所谓发布指的是,如何让集群之外的主机能访问服务
Cluster-IP只有集群内部可访问(图中命令显示只能通过80端口访问)
SVC并不是所有协议都能访问
NodePort
为某个服务配置了NodePort,此NodePort会在所有节点上映射
代码语言:javascript复制[root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80 --type=NodePort
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc1 NodePort 10.100.69.97 <none> 80:32217/TCP 3s
代码语言:javascript复制[root@vms61 chap9-svc]# kubectl expose --name=svc1 deployment web1 --port=80 --target-port=80
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl edit svc svc1
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2020-10-07T04:31:13Z"
labels:
aa: bb
name: svc1
namespace: chap9-svc
resourceVersion: "723282"
selfLink: /api/v1/namespaces/chap9-svc/services/svc1
uid: 4d758411-58ce-440d-82a0-595bb0b1d16f
spec:
clusterIP: 10.107.137.53
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app2: web2
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
LoadBalancer
访问https://metallb.universe.tf/installation/
下载下来
Ingress(推荐)
代码语言:javascript复制docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0
代码语言:javascript复制[root@vms61 chap9-svc]# ls
blog.yaml mandatory.yaml web1.yaml
[root@vms61 chap9-svc]# grep image mandatory.yaml
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0
[root@vms61 chap9-svc]# kubectl apply -f mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17 , unavailable in v1.22 ; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17 , unavailable in v1.22 ; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17 , unavailable in v1.22 ; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17 , unavailable in v1.22 ; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created
代码语言:javascript复制[root@vms61 chap9-svc]# kubectl get deploy -n ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-ingress-controller 1/1 1 1 23m
[root@vms61 chap9-svc]# kubectl expose --name=ingress deployment nginx-ingress-controller --port=80 --type=NodePort -n ingress-nginx
service/ingress exposed
代码语言:javascript复制[root@vms61 chap9-svc]# kubectl run pod1 --image=nginx --image-pull-policy=IfNotPresent
pod/pod1 created
[root@vms61 chap9-svc]# kubectl run pod2 --image=nginx --image-pull-policy=IfNotPresent
pod/pod2 created
[root@vms61 chap9-svc]# kubectl run pod3 --image=nginx --image-pull-policy=IfNotPresent
pod/pod3 created
[root@vms61 chap9-svc]# kubectl exec -it pod1 -- bash
root@pod1:/# echo 11111 > /usr/share/nginx/html/index.html
root@pod1:/# exit
exit
[root@vms61 chap9-svc]# kubectl exec -it pod2 -- bash
root@pod2:/# echo 22222 > /usr/share/nginx/html/index.html
root@pod2:/# exit
exit
[root@vms61 chap9-svc]# kubectl exec -it pod3 -- bash
root@pod3:/# mkdir /usr/share/nginx/html/app
root@pod3:/# echo 33333 > /usr/share/nginx/html/index.html
root@pod3:/# echo app > /usr/share/nginx/html/app/index.html
root@pod3:/# exit
exit
代码语言:javascript复制[root@vms61 chap9-svc]# kubectl expose --name=svc1 pod pod1 --port=80
service/svc1 exposed
[root@vms61 chap9-svc]# kubectl expose --name=svc2 pod pod2 --port=80
service/svc2 exposed
[root@vms61 chap9-svc]# kubectl expose --name=svc3 pod pod3 --port=80
service/svc3 exposed
代码语言:javascript复制[root@vms61 chap9-svc]# cat ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: www1.aa.com
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: svc1
servicePort: 80
- host: www2.aa.com
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: svc2
servicePort: 80
[root@vms61 chap9-svc]# kubectl apply -f ingress.yaml
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19 , unavailable in v1.22 ; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/myingress configured
[root@vms61 chap9-svc]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress NodePort 10.102.22.173 <none> 80:31256/TCP 79m
[root@vms61 chap9-svc]# curl www1.aa.com:31256
11111
[root@vms61 chap9-svc]# curl www2.aa.com:31256
22222