operator-ingress使用

1、ingress简介

Ingress其实就是从 kuberenets 集群外部访问集群的一个入口，将外部的请求转发到集群内不同的 Service 上，其实就相当于 nginx、haproxy 等负载均衡代理服务器，有的同学可能觉得我们直接使用 nginx 就实现了，但是只使用 nginx 这种方式有很大缺陷，每次有新服务加入的时候怎么改 Nginx 配置？不可能让我们去手动更改或者滚动更新前端的 Nginx Pod 吧？那我们再加上一个服务发现的工具比如 consul 如何？貌似是可以，对吧？而且在之前单独使用 docker 的时候，这种方式已经使用得很普遍了，Ingress 实际上就是这样实现的，只是服务发现的功能自己实现了，不需要使用第三方的服务了，然后再加上一个域名规则定义，路由信息的刷新需要一个靠 Ingress controller 来提供。

Ingress controller 可以理解为一个监听器，通过不断地与 kube-apiserver 打交道，实时的感知后端 service、pod 的变化，当得到这些变化信息后，Ingress controller 再结合 Ingress 的配置，更新反向代理负载均衡器，达到服务发现的作用。其实这点和服务发现工具 consul consul-template 非常类似。

2、ingress架构图

3、ingress部署

3.1 rbac进行认证，traefik-rbac.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system

3.2 部署ingress的Deployment

编辑：traefik-deployment.yaml，直接使用官方的

---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      tolerations:
      - operator: "Exists"
      nodeSelector:
        kubernetes.io/hostname: hf-aipaas-172-31-243-137
      containers:
      - image: traefik:v1.7.17
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: NodePort

3.3 部署自己的服务

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 namespace: monitoring
 name: prometheus-ingress
spec:
 rules:
 - host: prometheus.minikube.local.com
   http:
     paths:
     - backend:
         serviceName: prometheus-k8s
         servicePort: 9090
 - host: alertmanager.minikube.local.com
   http:
     paths:
     - backend:
         serviceName: alertmanager-k8s
         servicePort: 9095

3.4 绑定hosts

打开本地hosts文件，加入后

172.16.59.204 prometheus.minikube.local.com
172.16.59.204 alertmanager.minikube.local.com

3.5打开浏览器prometheus.minikube.local.com测试

4、ingress自带的ui界面

[root@hf-aipaas-172-31-243-137 ingress]# kubectl get svc -n kube-system 
NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                       AGE
kube-dns                  ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP                 50d
kubelet                   ClusterIP   None            <none>        10250/TCP                     49d
traefik-ingress-service   NodePort    10.99.220.222   <none>        80:31631/TCP,8080:32189/TCP   11h