我的HTTP / REST服务群集具有以下Kubernetes YAML,是否可以通过同一负载均衡器公开身份,用户和操作服务?
使用以下配置,当我认为1足够时,它将在AWS中创建4个单独的弹性负载平衡器。我尝试将Kibana设置为NodePort,以便可以从外部访问它,但无法访问,因此将类型设置为LoadBalancer。
apiVersion: apps/v1
kind: Deployment
metadata:
name: identity-service
labels:
app: identity-service
spec:
replicas: 1
selector:
matchLabels:
app: identity-service
template:
metadata:
labels:
app: identity-service
spec:
containers:
- name: identity-service
image: org_name/identity_service
imagePullPolicy: Always
ports:
- containerPort: 5000
env:
- name: CONNECTION_STRING
value: "..."
imagePullSecrets:
- name: docker-hub
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: users-service
labels:
app: users-service
spec:
replicas: 1
selector:
matchLabels:
app: users-service
template:
metadata:
labels:
app: users-service
spec:
containers:
- name: users-service
image: org_name/users_service
imagePullPolicy: Always
ports:
- containerPort: 5001
env:
- name: CONNECTION_STRING
value: "..."
imagePullSecrets:
- name: docker-hub
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: actions-service
labels:
app: actions-service
spec:
replicas: 1
selector:
matchLabels:
app: actions-service
template:
metadata:
labels:
app: actions-service
spec:
containers:
- name: actions-service
image: org_name/actions_service
imagePullPolicy: Always
ports:
- containerPort: 5003
env:
- name: CONNECTION_STRING
value: "..."
imagePullSecrets:
- name: docker-hub
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: message-queue
labels:
app: message-queue
spec:
replicas: 1
selector:
matchLabels:
app: message-queue
template:
metadata:
labels:
app: message-queue
spec:
containers:
- name: message-queue
image: org_name/message_queue
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5672
- containerPort: 15672
imagePullSecrets:
- name: docker-hub
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: elasticsearch
labels:
app: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: elasticsearch:7.6.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9200
env:
- name: ELASTIC_PASSWORD
value: ...
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
labels:
app: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
spec:
containers:
- name: kibana
image: kibana:7.6.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5601
env:
- name: ELASTICSEARCH_HOSTS
value: http://ELASTICSEARCH_SERVICE_HOST:ELASTICSEARCH_SERVICE_PORT
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
value: ...
- name: XPACK_MONITORING_ENABLED
value: "true"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: smtp-server
labels:
app: smtp-server
spec:
replicas: 1
selector:
matchLabels:
app: smtp-server
template:
metadata:
labels:
app: smtp-server
spec:
containers:
- name: smtp-server
image: mailhog/mailhog
imagePullPolicy: IfNotPresent
ports:
- containerPort: 1025
- containerPort: 8025
---
apiVersion: v1
kind: Service
metadata:
name: identity-service
labels:
app: identity-service
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-2:...:certificate/...
spec:
ports:
- port: 443
targetPort: 5000
protocol: TCP
selector:
app: identity-service
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: users-service
labels:
app: users-service
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-2:...:certificate/...
spec:
ports:
- port: 443
targetPort: 5001
protocol: TCP
selector:
app: users-service
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: actions-service
labels:
app: actions-service
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-2:...:certificate/...
spec:
ports:
- port: 443
targetPort: 5003
protocol: TCP
selector:
app: actions-service
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: kibana
labels:
app: kibana
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-2:...:certificate/...
spec:
ports:
- port: 5601
targetPort: 5601
protocol: TCP
selector:
app: kibana
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
labels:
app: elasticsearch
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-2:...:certificate/...
spec:
ports:
- port: 9200
targetPort: 9200
protocol: TCP
selector:
app: elasticsearch
type: ClusterIP
答案 0 :(得分:1)
使用单个ingress controller通过ingress definitions公开每个服务。在AWS上,您可以使用ALB as the ingress endpoint。
每个服务将需要不同的主机名或/ path来区分它们。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /identity
backend:
serviceName: identity-service
servicePort: 5000
- path: /users
backend:
serviceName: users-service
servicePort: 5001
- path: /actions
backend:
serviceName: actions-service
servicePort: 5003
- path: /kibana
backend:
serviceName: kibana
servicePort: 5601
然后将每个服务的type
更改为ClusterIP