Take you hand in hand to play K8S – complete release of an externally accessible service

preface

Two articles in a row, but there is no real external access to the service, this article is based on the environment of the first two articles, a complete release of external access to the service. Of course, nginx must be deployed first, so here’s a quick picture.

Let’s go through the questions

As shown, prerequisites:

1. The public IP address of student A is 47.92.133.211
2. The public IP address bound to the load balancer is 47.92.133.212
3. There are two domain namesa.mldong.comandb.mldong.com
4. There are two services A and B in the K8S cluster

Content of this article:

How to configure a.mldong.com to access service A and b.mldong.com to access service A?

Post the current cluster information casually

kubectl get nodes
Copy the code

Review the process for deploying Nginx on K8S

├ ─ ─ / mldong/k8s/nginx ├ ─ ─ mldong - test - ns. Yaml ├ ─ ─ nginx - cm. Yaml ├ ─ ─ nginx - pv. Yaml ├ ─ ─ nginx - PVC, yaml ├ ─ ─ Nginx - deployment. Yaml ├ ─ ─ nginx - service. Yaml └ ─ ─ nginx - ingress. YamlCopy the code

├ ─ ─ / MNT ├ ─ ─ a └ ─ ─ index. The HTML └ ─ ─ b └ ─ ─ index. The HTMLCopy the code

Select the mirror

Because the K8S cluster is not connected to the Internet at present, we need to select the image, re-tag it, and push it to the private warehouse (Intranet warehouse).

1. The small A server pulls the latest Nginx image

   docker pull nginx:latest
   Copy the code

2. Add a new label to the image

   docker tag nginx:latest registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
   Copy the code

3. Logging In to the Image Repository

   docker login [email protected] registry-vpc.cn-zhangjiakou.aliyuncs.com
   Copy the code

   Note: the account and address here should be filled in according to the information of the container mirror warehouse of Ali Cloud.

4. Push the image to the mirror repository

   docker push registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
   Copy the code

Creating a namespace

mldong-test-ns.yaml

cat <<EOF > /mldong/k8s/nginx/mldong-test-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: mldong-test
  
EOF

Copy the code

Create ConfigMap

nginx-cm.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-cm
  namespace: mldong-test
data:
  a.conf: |-
    server {
      listen       80;
      server_name  a.mldong.com;
      location / {
        root   /usr/share/nginx/html/a;
        index  index.html index.htm;
      }
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
        root   /usr/share/nginx/html;
      }
    }
  b.conf: |-
    server {
      listen       80;
      server_name  b.mldong.com;
      location / {
        root   /usr/share/nginx/html/b;
        index  index.html index.htm;
      }
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
        root   /usr/share/nginx/html;
      }
    }
    
EOF

Copy the code

Create the pv

nginx-pv.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nginx-pv
  labels:
    alicloud-pvname: nginx-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  csi:
    driver: nasplugin.csi.alibabacloud.com
    volumeHandle: nginx-pv
    volumeAttributes:
      server: "9fdd94bf87-wfq66.cn-zhangjiakou.nas.aliyuncs.com"
      path: "/"
      vers: "3"
  storageClassName: nas
    
EOF

Copy the code

Create a PVC

nginx-pvc.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-pv.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    pv.kubernetes.io/bind-completed: 'yes'
    pv.kubernetes.io/bound-by-controller: 'yes'
  finalizers:
    - kubernetes.io/pvc-protection
  name: nginx-pvc
  namespace: mldong-test
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  selector:
    matchLabels:
      alicloud-pvname: nginx-pv
  storageClassName: nas
  volumeMode: Filesystem
  volumeName: nginx-pv
    
EOF

Copy the code

Create a pod

nginx-deployment.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: mldong-test
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: registry-vpc.cn-zhangjiakou.aliyuncs.com/mldong/java/nginx:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
              name: port
              protocol: TCP
          volumeMounts:
            - name: nginx-pvc
              mountPath: "/usr/share/nginx/html"
            - name: nginx-cm
              mountPath: "/etc/nginx/conf.d"
      volumes:
        - name: nginx-pvc
          persistentVolumeClaim: 
            claimName: nginx-pvc
        - name: nginx-cm
          configMap:
            name: nginx-cm
  
EOF

Copy the code

Create a Service

nginx-service.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-service.yaml apiVersion: v1 kind: Service metadata: name: nginx-nodeport namespace: Mldong-test spec: type: NodePort ports: -port: 80 targetPort: 80 NodePort: 32180 # app: nginx --- apiVersion: v1 kind: Service metadata: name: nginx namespace: mldong-test spec: type: ClusterIP ports: - port: 80 protocol: TCP targetPort: 80 selector: app: nginx EOFCopy the code

Create the Ingress

nginx-ingress.yaml

cat <<EOF > /mldong/k8s/nginx/nginx-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
  name: nginx-ingress
  namespace: mldong-test
spec:
  rules:
    - host: a.mldong.com
      http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
            path: /
    - host: b.mldong.com
      http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
            path: /
EOF
Copy the code

Executed in sequence

kubectl apply -f mldong-test-ns.yaml
kubectl apply -f nginx-cm.yaml
kubectl apply -f nginx-pv.yaml
kubectl apply -f nginx-pvc.yaml
kubectl apply -f nginx-deployment.yaml
kubectl apply -f nginx-service.yaml
kubectl apply -f nginx-ingress.yaml
Copy the code

The query

Query ConfigMap

kubectl get configmap -n mldong-test
#or
kubectl get cm -n mldong-test
Copy the code

Query pv

kubectl get pv
Copy the code

Query PVC

kubectl get pvc -n mldong-test
Copy the code

Query the pod

kubectl get pods -n mldong-test
Copy the code

Query Service

kubectl get service -n mldong-test
#or
kubectl get svc -n mldong-test
Copy the code

The port is the external access port of the K8S service and can be accessed using the IP address of the working node :port.

kubectl get ingress -n mldong-test
Copy the code

In this case, the ADDRESS is the Intranet IP ADDRESS of load balancing.

Accessing cluster Services

Intranet access

1. To configure hosts

   Echo "172.26.22.124 worker1" >> /etc/hosts echo "172.26.22.125 worker2" >> /etc/hosts echo "172.26.22.126 a.mldong.com" >> /etc/hosts echo "172.26.22.126b.mldong.com" >> /etc/hostsCopy the code

   

2. The curl access

   Access node 1 directly

   curl -H "a.mldong.com" worker1:32180
   curl -H "b.mldong.com" worker1:32180
   Copy the code

   Access node 2 directly

   curl -H "a.mldong.com" worker2:32180
   curl -H "b.mldong.com" worker2:32180
   Copy the code

   Access the load balancer on the Intranet

   curl a.mldong.com
   curl b.mldong.com
   Copy the code

   The result is the contents of/MNT /a/index.html and/MNT /a/index.html

   

The network access

Solution 1: Bind an elastic public IP address to a load balancing instance. (abbreviated)

Solution 2: configure nginx proxy on small A server to a.mldong.com and b.mldong.com, and then do domain name resolution

Note: small A nginx and k8S nginx are not the same nginx, but are deployed on K8s only for demonstration purposes.

Plan 2 is adopted here:

New nginx configuration for small A server

a.mldong.com.conf

cat <<EOF > /etc/nginx/conf.d/a.mldong.com.conf server { listen 80; server_name a.mldong.com; location / { proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://a.mldong.com; Yaml configuration host} error_page 500 502 503 504/50x.html; location = /50x.html { root /usr/share/nginx/html; } } EOFCopy the code

b.mldong.com

cat <<EOF > /etc/nginx/conf.d/a.mldong.com.conf server { listen 80; server_name b.mldong.com; location / { proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://b.mldong.com; Yaml configuration host} error_page 500 502 503 504/50x.html; location = /50x.html { root /usr/share/nginx/html; } } EOFCopy the code

Adding Domain name Resolution

Browser access

The over!

summary

Although this article is still released nginx this simple service, but basically how to release a external service on K8S process went a. The purpose of writing this article is also to step by step, with this basis, the follow-up to release springboot and other services will become simple.

Related articles

Walk you through K8S – cluster creation and Hello World

Take you through K8S-ConfigMap and persistent storage