关于kubernetes服务对外提供访问
一、kubernetes exposed servcie
暴露服务的几种方式:
LoadBalancer
NodePort
Ingress
HostNetwork
HostPort
LoadBalancer只能配置在serveice,需要云运营商提供支持。HostPort应用不是很多,特殊情况下可能会用到。HostNetwork用的时候设置为true。
本文主要介绍NodePort、ingress
1、NodePort
NodePort是暴露在全局的方式,使用了NodePort整个集群的node节点ip都可以访问到这个服务端口,NodePort的端口范围默认是30000~32767,这个可以在启动的时候通过--service-node-port-range指定。
apiVersion: v1
kind: Service
metadata:
name: kafka-
spec:
type: NodePort
selector:
statefulset.kubernetes.io/pod-name: kafka-
ports:
- protocol: TCP
port:
nodePort:
如果只希望流量只走部署了pod的node节点可以使用
apiVersion: v1
kind: Service
metadata:
name: kafka-
spec:
type: NodePort
externalTrafficPolicy: Local
selector:
statefulset.kubernetes.io/pod-name: kafka-
ports:
- protocol: TCP
port:
nodePort:
2、Ingress
ingress需要配合ingress-controller使用,常用的controller有nginx、traefik、kong等
我们使用的是kong-ingress-controller具体的使用过程参考https://www.cnblogs.com/cuishuai/p/10737737.html
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: foo-bar
namespace: istio-system
annotations:
plugins.konghq.com: transform-request-to-dummy,echo-file-log
spec:
rules:
- host: foo.test.evo.com
http:
paths:
- path: /
backend:
serviceName: http-svc
servicePort:
- path: /
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: transform-request-to-dummy
namespace: istio-system
labels:
global: "false"
disable: false
config:
replace:
headers:
- 'host:llll'
add:
headers:
- "x-myheader:my-header-value"
plugin: request-transformer
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: strip-path
namespace: istio-system
route:
strip_path: false
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tekton-dashboard
namespace: tekton-pipelines
annotations:
kubernetes.io/ingress.class: "kong"
spec:
rules:
- host: tekton.test.evo.com
http:
paths:
- path: /
backend:
serviceName: tekton-dashboard
servicePort:
- path: /
手机扫一扫
移动阅读更方便
你可能感兴趣的文章