsa:4096 -keyout nginx.key -out nginx.csr -nodes -subj '/CN=nginx.zhangzhuo.org'
#颁发证书
[14:28:38 root@k8s-master1 ssl]#openssl x509 -req -sha256 -days 3650 -in nginx.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out nginx.c

#查看生成的文件
[14:30:34 root@k8s-master1 ssl]#ls -l
total 20
-rw-r--r-- 1 root root 1818 Jun 20 14:26 ca.crt   #CA证书
-rw------- 1 root root 3272 Jun 20 14:26 ca.key   #CA私钥
-rw-r--r-- 1 root root 1679 Jun 20 14:30 nginx.crt  #nginx证书
-rw-r--r-- 1 root root 1598 Jun 20 14:28 nginx.csr  #nginx证书申请文件
-rw------- 1 root root 3272 Jun 20 14:28 nginx.key  #nginx私钥

上传证书文件到k8s集群

#命令上传
[14:49:05 root@k8s-master1 ssl]#kubectl create secret generic  zhangzhuo-nginx-tls --from-file=tls.crt=nginx.crt --from-file=tls.key=nginx.key -n zhangzhuo 
#验证
[14:49:21 root@k8s-master1 ssl]#kubectl get secrets -n zhangzhuo 
NAME                  TYPE                                  DATA   AGE
default-token-pwrnr   kubernetes.io/service-account-token   3      26h
zhangzhuo-nginx-tls   Opaque                                2      20s

2.3.1 ingress使用证书

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zhangzhuo-web-ingress
  namespace: zhangzhuo
  labels:
    name: zhangzhuo-web-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
#    nginx.ingress.kubernetes.io/rewrite-target: /index.html            #URL重写,当用户访问的页面不存在跳转首页
#    nginx.ingress.kubernetes.io/app-root: /index.html        #当客户端不写URL时,补全
spec:
  tls:   #使用tls
  - hosts:  #主机配置
    - nginx.zhangzhuo.org   #主机名
    secretName: zhangzhuo-nginx-tls #s
  - hosts:
    - tomcat.zhangzhuo.org 
    secretName: zhangzhuo-tomcat-tls
  rules:
  - host: nginx.zhangzhuo.org
    http: 
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: zhangzhuo-nginx-spec
            port: 
              number: 80
  - host: tomcat.zhangzhuo.org
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: zhangzhuo-tomcat-app1-spec
            port: 
              number: 8080
  - host:
    http:
      paths:
      - pathType: Prefix
        path: "/" 
        backend:
          service:
            name: zhangzhuo-nginx-spec
            port: 
              number: 80  

标题:k8s运行服务
作者:Carey
地址:HTTPS://zhangzhuo.ltd/articles/2021/06/20/1624189815500.html

生而为人

取消