本篇文章大致是Kubernetes基础内容的最后一篇文章,后面还有几个实操项目的文章,进阶部分等我有时间再写,没时间就托一阵,不能为了写文章而写文章,而是能将自己的知识进行高效产出,梳理自己知识的同时也能造福大家!!
目录
Traefik详解
参考链接:Traefik Installation Documentation - Traefik
Traefik是一个开源的反向代理和负载均衡器,专门用于处理容器化应用程序的流量管理。Traefik可以自动地为Kubernetes、Docker Swarm、Mesos、Consul等容器编排平台中的每个服务生成动态路由和负载均衡规则,并为每个服务提供HTTPS证书管理。
当我们的K8s集群中部署着多个业务,需要用多个URL访问时,我们需要将他们端口映射出来,但是若端口都是80,之前的nodePort就没有办法了,就需要使用Trafik进行端口映射,再通过负载均衡去将请求转发至Trafik映射出来的端口,再结合Ingress实现不同的URL,相同的端口可以访问到K8s不同的业务。
部署好Traefik后,使用NodePort或者LoadBalancer将Traefik暴露到公共网络上。
当Traefik收到请求时,它会根据请求的Host和Path信息,在本地缓存中查找匹配的Ingress规则,并根据Ingress规则获取对应的Service名称和端口号。然后,根据Service名称和端口号,Traefik会通过Kubernetes的API server获取Service的ClusterIP和端口号,并将请求转发到这个ClusterIP和端口上。注意不能理解成将Pod的ClusterIP暴露到节点上。
我们使用helm安装traefik程序
1、添加traefik的helm源
[root@Master231 add-ons]# helm repo add traefik https://traefik.github.io/charts
"traefik" has been added to your repositories2、更新helm的源
[root@Master231 add-ons]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "traefik" chart repository
Update Complete. ⎈Happy Helming!⎈3、拉取官方的traefik的Chart
[root@Master231 add-ons]# helm pull traefik/traefik
[root@Master231 add-ons]# tar xf traefik-23.1.0.tgz4、拉取镜像到私有harbor仓库,修改Chart的配置文件
[root@Master231 ~]# docker pull traefik:v2.10.1
[root@Master231 ~]# docker tag traefik:v2.10.1 harbor.koten.com/koten-traefik/traefik:v2.10.1
[root@Master231 ~]# docker push harbor.koten.com/koten-traefik/traefik:v2.10.1
[root@Master231 traefik]# cat values.yaml
# Default values for Traefik
image:
registry: docker.io
# repository: traefik
repository: harbor.koten.com/koten-traefik/traefik # 提前拉取镜像放到私有harbor
# defaults to appVersion
......
# LoadBalancer.
nodePort: 32080 # 修改为nodePort
......5、安装服务
[root@Master231 metrics-server]# ls traefik/
Changelog.md crds LICENSE templates
Chart.yaml Guidelines.md README.md values.yaml
[root@Master231 add-ons]# helm install traefik traefik
NAME: traefik
LAST DEPLOYED: Mon Jun 26 16:31:25 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Traefik Proxy v2.10.1 has been deployed successfully on default namespace !
[root@Master231 add-ons]# kubectl get pods
NAME READY STATUS RESTARTS AGE
traefik-796c76b774-7l62x 1/1 Running 0 21s6、开启traefik的端口转发功能,为了安全起见,helm默认没有开启dashboar,因此需要运维手动暴露
[root@Master231 add-ons]# kubectl port-forward `kubectl get pods -l "app.kubernetes.io/name=traefik" -o name` --address=0.0.0.0 9000:9000
Forwarding from 0.0.0.0:9000 -> 90007、浏览器访问traefik的dashboard页面http://10.0.0.231:9000/dashboard/
发现成功部署!
Ingress详解
我理解的Ingress就是将svc的ClusterIP、name与URL进行绑定的规则,再由traefik做负载均衡,实现访问URL能访问到K8s集群的Pod中容器服务的效果。可以通过不同URL的80端口,访问到Pod中的不同服务。
1、自定义端口号
[root@Master231 traefik]# cat templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: koten-traefik
spec:
ports:
- name: web
nodePort: 3080
port: 80
protocol: TCP
targetPort: web
- name: websecure
nodePort: 3443
port: 443
protocol: TCP
targetPort: websecure
selector:
app.kubernetes.io/instance: koten-traefik-default
app.kubernetes.io/name: traefik
type: NodePort
2、暴露服务
[root@Master231 ingresses]# cat 01-deploy-apps/01-deploy-app01.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-nginx-v1
labels:
apps: myweb
spec:
replicas: 3
selector:
matchExpressions:
- key: apps
values:
- "v1"
operator: In
template:
metadata:
labels:
apps: v1
school: koten
spec:
containers:
- name: v1
image: harbor.koten.com/koten-web/nginx:1.24.0-apline
---
apiVersion: v1
kind: Service
metadata:
name: apps-v1
spec:
selector:
apps: v1
ports:
- port: 80
targetPort: 80
[root@Master231 ingresses]# cat 01-deploy-apps/02-deploy-app02.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-nginx-v2
labels:
apps: myweb
spec:
replicas: 3
selector:
matchExpressions:
- key: apps
values:
- "v2"
operator: In
template:
metadata:
labels:
apps: v2
school: koten
spec:
containers:
- name: v2
image: harbor.koten.com/koten-web/nginx:1.25.1-apline
---
apiVersion: v1
kind: Service
metadata:
name: apps-v2
spec:
selector:
apps: v2
ports:
- port: 80
targetPort: 80
3、编写Ingress规则并运行
[root@Master231 ingresses]# cat 02-ing/01-ingress-apps.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: koten-ing-apps-all
annotations:
kubernetes.io/ingress.class: traefik # 指定Ingress 控制器为"traefik"
spec:
# 定义Ingress规则
rules:
# 访问的主机名
- host: apps01.koten.com
# 定义http的相关规则
http:
paths:
- backend:
service:
name: apps-v1
port:
number: 80
path: /
pathType: Prefix
- host: apps02.koten.com
http:
paths:
- backend:
service:
name: apps-v2
port:
number: 80
path: /
pathType: Prefix
[root@Master231 ingresses]# kubectl apply -f 02-ing/01-ingress-apps.yaml
ingress.networking.k8s.io/koten-ing-apps-all created4、查看Ingress的详细信息,可以看到URL与SVC的名字、端口的映射关系
[root@Master231 ingresses]# kubectl describe ingress koten-ing-apps-all
Name: koten-ing-apps-all
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
apps01.koten.com
/ apps-v1:80 (<error: endpoints "apps-v1" not found>)
apps02.koten.com
/ apps-v2:80 (<error: endpoints "apps-v2" not found>)
Annotations: kubernetes.io/ingress.class: traefik
Events: <none>5、测试访问
[root@Master231 ingresses]# curl -H "host: apps01.koten.com" -sI 10.0.0.232:3080 | grep nginx
nginx:1.24.0
[root@harbor250 ~]#
[root@Master231 ingresses]# curl -H "host: apps02.koten.com" -sI 10.0.0.232:3080 | grep nginx
nginx:1.25.16、使用负载均衡器暴露服务基于https协议下
traefik和nginx一样是可以实现的,但是如果不和用户交互的话也可以不使用https协议,不再展示这部分了。
StatefulSet资源详解
以Nginx的为例,当任意一个Nginx挂掉,其处理的逻辑是相同的,即仅需重新创建一个Pod副本即可,这类服务我们称之为无状态服务。
以MySQL主从同步为例,master,slave两个库任意一个库挂掉,其处理逻辑是不相同的,这类服务我们称之为有状态服务。
有状态服务面临的难题
1、启动/停止顺序;
2、pod实例的数据是独立存储;
3、需要固定的IP地址或者主机名。一、StatefulSet应用场景
StatefulSet一般用于有状态服务,StatefulSets对于需要满足以下一个或多个需求的应用程序很有价值。
1、稳定唯一的网络标识符。
2、稳定独立持久的存储。
3、有序优雅的部署和缩放。
4、有序自动的滚动更新。
稳定的网络标识:
其本质对应的是一个service资源,只不过这个service没有定义VIP,我们称之为headless service,即"无头服务"。
通过"headless service"来维护Pod的网络身份,会为每个Pod分配一个数字编号并且按照编号顺序部署。
综上所述,无头服务("headless service")要求满足以下两点:
1、将svc资源的clusterIP字段设置None,即"clusterIP: None";
2、将sts资源的serviceName字段声明为无头服务的名称;
独享存储:
Statefulset的存储卷使用VolumeClaimTemplate创建,称为"存储卷申请模板"。
当sts资源使用VolumeClaimTemplate创建一个PVC时,同样也会为每个Pod分配并创建唯一的pvc编号,每个pvc绑定对应pv,从而保证每个Pod都有独立的存储。二、StatefulSet使用示例
编写StatefulSet的资源清单
[root@Master231 statefulsets]# cat 01-sts-network-volumes.yaml
apiVersion: v1
kind: Service
metadata:
name: sts-svc
spec:
clusterIP: None
type: ClusterIP
selector:
apps: v1
ports:
- port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: koten-sts-all
spec:
replicas: 3
# 指定无头服务(headless Service)
serviceName: sts-svc
selector:
matchExpressions:
- key: apps
values:
- "v1"
operator: In
# 定义卷申请模板
volumeClaimTemplates:
- spec:
storageClassName: managed-nfs-storage
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2M
metadata:
name: data
template:
metadata:
labels:
apps: v1
school: koten
spec:
containers:
- name: v1
image: harbor.koten.com/koten-nginx/nginx:1.24.0-apline
volumeMounts:
- name: data
mountPath: /usr/share/nginx/html此时创建3个Pod资源,发现是按照顺序创建,测试互相可以ping通
[root@Master231 statefulsets]# kubectl get po
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-678c4df555-sbhxc 1/1 Running 0 141m
koten-sts-0 1/1 Running 0 5s
koten-sts-1 1/1 Running 0 4s
koten-sts-2 1/1 Running 0 3s
koten-traefik-6ff4fd6dd4-rfsxd 1/1 Running 0 65m
[root@Master231 statefulsets]#
[root@Master231 statefulsets]#
[root@Master231 statefulsets]# kubectl exec -it koten-sts-0 -- sh
/ # for i in `seq 0 2`;do ping koten-sts-${i}.sts-svc.default.svc.koten.com -c 3;done
/ #
/ # ping koten-sts-1.sts-svc.default.svc.koten.com -c 3
PING koten-sts-1.sts-svc.default.svc.koten.com (10.100.1.223): 56 data bytes
64 bytes from 10.100.1.223: seq=0 ttl=62 time=0.448 ms
64 bytes from 10.100.1.223: seq=1 ttl=62 time=0.541 ms
64 bytes from 10.100.1.223: seq=2 ttl=62 time=0.386 ms
--- koten-sts-1.sts-svc.default.svc.koten.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.386/0.458/0.541 ms
/ #
/ #
/ # ping koten-sts-2.sts-svc.default.svc.koten.com -c 3
PING koten-sts-2.sts-svc.default.svc.koten.com (10.100.1.224): 56 data bytes
64 bytes from 10.100.1.224: seq=0 ttl=62 time=0.474 ms
64 bytes from 10.100.1.224: seq=1 ttl=62 time=0.591 ms
64 bytes from 10.100.1.224: seq=2 ttl=62 time=0.536 ms
--- koten-sts-2.sts-svc.default.svc.koten.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.474/0.533/0.591 ms
/ #
/ #
/ # 再次ping下svc的名字,发现IP变了,但是不影响ping,固定IP问题解决。
尝试在一个里面加入数据,不影响其他的Pod的数据,单独存储问题解决。
删除Pod发现都自动拉起且数据没有丢,因为我们做了存储卷。
我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
