Kubernetes:如何公开多个微服务?
[英]Kubernetes: how to expose multiple microservices?
问题描述
i have a handful of dockerized microservices, each is listening for http requests on a certain port, and i have these deployments formalized as kubernetes yaml files
我有一些 dockerized 微服务,每个微服务都在某个端口上侦听 http 请求,并且我将这些部署形式化为 kubernetes yaml 文件
however, i can't figure out a working strategy to expose my deployments on the interwebs (in terms of kubernetes services)但是,我无法找出在互联网上公开我的部署的工作策略(就 kubernetes 服务而言)
each deployment has multiple replicas, and so i assume each deployment should have a matching load balancer service to expose it to the outside每个部署都有多个副本,所以我假设每个部署都应该有一个匹配的负载均衡器服务来将它暴露给外部
now i can't figure out a strategy to sanely expose these microservices to the internet... here's what i'm thinking:现在我想不出将这些微服务合理地暴露给互联网的策略……这就是我的想法:
the whole cluster is exposed on a domain name, and services are subdomains
整个集群暴露在一个域名上,服务是子域- say the cluster is available at
k8s.mydomain.com说集群在k8s.mydomain.com上可用 - each loadbalancer service (which exposes a corresponding microservice) should be accessible by a subdomain每个负载均衡器服务(暴露相应的微服务)应该可以被一个子域访问
auth-server.k8s.mydomain.com-
profile-server.k8s.mydomain.com -
questions-board.k8s.mydomain.com - so requests to each subdomain would be load balanced to the replicas of the matching deployment因此对每个子域的请求将负载平衡到匹配部署的副本
- so how do i actually achieve this setup?那么我该如何实现这个设置呢? is this desirable?这是可取的吗?
- can i expose each load balancer as a subdomain?我可以将每个负载均衡器公开为一个子域吗? is this done automatically?这是自动完成的吗?
- or do i need an ingress controller?还是我需要一个入口控制器?
- am i barking up the wrong tree?我是不是叫错了树?
- i'm looking for general advice on how to expose a single app which is a mosaic of microservices我正在寻找有关如何公开作为微服务马赛克的单个应用程序的一般建议
- can i expose each load balancer as a subdomain?
- say the cluster is available at
each service is exposed on the same ip/domain, but each gets its own port
每个服务都暴露在同一个 IP/域上,但每个服务都有自己的端口- perhaps the whole cluster is accessible at
k8s.mydomain.comagain也许整个集群可以再次访问k8s.mydomain.com - can i map each port to a different load balancer?我可以将每个端口映射到不同的负载均衡器吗?
-
k8s.mydomain.com:8000maps toauth-server-loadbalancerk8s.mydomain.com:8000映射到auth-server-loadbalancer -
k8s.mydomain.com:8001maps toprofile-server-loadbalancerk8s.mydomain.com:8001映射到profile-server-loadbalancer
-
- is this possible?这可能吗? it seems less robust and less desirable than strategy 1 above与上面的策略 1 相比,它似乎不那么健壮,也不那么可取
- perhaps the whole cluster is accessible at
each service is exposed on its own ip/domain?
每个服务都暴露在自己的 IP/域上?- perhaps each service specifies a static ip, and my domain has A records pointing each subdomain at each of these ip's in a manual way?也许每个服务都指定了一个静态 ip,而我的域有 A 记录,以手动方式将每个子域指向这些 ip 中的每一个?
- how do i know which static ip's to use?我怎么知道使用哪个静态IP? in production?在生产中? in local dev?在本地开发?
- perhaps each service specifies a static ip, and my domain has A records pointing each subdomain at each of these ip's in a manual way?
maybe i'm conceptualizing this wrong?也许我把这个概念化了? can a whole kubernetes cluster map to one ip/domain?整个 kubernetes 集群可以映射到一个 IP/域吗?
what's the simplest way to expose a bunch of microservies in kubernetes?在 kubernetes 中公开一堆微服务的最简单方法是什么? on the other hand, what's the most robust/ideal way to expose microservices in production?另一方面,在生产中公开微服务的最健壮/理想的方式是什么? do i need a different strategy for local development in minikube?我是否需要在 minikube 中采用不同的本地开发策略? (i was just going to edit /etc/hosts a lot) (我只是要编辑/etc/hosts很多)
thanks for any advice, cheers感谢您的任何建议,干杯
3 个解决方案
解决方案1
1 2020-03-06 04:33:16
The first method is typically the format that everyone follows ie each microservice gets its own subdomain.第一种方法通常是每个人都遵循的格式,即每个微服务都有自己的子域。 You can achieve the same using Kubernetes ingress (for example Nginx Ingress https://kubernetes.github.io/ingress-nginx/ )您可以使用 Kubernetes 入口(例如 Nginx 入口https://kubernetes.github.io/ingress-nginx/ )实现相同的目的
They need not be in the same domain also ie you can have both *.example.com and *.example2.com它们也不必在同一个域中,即您可以同时拥有*.example.com和*.example2.com
The second method doesn't scale up as you would have a limited number of available ports and running on non-standard ports comes with its own issues.第二种方法无法扩展,因为可用端口数量有限,并且在非标准端口上运行会带来其自身的问题。
解决方案2
1 2020-03-06 04:35:50
Use an ingress:使用入口:
https://kubernetes.io/docs/concepts/services-networking/ingress/#types-of-ingress https://kubernetes.io/docs/concepts/services-networking/ingress/#types-of-ingress
With an ingress, you can assign subdomains to different services, or you can serve all the services under different context roots with some url rewriting.通过入口,您可以将子域分配给不同的服务,或者您可以通过一些 url 重写为不同上下文根下的所有服务提供服务。
I don't suggest exposing services using different ports.我不建议使用不同的端口公开服务。 Nonstandard ports have other problems.非标准端口还有其他问题。
解决方案3
1 已采纳 2020-03-06 13:48:35
I think the first option is by far the best.我认为第一种选择是迄今为止最好的。
Your Ingress might look like this:您的Ingress可能如下所示:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: name-virtual-host-ingress
spec:
rules:
- host: auth-server.k8s.mydomain.com
http:
paths:
- backend:
serviceName: service1
servicePort: 80
- host: profile-server.k8s.mydomain.com
http:
paths:
- backend:
serviceName: service2
servicePort: 80
- host: questions-board.k8s.mydomain.com
http:
paths:
- backend:
serviceName: service3
servicePort: 80
You can read more about it on Kubernetes docs regardingIngress and Name based virtual hosting .您可以在 Kubernetes 文档上阅读有关Ingress和Name based virtual hosting 的更多信息。
You can also use many Ingress Controllers depending where you will end up setting your cluster.您还可以使用许多入口控制器,具体取决于您最终将在哪里设置集群。 You mentioned that you will be testing this on Minikube so I think nginx ingress will be a good choice here.你提到你将在 Minikube 上测试这个,所以我认为nginx ingress将是一个不错的选择。
If you are thinking about managing your traffic you could consider istio .如果您正在考虑管理流量,您可以考虑istio 。
Here is a nice guide Setting up HTTP(S) Load Balancing with Ingress and another once Configuring Domain Names with Static IP Addresses .这是一个很好的指南,使用 Ingress 设置 HTTP(S) 负载平衡和另一个曾经使用静态 IP 地址配置域名。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.