我的书签
添加书签
移除书签Service 与 Ingress
在 Kubernetes 中,Pod 是有生命周期的,它们可以被创建、销毁和重新调度。Service 和 Ingress 是暴露应用的核心资源。
Service
Service 定义了一组 Pod 的逻辑集合和访问策略。
Service 类型
ClusterIP(默认)
在集群内部暴露服务:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: ClusterIP
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
NodePort
在每个节点上开放端口:
spec:
type: NodePort
selector:
app: my-app
ports:
- port: 80
targetPort: 8080
nodePort: 30080
LoadBalancer
使用云负载均衡器:
spec:
type: LoadBalancer
selector:
app: my-app
ports:
- port: 80
targetPort: 8080
常用命令
# 查看 Service
kubectl get svc
# 查看端点
kubectl get endpoints
# 详情
kubectl describe svc my-service
Ingress
Ingress 管理集群外部到集群内服务的 HTTP/HTTPS 路由。
安装 Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.0/deploy/static/provider/cloud/deploy.yaml
配置示例
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: myapp.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
HTTPS 配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-ingress
spec:
tls:
- hosts:
- secure.example.com
secretName: tls-secret
rules:
- host: secure.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
网络策略(NetworkPolicy)
控制 Pod 间的通信:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-frontend
spec:
podSelector:
matchLabels:
app: backend
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- protocol: TCP
port: 8080
