当前位置: 首页 > news >正文

网站建设工程师 html5松原网站建设公司

网站建设工程师 html5,松原网站建设公司,台山市网站建设,科技词语文章目录 一、Ingress Controller理论知识1、Ingress Controller、Ingress简介2、四层代理与七层代理的区别3、Ingress Controller中封装Nginx#xff0c;为什么不直接用Nginx呢#xff1f;4、Ingress Controller代理K8S内部Pod流程 二、实践#xff1a;部署Ingress Control… 文章目录 一、Ingress Controller理论知识1、Ingress Controller、Ingress简介2、四层代理与七层代理的区别3、Ingress Controller中封装Nginx为什么不直接用Nginx呢4、Ingress Controller代理K8S内部Pod流程 二、实践部署Ingress Controller高可用架构1、部署Ingress Controller2、在Node节点上安装并配置Nginx、keepalived3、测试主备切换 三、实践创建Ingress规则进行七层转发1、基于HTTP七层代理转发后端Pod2、基于HTTPS七层代理转发后端 一、Ingress Controller理论知识 Ingress官方中文参考文档 1、Ingress Controller、Ingress简介 Ingress Controller是一个七层负载调度器常见的七层负载均衡器有nginx、traefik以我们熟悉的nginx为例客户端的请求首先会到Ingress Controller七层负载调度器由七层负载调度器将请求代理到后端的Pod。 以Nginx举例客户端请求首先会到Nginx中由Nginx中的upstream模块将请求代理到后端的服务上但是K8s场景下后端Pod的IP地址不是固定的因此在Pod前面需要添加一个service资源请求到达Service由Service代理到后端的Pod。 Ingress是K8S中的资源简单理解就是Ingress Controller的配置文件创建ingress规则在管理Ingress Controller。 2、四层代理与七层代理的区别 四层代理 工作在传输层可以解析传输层协议TCP、UDP等。四层代理 基于传IP端口方式进行转发。 七层代理 工作在应有层可以解析应用层协议如HTTP、FTP等。七层负载工作在四层的基础之上基于虚拟主机的URL或主机的IP进行转发。 总体而言四层代理更关注于网络层面的流量控制和安全主要基于传输层的信息进行处理而七层代理更加智能能够理解和处理应用层协议的内容提供更加精细的控制和调度。选择使用哪种类型的代理取决于具体需求和使用场景。 OSI七层模型 722190254323.png)] 3、Ingress Controller中封装Nginx为什么不直接用Nginx呢 在宿主机安装Nginx只要配置文件有改动就必须手动reload加载才可以生效但是如果使用Ingress Controller封装的Nginx你ingress维护配置ingress创建好了之后会自动把配置文件传到Ingress Controller这个Pod中自动进行reload加载。 4、Ingress Controller代理K8S内部Pod流程 第一步部署Ingress Controller 第二步创建Pod可以使用控制器进行创建 第三步创建Service管理Pod 第四步创建Ingress http或https规则 第五步测试客户端通过七层访问 二、实践部署Ingress Controller高可用架构 高可用架构请求转发图 ingress-nginx GitHub地址 ingress-nginx YAML GitHub地址 1、部署Ingress Controller 1、编写YAML文件基于官方下载根基自己需求进行对应修改。 cat ingress-controller-nginx.yaml --- apiVersion: v1 kind: Namespace metadata:name: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginx--- # Source: ingress-nginx/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginxnamespace: ingress-nginx automountServiceAccountToken: true --- # Source: ingress-nginx/templates/controller-configmap.yaml apiVersion: v1 kind: ConfigMap metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginx-controllernamespace: ingress-nginx data:allow-snippet-annotations: true --- # Source: ingress-nginx/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmname: ingress-nginx rules:- apiGroups:- resources:- configmaps- endpoints- nodes- pods- secrets- namespacesverbs:- list- watch- apiGroups:- resources:- nodesverbs:- get- apiGroups:- resources:- servicesverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- ingressesverbs:- get- list- watch- apiGroups:- resources:- eventsverbs:- create- patch- apiGroups:- networking.k8s.ioresources:- ingresses/statusverbs:- update- apiGroups:- networking.k8s.ioresources:- ingressclassesverbs:- get- list- watch --- # Source: ingress-nginx/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmname: ingress-nginx roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ingress-nginx subjects:- kind: ServiceAccountname: ingress-nginxnamespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginxnamespace: ingress-nginx rules:- apiGroups:- resources:- namespacesverbs:- get- apiGroups:- resources:- configmaps- pods- secrets- endpointsverbs:- get- list- watch- apiGroups:- resources:- servicesverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- ingressesverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- ingresses/statusverbs:- update- apiGroups:- networking.k8s.ioresources:- ingressclassesverbs:- get- list- watch- apiGroups:- resources:- configmapsresourceNames:- ingress-controller-leaderverbs:- get- update- apiGroups:- resources:- configmapsverbs:- create- apiGroups:- resources:- eventsverbs:- create- patch --- # Source: ingress-nginx/templates/controller-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginxnamespace: ingress-nginx roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: ingress-nginx subjects:- kind: ServiceAccountname: ingress-nginxnamespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-service-webhook.yaml apiVersion: v1 kind: Service metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginx-controller-admissionnamespace: ingress-nginx spec:type: ClusterIPports:- name: https-webhookport: 443targetPort: webhookappProtocol: httpsselector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-service.yaml apiVersion: v1 kind: Service metadata:annotations:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginx-controllernamespace: ingress-nginx spec:type: NodePortipFamilyPolicy: SingleStackipFamilies:- IPv4ports:- name: httpport: 80protocol: TCPtargetPort: httpappProtocol: http- name: httpsport: 443protocol: TCPtargetPort: httpsappProtocol: httpsselector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: ingress-nginx-controllernamespace: ingress-nginx spec:replicas: 2selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/component: controllerrevisionHistoryLimit: 10minReadySeconds: 0template:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/component: controllerspec:hostNetwork: trueaffinity:podAntiAffinity:preferredDuringSchedulingIgnoredDuringExecution:- weight: 100podAffinityTerm:labelSelector:matchLabels:app.kubernetes.io/name: ingress-nginxtopologyKey: kubernetes.io/hostnamednsPolicy: ClusterFirstWithHostNetcontainers:- name: controllerimage: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.0imagePullPolicy: IfNotPresentlifecycle:preStop:exec:command:- /wait-shutdownargs:- /nginx-ingress-controller- --election-idingress-controller-leader- --controller-classk8s.io/ingress-nginx- --configmap$(POD_NAMESPACE)/ingress-nginx-controller- --validating-webhook:8443- --validating-webhook-certificate/usr/local/certificates/cert- --validating-webhook-key/usr/local/certificates/keysecurityContext:capabilities:drop:- ALLadd:- NET_BIND_SERVICErunAsUser: 101allowPrivilegeEscalation: trueenv:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: LD_PRELOADvalue: /usr/local/lib/libmimalloc.solivenessProbe:failureThreshold: 5httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 1readinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10successThreshold: 1timeoutSeconds: 1ports:- name: httpcontainerPort: 80protocol: TCP- name: httpscontainerPort: 443protocol: TCP- name: webhookcontainerPort: 8443protocol: TCPvolumeMounts:- name: webhook-certmountPath: /usr/local/certificates/readOnly: trueresources:requests:cpu: 100mmemory: 90MinodeSelector:kubernetes.io/os: linuxserviceAccountName: ingress-nginxterminationGracePeriodSeconds: 300volumes:- name: webhook-certsecret:secretName: ingress-nginx-admission --- # Source: ingress-nginx/templates/controller-ingressclass.yaml # We dont support namespaced ingressClass yet # So a ClusterRole and a ClusterRoleBinding is required apiVersion: networking.k8s.io/v1 kind: IngressClass metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: controllername: nginxnamespace: ingress-nginx spec:controller: k8s.io/ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml # before changing this value, check the required kubernetes version # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata:labels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhookname: ingress-nginx-admission webhooks:- name: validate.nginx.ingress.kubernetes.iomatchPolicy: Equivalentrules:- apiGroups:- networking.k8s.ioapiVersions:- v1operations:- CREATE- UPDATEresources:- ingressesfailurePolicy: FailsideEffects: NoneadmissionReviewVersions:- v1clientConfig:service:namespace: ingress-nginxname: ingress-nginx-controller-admissionpath: /networking/v1/ingresses --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata:name: ingress-nginx-admissionnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:name: ingress-nginx-admissionannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook rules:- apiGroups:- admissionregistration.k8s.ioresources:- validatingwebhookconfigurationsverbs:- get- update --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: ingress-nginx-admissionannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ingress-nginx-admission subjects:- kind: ServiceAccountname: ingress-nginx-admissionnamespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:name: ingress-nginx-admissionnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook rules:- apiGroups:- resources:- secretsverbs:- get- create --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:name: ingress-nginx-admissionnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: ingress-nginx-admission subjects:- kind: ServiceAccountname: ingress-nginx-admissionnamespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml apiVersion: batch/v1 kind: Job metadata:name: ingress-nginx-admission-createnamespace: ingress-nginxannotations:helm.sh/hook: pre-install,pre-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook spec:template:metadata:name: ingress-nginx-admission-createlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhookspec:containers:- name: createimage: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1imagePullPolicy: IfNotPresentargs:- create- --hostingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc- --namespace$(POD_NAMESPACE)- --secret-nameingress-nginx-admissionenv:- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacesecurityContext:allowPrivilegeEscalation: falserestartPolicy: OnFailureserviceAccountName: ingress-nginx-admissionnodeSelector:kubernetes.io/os: linuxsecurityContext:runAsNonRoot: truerunAsUser: 2000 --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml apiVersion: batch/v1 kind: Job metadata:name: ingress-nginx-admission-patchnamespace: ingress-nginxannotations:helm.sh/hook: post-install,post-upgradehelm.sh/hook-delete-policy: before-hook-creation,hook-succeededlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhook spec:template:metadata:name: ingress-nginx-admission-patchlabels:helm.sh/chart: ingress-nginx-4.0.10app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/instance: ingress-nginxapp.kubernetes.io/version: 1.1.0app.kubernetes.io/managed-by: Helmapp.kubernetes.io/component: admission-webhookspec:containers:- name: patchimage: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1imagePullPolicy: IfNotPresentargs:- patch- --webhook-nameingress-nginx-admission- --namespace$(POD_NAMESPACE)- --patch-mutatingfalse- --secret-nameingress-nginx-admission- --patch-failure-policyFailenv:- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacesecurityContext:allowPrivilegeEscalation: falserestartPolicy: OnFailureserviceAccountName: ingress-nginx-admissionnodeSelector:kubernetes.io/os: linuxsecurityContext:runAsNonRoot: truerunAsUser: 20002、执行YAML文件 kubectl apply -f ingress-controller-nginx.yaml如果执行YAML文件有报错如下 报错内容Error from server (InternalError): error when creating “ingress.yaml“: Internal error occurred: fail 报错解决方法 kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission3、查看创建的Pod资源状态是否已运行 kubectl get pod -n ingress-nginx2、在Node节点上安装并配置Nginx、keepalived 1、上面部署ingress controller分配在不同的两台Node节点(两台Node节点同步操作) yum install epel-release nginx keepalived nginx-mod-stream nc -y2、修改 nginx.conf 配置文件(两台Node节点同步操作) mv /etc/nginx/nginx.conf{,.$(date %F)} vim /etc/nginx/nginx.confuser nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid;include /usr/share/nginx/modules/*.conf;events {worker_connections 1024; }# 四层负载 stream {log_format main $remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent;access_log /var/log/nginx/k8s-access.log main;# 定义后端负载节点upstream k8s-ingress-controller {server 16.32.15.201:80 weight5 max_fails3 fail_timeout30s;server 16.32.15.202:80 weight5 max_fails3 fail_timeout30s;}# 访问30080代理到后端节点server {listen 30080; proxy_pass k8s-ingress-controller;} }http {log_format main $remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for;access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;include /etc/nginx/mime.types;default_type application/octet-stream;}检查配置 启动并加入开机自启动 nginx -t systemctl enable nginx --now systemctl status nginx3、修改Keepalived Master节点配置文件(Keepalived Master操作我这里将16.32.15.201定义为主) mv /etc/keepalived/keepalived.conf{,.$(date %F)} vim /etc/keepalived/keepalived.conf vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh }vrrp_instance VI_1 { state MASTER interface ens33 # 网卡名称virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } # 虚拟IPvirtual_ipaddress { 16.32.15.100/24} track_script {check_nginx} }添加判断Nginx是否运行脚本 vim /etc/keepalived/check_nginx.sh #!/bin/bash nc -z localhost 30080 if [[ $? -ne 0 ]];thensystemctl stop keepalived.service fichmod x /etc/keepalived/check_nginx.sh启动主节点keepalived systemctl enable keepalived --now4、修改Keepalived Backup节点配置文件(Keepalived Master操作我这里将16.32.15.202定义为备) mv /etc/keepalived/keepalived.conf{,.$(date %F)} vim /etc/keepalived/keepalived.conf vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh }vrrp_instance VI_1 { state BACKUP interface ens33 # 网卡名称virtual_router_id 51 priority 90advert_int 1 authentication { auth_type PASS auth_pass 1111 } # 虚拟IPvirtual_ipaddress { 16.32.15.100/24} track_script {check_nginx} }添加判断Nginx是否运行脚本 vim /etc/keepalived/check_nginx.sh #!/bin/bash nc -z localhost 30080 if [[ $? -ne 0 ]];thensystemctl stop keepalived.service fichmod x /etc/keepalived/check_nginx.sh启动备节点keepalived systemctl enable keepalived --now3、测试主备切换 1、在主机停止nginx服务 systemctl stop nginx2、在备机查看VIP是否漂移过去 ip a|grep 100如果漂移过去表示无问题如下图 3、在主机启动VIP会自动表漂移到主机 systemctl start nginx keepalived ip a|grep 100三、实践创建Ingress规则进行七层转发 Ingress规则官方参考文档 1、基于HTTP七层代理转发后端Pod 1、创建后端Pod、Server资源 cat ingress-demo.yaml --- apiVersion: v1 kind: Service metadata:name: ingress-tomcat-servicenamespace: default spec:selector:app: tomcatports:- name: httptargetPort: 8080port: 8080- name: ajptargetPort: 8009port: 8009 --- apiVersion: apps/v1 kind: Deployment metadata:name: ingress-tomcat-deploymentnamespace: default spec:replicas: 2selector:matchLabels:app: tomcattemplate:metadata:labels:app: tomcatspec:containers:- name: tomcatimage: tomcat:8.5.34-jre8-alpine imagePullPolicy: IfNotPresent ports:- name: httpcontainerPort: 8080name: ajpcontainerPort: 8009执行YAML文件 kubectl apply -f ingress-demo.yaml查看创建的Pod、Service kubectl get pods,svc2、创建Ingress转发规则 cat ingress-tomcat.yamlapiVersion: networking.k8s.io/v1 kind: Ingress metadata:name: ingress-tomcatnamespace: default spec: ingressClassName: nginx # 指定ingress类名称,这里是Nginxrules:- host: tomcat.ingress.com # 客户端访问的域名http:paths:- backend:service:name: ingress-tomcat-service # 转发到SVC名称port:number: 8080 # 转发到SVC端口path: / # 转发到/pathType: Prefix执行YAML kubectl apply -f ingress-tomcat.yaml3、添加域名解析 打开 C:\Windows\System32\drivers\etc\hosts 文件添加解析如下图 浏览器访问tomcat.ingress.com:30080进行测试 2、基于HTTPS七层代理转发后端 基于上面 HTTP七层代理转发的 Pod、Service做实验不在创建新的资源。 1、创建证书 生成一个私钥 openssl genrsa -out tls.key 2048基于私钥生成根证书并签发qinzt.ingress.com 域名 openssl req -new -x509 -key tls.key -out tls.crt -subj /CCN/STBeijing/LBeijing/ODevOps/CNqinzt.ingress.com2、创建secret对证书进行加密 kubectl create secret tls ingress-tomcat-secret --certtls.crt --keytls.key查看secret kubectl describe secret ingress-tomcat-secret3、创建ingress规则 cat ingress-tomcat-tls.yamlapiVersion: networking.k8s.io/v1 kind: Ingress metadata:name: ingress-tomcat-tlsnamespace: default spec:ingressClassName: nginxtls:- hosts:- qinzt.ingress.comsecretName: ingress-tomcat-secret # secret名称rules:- host: qinzt.ingress.comhttp:paths:- path: /pathType: Prefixbackend:service:name: tomcatport:number: 8080执行YAML文件 kubectl apply -f ingress-tomcat-tls.yaml4、添加域名解析 打开 C:\Windows\System32\drivers\etc\hosts 文件添加解析如下图 5、浏览器访问域名测试 由于证书是自签名所有浏览器会提示不安全点击确认继续访问即可
文章转载自:
http://www.morning.hpcpp.cn.gov.cn.hpcpp.cn
http://www.morning.hprmg.cn.gov.cn.hprmg.cn
http://www.morning.fnfxp.cn.gov.cn.fnfxp.cn
http://www.morning.xbrxk.cn.gov.cn.xbrxk.cn
http://www.morning.bzfld.cn.gov.cn.bzfld.cn
http://www.morning.bhgnj.cn.gov.cn.bhgnj.cn
http://www.morning.rhmpk.cn.gov.cn.rhmpk.cn
http://www.morning.qrnbs.cn.gov.cn.qrnbs.cn
http://www.morning.kmlmf.cn.gov.cn.kmlmf.cn
http://www.morning.znmwb.cn.gov.cn.znmwb.cn
http://www.morning.cwgn.cn.gov.cn.cwgn.cn
http://www.morning.qnxtz.cn.gov.cn.qnxtz.cn
http://www.morning.dtrcl.cn.gov.cn.dtrcl.cn
http://www.morning.lywys.cn.gov.cn.lywys.cn
http://www.morning.ldzss.cn.gov.cn.ldzss.cn
http://www.morning.pdwny.cn.gov.cn.pdwny.cn
http://www.morning.gcftl.cn.gov.cn.gcftl.cn
http://www.morning.hsklc.cn.gov.cn.hsklc.cn
http://www.morning.pggkr.cn.gov.cn.pggkr.cn
http://www.morning.bpmdh.cn.gov.cn.bpmdh.cn
http://www.morning.bdsyu.cn.gov.cn.bdsyu.cn
http://www.morning.xnnpy.cn.gov.cn.xnnpy.cn
http://www.morning.ymwcs.cn.gov.cn.ymwcs.cn
http://www.morning.zlkps.cn.gov.cn.zlkps.cn
http://www.morning.cpmwg.cn.gov.cn.cpmwg.cn
http://www.morning.zrgdd.cn.gov.cn.zrgdd.cn
http://www.morning.lkwyr.cn.gov.cn.lkwyr.cn
http://www.morning.rmqlf.cn.gov.cn.rmqlf.cn
http://www.morning.xkhxl.cn.gov.cn.xkhxl.cn
http://www.morning.wwjft.cn.gov.cn.wwjft.cn
http://www.morning.tnfyj.cn.gov.cn.tnfyj.cn
http://www.morning.ahlart.com.gov.cn.ahlart.com
http://www.morning.shxrn.cn.gov.cn.shxrn.cn
http://www.morning.tnjz.cn.gov.cn.tnjz.cn
http://www.morning.qswws.cn.gov.cn.qswws.cn
http://www.morning.gtcym.cn.gov.cn.gtcym.cn
http://www.morning.rnlx.cn.gov.cn.rnlx.cn
http://www.morning.qbzfp.cn.gov.cn.qbzfp.cn
http://www.morning.byjwl.cn.gov.cn.byjwl.cn
http://www.morning.ywqw.cn.gov.cn.ywqw.cn
http://www.morning.mnrqq.cn.gov.cn.mnrqq.cn
http://www.morning.cqyhdy.cn.gov.cn.cqyhdy.cn
http://www.morning.wfwqr.cn.gov.cn.wfwqr.cn
http://www.morning.nqnqz.cn.gov.cn.nqnqz.cn
http://www.morning.wdpt.cn.gov.cn.wdpt.cn
http://www.morning.rqdx.cn.gov.cn.rqdx.cn
http://www.morning.rsjf.cn.gov.cn.rsjf.cn
http://www.morning.dphmj.cn.gov.cn.dphmj.cn
http://www.morning.mbrbk.cn.gov.cn.mbrbk.cn
http://www.morning.tlfzp.cn.gov.cn.tlfzp.cn
http://www.morning.jgmlb.cn.gov.cn.jgmlb.cn
http://www.morning.npmcf.cn.gov.cn.npmcf.cn
http://www.morning.mkxxk.cn.gov.cn.mkxxk.cn
http://www.morning.nytgk.cn.gov.cn.nytgk.cn
http://www.morning.xqtqm.cn.gov.cn.xqtqm.cn
http://www.morning.fsjcn.cn.gov.cn.fsjcn.cn
http://www.morning.ldynr.cn.gov.cn.ldynr.cn
http://www.morning.leyuhh.com.gov.cn.leyuhh.com
http://www.morning.fkffr.cn.gov.cn.fkffr.cn
http://www.morning.sskns.cn.gov.cn.sskns.cn
http://www.morning.zgnng.cn.gov.cn.zgnng.cn
http://www.morning.prmyx.cn.gov.cn.prmyx.cn
http://www.morning.tsnq.cn.gov.cn.tsnq.cn
http://www.morning.whnps.cn.gov.cn.whnps.cn
http://www.morning.zkqwk.cn.gov.cn.zkqwk.cn
http://www.morning.scrnt.cn.gov.cn.scrnt.cn
http://www.morning.qzpsk.cn.gov.cn.qzpsk.cn
http://www.morning.wtbzt.cn.gov.cn.wtbzt.cn
http://www.morning.qsbcg.cn.gov.cn.qsbcg.cn
http://www.morning.ypwlb.cn.gov.cn.ypwlb.cn
http://www.morning.rysmn.cn.gov.cn.rysmn.cn
http://www.morning.cptzd.cn.gov.cn.cptzd.cn
http://www.morning.kpcxj.cn.gov.cn.kpcxj.cn
http://www.morning.ftgwj.cn.gov.cn.ftgwj.cn
http://www.morning.ywrt.cn.gov.cn.ywrt.cn
http://www.morning.qxlhj.cn.gov.cn.qxlhj.cn
http://www.morning.gkgb.cn.gov.cn.gkgb.cn
http://www.morning.gqfbh.cn.gov.cn.gqfbh.cn
http://www.morning.pabxcp.com.gov.cn.pabxcp.com
http://www.morning.tlpgp.cn.gov.cn.tlpgp.cn
http://www.tj-hxxt.cn/news/238574.html

相关文章:

  • 蜜淘app在那个网站做的大连哪家网站建设好
  • 网站目标人群企业建站一条龙
  • 1m带宽网站支持多少人同时在线东纺服装人才网
  • 做网站的那个语言好小米应用商店
  • 百度没有收录网站网站平台建设费计入什么科目
  • 网站开发市场人员的招聘合川建网站
  • 东莞网站建设seowordpress整合discuz用户
  • 建设企业网站e路护航官网下载西安有哪些互联网公司
  • 天津市南开区网站开发有限公司美食网站需求分析
  • 技术支持凯里网站建设行业网站建设收费明细
  • 微商城网站建设流程方案网页制作基础教程visual studio code
  • 资海网络一年做多少网站自己做网站 需要哪些东西
  • 手机网站开发公司哪家最专业沪深互动平台
  • 免费模板样机素材网站wordpress 缓慢
  • 和文化有关的吉网站建设模板建设银行投诉处理网站
  • 莱州网站建设案例网站建设四步骤
  • 阿里云买啦域名怎么建设网站常用的行业管理系统
  • 淮南公司网站建设多少费用天迈装饰网站建设项目
  • 网站上线步骤 icp备案帮人家做网站维护
  • 专业的网站建设大连自助建站软件
  • 企业对企业的网站wordpress 企业网站制作
  • wordpress网站如何添加栏目私人制定网站
  • 快速建网站永和建设集团有限公司网站
  • 东莞地产公司网站建设网站开发前端课程
  • php做的卖水果网站网站群管理建设工作
  • 网站空间免备案哈尔滨网站建设的公司
  • 做网站图片素材在线编辑wordpress收录怎么样
  • 集团高端网站做外贸在哪个网站
  • 网站建设内容和功能的介绍网站制作 佛山
  • 重庆网站建设网络推广兴宁网站建设设计