k8s-业务访问入口的LB如何部署
一、目标1、思考一个问题
怎样提供服务入口给用户?
初步的设想:
上线一个服务后,不用手动更新诸如 SLB 之类的绑定,而是有一个 LB 通过服务发现/k8s API 之类的方式来自动更新服务的状态。
解决方案:
1)使用开源的 ingress controller 来做
2)自己开发一个工具,通过 API 甚至是直接解析 etcdv3 的数据并结合 confd 之类的工具,来生产一个 nginx 或者 haproxy 之类的配置文件
2、原理综述
client -> service -> deployment -> pod
变成:
client -> LB -> service -> deployment -> pod
这个 LB 通过以下方式来处理:
新增一个 ingress controller(后续会提到)
client -> ingress_controller -> ingress -> service -> deployment -> pod
那么问题的关键变成:
选择哪一个 ingress controller 才能满足需求。
可选项如下:
Ingress controller Catalog
This is a non-comprehensive list of existing ingress controllers.
Dummy controller backend
HAProxy Ingress controller
Linkerd
traefik
AWS Application Load Balancer Ingress Controller
kube-ingress-aws-controller
Voyager: HAProxy Ingress Controller
External Nginx Ingress Controller
自己测试过的是:
nginx
traefik
主要考虑:
是否能解决 L4 和 L7 代理的问题?
是否能高效的运维产品?
是否能提供良好的服务体验给研发?
初步印象:
traefik :能解决 L7 代理的问题
nginx :能解决 L7 和 L4 代理的问题
二、测试
1、traefik
(略过,请参考官方文档)
2、nginx
(只说一下如果使用 L4 的服务,其他略过,请参考官方文档)
更新 ConfigMap 来指定 tcp proxy 到后端 service
# cat tcp-services-configmap.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx
data:
"9999": default/s2:80
更新 service port 映射,通过 nodePort 模式暴露请求到外部
# cat service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 31780
- name: https
port: 443
targetPort: 443
nodePort: 31781
protocol: TCP
- name: tcp31770
port: 9999
targetPort: 9999
nodePort: 31770
protocol: TCP
selector:
app: ingress-nginx
测试结果:
1)使用 nginx http 代理
~]$ curl -H "Host: s2.pctest" http://${k8s_node3_wan_ip}:31780
Hostname: s2-59f46b7c5c-9zzvd
---- Http Request Headers ----
GET / HTTP/1.1
Host: s2.pctest
User-Agent: curl/7.29.0
Connection: close
Accept: */*
Connection: close
X-Forwarded-For: 10.233.88.1
X-Forwarded-Host: s2.pctest
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Original-Uri: /
X-Real-Ip: 10.233.88.1
X-Scheme: http
---- Active Endpoint ----
version: 0.9
curl 127.0.0.1/
curl 127.0.0.1/?wait=2s
curl 127.0.0.1/test
curl 127.0.0.1/api
curl 127.0.0.1/health
curl 127.0.0.1/health -d '302'
2)使用 nginx tcp 代理
~]$ (sleep 1; echo "HEAD / HTTP/1.1"; echo "Host: ${k8s_node3_wan_ip}:31770"; echo;echo;sleep 2) | telnet ${k8s_node3_wan_ip} 31770
Trying ${k8s_node3_wan_ip}...
Connected to ${k8s_node3_wan_ip}.
Escape character is '^]'.
HTTP/1.1 200 OK
Connection: close
Date: Thu, 16 Nov 2017 03:59:30 GMT
Content-Length: 356
Content-Type: text/plain; charset=utf-8
Connection closed by foreign host.
~]$
ZYXW、参考
1、Ingress controller Catalog
https://github.com/kubernetes/ingress-nginx/blob/master/docs/catalog.md
2、Kubernetes Ingress Controller
https://docs.traefik.io/user-guide/kubernetes/
3、NGINX Ingress Controller
https://github.com/kubernetes/ingress-nginx
4、kubernetes 指南
https://kubernetes.feisky.xyz/concepts/service.html
https://kubernetes.feisky.xyz/concepts/ingress.html
5、kubernetes src
https://github.com/kubernetes/apiserver/blob/master/pkg/storage/etcd3/store.go
页:
[1]