Skip to content

Latest commit

 

History

History
121 lines (117 loc) · 3.22 KB

模块八作业第二部分说明.md

File metadata and controls

121 lines (117 loc) · 3.22 KB
Raw

题目

模块八作业第二部分 除了将 httpServer 应用优雅的运行在 Kubernetes 之上,我们还应该考虑如何将服务发布给对内和对外的调用方。 来尝试用 Service, Ingress 将你的服务发布给集群外部的调用方吧。 在第一部分的基础上提供更加完备的部署 spec,包括(不限于):

  • Service
  • Ingress

可以考虑的细节

  • 如何确保整个应用的高可用。
  • 如何通过证书保证 httpServer 的通讯安全。

操作步骤

1. 为httpserver定义并创建service,以下为yaml内容:

apiVersion: v1
kind: Service
metadata:
  labels:
    app: httpserver
  name: httpsvc
spec:
  ports:
    - port: 80
      protocol: TCP
      targetPort: 8080
  selector:
    app: httpserver
  type: ClusterIP

查看endpoint:

root@master:~# k get ep httpsvc
NAME      ENDPOINTS             AGE
httpsvc   172.16.166.144:8080   175m

2. 使用helm安装ingress-nginx

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx --create-namespace --namespace ingress

查看运行中的ingress pod:

root@master:~# kubectl get pod -n ingress
NAME                                        READY   STATUS    RESTARTS   AGE
ingress-nginx-controller-6bf7bc7f94-vdhg6   1/1     Running   0          151m

查看ingress的service:

root@master:~# kubectl get svc -n ingress
NAME                                 TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.1.216.178   <pending>     80:31406/TCP,443:31625/TCP   153m
ingress-nginx-controller-admission   ClusterIP      10.1.28.89     <none>        443/TCP                      153m

3. 配置证书

安装cert-manager:https://cert-manager.io/docs/installation/helm/ 签发证书CA的配置:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  generation: 1
  name: letsencrypt-prod
spec:
  acme:
    email: guopeng.xue@foxmail.com
    preferredChain: ""
    privateKeySecretRef:
      name: letsencrypt-prod
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: nginx

查看创建的issuer:

root@master:~# k get issuer
NAME               READY   AGE
letsencrypt-prod   True    99m

4. 定义并创建ingress对象

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/issuer: letsencrypt-prod
  name: httpserver
spec:
  ingressClassName: nginx
  rules:
    - host: httpsvc.51.cafe
      http:
        paths:
          - backend: 
              service: 
                name: httpsvc
                port: 
                  number: 80
            path: /
            pathType: Prefix
  tls:
    - hosts:
        - httpsvc.51.cafe
      secretName: httpsvc

查看创建的ingress:

root@master:~# k get ingress
NAME                        CLASS    HOSTS             ADDRESS   PORTS     AGE
cm-acme-http-solver-gmhpk   <none>   httpsvc.51.cafe             80        74m
httpserver                  nginx    httpsvc.51.cafe             80, 443   75m

访问ingress:

root@master:~# curl https://httpsvc.51.cafe/healthz
working