宝塔怎么做两个网站的解析专家:核酸检测公司该不该上市
张小明 2026/1/5 19:09:12
宝塔怎么做两个网站的解析,专家:核酸检测公司该不该上市,怎样为网站做外链,3d打印网站开发Ingress资源对象概述Kubernetes Ingress是一种API对象#xff0c;用于管理对集群内服务的外部访问#xff0c;通常通过HTTP/HTTPS路由规则实现。它充当入口点#xff0c;将外部请求路由到内部服务#xff0c;支持基于路径、主机名或TLS的流量分发。版本对比图不同Kubernete…Ingress资源对象概述Kubernetes Ingress是一种API对象用于管理对集群内服务的外部访问通常通过HTTP/HTTPS路由规则实现。它充当入口点将外部请求路由到内部服务支持基于路径、主机名或TLS的流量分发。版本对比图不同Kubernetes版本的Ingress功能差异如下v1.18及之前需依赖Ingress Controller如Nginx、Traefik。v1.19支持IngressClass资源明确指定控制器类型。v1.22引入pathType字段Exact/Prefix/ImplementationSpecific。Ingress应用案例环境准备确保Kubernetes集群运行正常kubectl已配置。安装Ingress Controller以Nginx为例kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/cloud/deploy.yaml验证-NodePort模式创建示例应用和服务apiVersion: apps/v1 kind: Deployment metadata: name: demo-app spec: replicas: 2 template: containers: - name: nginx image: nginx:alpine --- apiVersion: v1 kind: Service metadata: name: demo-svc spec: type: NodePort ports: - port: 80 targetPort: 80 selector: app: demo-app定义Ingress规则apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: demo-ingress spec: rules: - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: demo-svc port: number: 80设置Http代理若需通过代理访问配置本地/etc/hosts将域名指向NodeIP或使用工具如curl -H Host: example.com http://NodeIP:NodePort。验证-LoadBalancer模式修改ARP模式适用于裸金属集群启用严格ARP模式MetalLB依赖kubectl edit configmap -n kube-system kube-proxy设置strictARP: true。搭建MetalLB支持LoadBalancer安装MetalLBkubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml配置IP地址池例如192.168.1.100-192.168.1.200apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: name: default-pool namespace: metallb-system spec: addresses: - 192.168.1.100-192.168.1.200测试将Service类型改为LoadBalancerapiVersion: v1 kind: Service metadata: name: demo-svc spec: type: LoadBalancer ports: - port: 80 selector: app: demo-app访问分配的LoadBalancer IP即可验证流量路由。Ingress 资源对象详解Ingress 的工作原理Ingress 是 Kubernetes 中用于管理外部访问集群服务的 API 对象通常通过 HTTP/HTTPS 路由规则实现。它充当七层负载均衡器抽象了反向代理的配置逻辑。核心组件包括Ingress 规则定义域名、路径与后端 Service 的映射关系。Ingress Controller负责实现规则的具体组件如 Nginx、HAProxy。Ingress 与 NodePort/LoadBalancer 的对比NodePort每个 Service 占用集群节点端口扩展性差。LoadBalancer每个 Service 需独立 LB 实例成本高且依赖云厂商。Ingress通过单一入口如 LB 或 NodePort路由多服务节省资源。Ingress Controller 的工作流程规则监听Ingress Controller 监听 Kubernetes API 的 Ingress 规则变更。配置生成将规则转换为负载均衡器配置如 Nginx 的server块。动态更新实时应用配置到负载均衡器实例如 Nginx 热加载。示例 Ingress 规则以下 YAML 定义了一个将example.com流量路由到my-service的规则apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example-ingress spec: rules: - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: my-service port: number: 80常见 Ingress Controller 选项Nginx Ingress: 基于 Nginx社区支持广泛。Contour: 使用 Envoy适合复杂路由需求。HAProxy Ingress: 高性能适合低延迟场景。注意事项TLS 支持可通过spec.tls字段配置 HTTPS。路径匹配pathType支持Exact精确或Prefix前缀匹配。健康检查确保后端 Service 的readinessProbe配置正确。性能优化建议启用压缩在 Nginx Ingress 中配置gzip。缓存静态内容通过注解设置缓存策略。负载均衡算法根据场景选择轮询、最少连接等策略。Kubernetes Ingress 配置示例以下是一个基于客户端需求的 Kubernetes Ingress 配置示例用于将不同子域名web.itheima.com、mail.itheima.com、oa.itheima.com路由到对应的后端 Service。apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: itheima-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: web.itheima.com http: paths: - path: / pathType: Prefix backend: service: name: web-service port: number: 80 - host: mail.itheima.com http: paths: - path: / pathType: Prefix backend: service: name: mail-service port: number: 80 - host: oa.itheima.com http: paths: - path: / pathType: Prefix backend: service: name: oa-service port: number: 80组件说明Ingress 控制器需要提前部署 Ingress 控制器如 Nginx Ingress Controller该控制器负责实际处理外部请求并路由到对应 Service。Service 配置每个 Service 需要提前创建示例配置如下以 web-service 为例apiVersion: v1 kind: Service metadata: name: web-service spec: selector: app: web ports: - protocol: TCP port: 80 targetPort: 8080Pod 部署确保每个 Service 对应的 Pod 已正确部署并带有匹配的标签如 app: web。DNS 配置需要在 DNS 服务商处添加以下记录A 记录将 web.itheima.com 指向 Ingress 控制器的外部 IPA 记录将 mail.itheima.com 指向相同 IPA 记录将 oa.itheima.com 指向相同 IP测试验证使用 curl 命令测试路由是否生效curl -H Host: web.itheima.com http://INGRESS_IP curl -H Host: mail.itheima.com http://INGRESS_IP curl -H Host: oa.itheima.com http://INGRESS_IPTLS 配置可选如需启用 HTTPS可在 Ingress 中配置 TLSspec: tls: - hosts: - web.itheima.com - mail.itheima.com - oa.itheima.com secretName: itheima-tls需要提前创建包含证书的 Secret。版本对比图upportedIngress-NGINX versionk8s supported versionAlpine VersionNginx VersionHelm Chart Versionv1.9.61.29, 1.28, 1.27, 1.26, 1.253.19.01.21.64.9.1*v1.9.51.28, 1.27, 1.26, 1.253.18.41.21.64.9.0*v1.9.41.28, 1.27, 1.26, 1.253.18.41.21.64.8.3v1.9.31.28, 1.27, 1.26, 1.253.18.41.21.64.8.*v1.9.11.28, 1.27, 1.26, 1.253.18.41.21.64.8.*v1.9.01.28, 1.27, 1.26, 1.253.18.21.21.64.8.*v1.8.41.27, 1.26, 1.25, 1.243.18.21.21.64.7.*v1.8.21.27, 1.26, 1.25, 1.243.18.21.21.64.7.*v1.8.11.27, 1.26, 1.25, 1.243.18.21.21.64.7.*v1.8.01.27, 1.26, 1.25, 1.243.18.01.21.64.7.*v1.7.11.27, 1.26, 1.25, 1.243.17.21.21.64.6.*v1.7.01.26, 1.25, 1.243.17.21.21.64.6.*v1.6.41.26, 1.25, 1.24, 1.233.17.01.21.64.5.*v1.5.11.25, 1.24, 1.233.16.21.21.64.4.*v1.4.01.25, 1.24, 1.23, 1.223.16.21.19.10†4.3.0v1.3.11.24, 1.23, 1.22, 1.21, 1.203.16.21.19.10†4.2.5v1.3.01.24, 1.23, 1.22, 1.21, 1.203.16.01.19.10†4.2.3二、 Ingress应用案例2.1 环境准备搭建ingress环境# 创建文件夹[rootk8s-master01 ~]# mkdir ingress-controller[rootk8s-master01 ~]# cd ingress-controller/# 获取ingress-nginx本次案例使用的是1.8.1版本[rootk8s-master01 ingress-controller]# wget https://github.com/kubernetes/ingress-nginx/archive/refs/tags/controller-v1.8.1.tar.gz[rootk8s-master01 ingress-controller]# tar xf controller-v1.8.1.tar.gz[rootk8s-master01 ingress-controller]# cd ingress-nginx-controller-v1.8.1/deploy/static/provider/cloud/[rootk8s-master01 cloud]# lsdeploy.yaml kustomization.yaml##修改镜像源为如下:[rootk8s-master01 cloud]# cat deploy.yaml | grep -n image441: image: registry.cn-shenzhen.aliyuncs.com/xiaohh-docker/ingress-nginx-controller:v1.8.1442: imagePullPolicy: IfNotPresent538: image: registry.cn-shenzhen.aliyuncs.com/xiaohh-docker/ingress-nginx-kube-webhook-certgen:v20230407539: imagePullPolicy: IfNotPresent587: image: registry.cn-shenzhen.aliyuncs.com/xiaohh-docker/ingress-nginx-kube-webhook-certgen:v20230407588: imagePullPolicy: IfNotPresent#########部署#############[rootk8s-master01 cloud]# kubectl apply -f deploy.yamlnamespace/ingress-nginx createdserviceaccount/ingress-nginx createdserviceaccount/ingress-nginx-admission createdrole.rbac.authorization.k8s.io/ingress-nginx createdrole.rbac.authorization.k8s.io/ingress-nginx-admission createdclusterrole.rbac.authorization.k8s.io/ingress-nginx createdclusterrole.rbac.authorization.k8s.io/ingress-nginx-admission createdrolebinding.rbac.authorization.k8s.io/ingress-nginx createdrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission createdclusterrolebinding.rbac.authorization.k8s.io/ingress-nginx createdclusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission createdconfigmap/ingress-nginx-controller createdservice/ingress-nginx-controller createdservice/ingress-nginx-controller-admission createddeployment.apps/ingress-nginx-controller createdjob.batch/ingress-nginx-admission-create createdjob.batch/ingress-nginx-admission-patch createdingressclass.networking.k8s.io/nginx createdvalidatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created[rootk8s-master01 cloud]# kubectl -n ingress-nginx get podNAME READY STATUS RESTARTS AGEingress-nginx-admission-create-sgksd 0/1 Completed 0 77singress-nginx-admission-patch-f4rdc 0/1 Completed 1 77singress-nginx-controller-565cc5ddd9-2qwnm 1/1 Running 0 77s[rootk8s-master01 cloud]# kubectl -n ingress-nginx get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEingress-nginx-controller LoadBalancer 10.10.103.132 pending 80:31502/TCP,443:31020/TCP 96singress-nginx-controller-admission ClusterIP 10.10.227.21 none 443/TCP 96s##查看集群已经存在的nginx类型[rootk8s-master01 cloud]# kubectl get ingressclassNAME CONTROLLER PARAMETERS AGEnginx k8s.io/ingress-nginx none 2m53s2.2 验证-NodePort模式准备service和pod创建nginx.yamlapiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx-deploy name: nginx-deploy spec: replicas: 3 selector: matchLabels: app: nginx-deploy template: metadata: labels: app: nginx-deploy spec: containers: - image: dockerproxy.cn/nginx:latest name: nginx ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: labels: app: nginx-deploy name: nginx-svc spec: ports: - port: 80 protocol: TCP targetPort: 80 selector: app: nginx-deploy type: ClusterIP# 创建 [rootk8s-master01 ingress-controller]# kubectl apply -f nginx.yaml deployment.apps/nginx-deploy created service/nginx-svc created # 查看 [rootk8s-master01 ingress-controller]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-deploy-7c7b68644b-26jtl 1/1 Running 0 20s nginx-deploy-7c7b68644b-5jsmb 1/1 Running 0 20s nginx-deploy-7c7b68644b-rjc4r 1/1 Running 0 20s [rootk8s-master01 ingress-controller]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.10.0.1 none 443/TCP 13d nginx-svc ClusterIP 10.10.199.33 none 80/TCP 36s修改ingress代理模式[rootk8s-master01 ingress-controller]# kubectl edit svc ingress-nginx-controller -n ingress-nginx 49 type: NodePort 50 status: 51 loadBalancer: {} ##查看 [rootk8s-master01 ingress-controller]# kubectl -n ingress-nginx get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx-controller NodePort 10.10.103.132 none 80:31502/TCP,443:31020/TCP 10m ingress-nginx-controller-admission ClusterIP 10.10.227.21 none 443/TCP 10m设置Http代理创建ingress-http.yamlapiVersion: networking.k8s.io/v1 kind: Ingress # 创建一个类型为Ingress的资源 metadata: name: nginx-ingress # 这个资源的名字为 nginx-ingress spec: ingressClassName: nginx # 使用nginx rules: - host: nginx.jx.com # 访问此内容的域名 http: paths: - backend: service: name: nginx-svc # 对应nginx的服务名字 port: number: 80 # 访问的端口 path: / # 匹配规则 pathType: Prefix # 匹配类型这里为前缀匹配# 创建 [rootk8s-master01 ~]# kubectl create -f ingress-http.yaml ingress.extensions/ingress-http created # 查看 [rootk8s-master01 ingress-controller]# kubectl get ingress nginx-ingress NAME CLASS HOSTS ADDRESS PORTS AGE nginx-ingress nginx nginx.jx.com 10.10.103.132 80 31s # 查看详情 [rootk8s-master01 ~]# kubectl describe ingress nginx-ingress Name: nginx-ingress Labels: none Namespace: default Address: 10.10.26.150 Ingress Class: nginx Default backend: default Rules: Host Path Backends ---- ---- -------- nginx.jx.com / nginx-svc:80 (172.16.69.202:80,172.16.79.74:80,172.16.79.75:80) Annotations: none Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 9m2s (x2 over 14m) nginx-ingress-controller Scheduled for sync #在访问节点写入hosts解析记录 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.115.161 k8s-master01 192.168.115.162 k8s-master02 192.168.115.163 k8s-master03 192.168.115.164 k8s-worker01 192.168.115.165 k8s-worker02 192.168.115.166 nginx.jx.com ##测试只能使用域名访问 [rootk8s-master01 ingress-controller]# curl nginx.jx.com:31502 !DOCTYPE html html head titleWelcome to nginx!/title style html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } /style /head body h1Welcome to nginx!/h1 pIf you see this page, the nginx web server is successfully installed and working. Further configuration is required./p pFor online documentation and support please refer to a hrefhttp://nginx.org/nginx.org/a.br/ Commercial support is available at a hrefhttp://nginx.com/nginx.com/a./p pemThank you for using nginx./em/p /body /html2.3 验证-LoadBalancer模式修改ARP模式启用严格ARP模式# 执行修改操作 kubectl get configmap kube-proxy -n kube-system -o yaml | \ sed -e s/strictARP: false/strictARP: true/ | \ kubectl apply -f - -n kube-system #查看修改结果 kubectl edit configmap -n kube-system kube-proxy搭建metallb支持LoadBalancerMetallb 在 Kubernetes 中的作用主要是为没有运行在如 AWS、GCP 等具有完善网络服务的云平台上的集群提供网络负载均衡器的实现。实现 LoadBalancer 服务类型在 Kubernetes 中Service 有多种类型其中 LoadBalancer 类型通常需要外部的负载均衡器支持。Metallb 可以在缺乏原生云平台负载均衡支持的环境下模拟实现 LoadBalancer 类型的 Service。它能够为应用提供可从集群外部访问的固定 IP 地址。IP 地址分配与管理负责在指定的 IP 地址范围IP address pool内为 LoadBalancer 类型的 Service 分配 IP 地址并确保这些 IP 地址的正确映射和管理使外部流量能够准确地路由到相应的 Kubernetes 服务后端 Pod。提供高可用的网络连接通过实现 BGPBorder Gateway Protocol或 Layer2 模式的负载均衡机制确保即使在节点故障或网络波动的情况下也能维持应用的外部网络连接的稳定性和可靠性。wget https://github.com/metallb/metallb/archive/refs/tags/v0.12.1.tar.gz mkdir Metallb tar xf v0.12.1.tar.gz -C Metallb/ cd Metallb/metallb-0.12.1/manifests/ ##编写地址段分配configmap [rootk8s-master01 ~]# cat configmap.yaml apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - 192.168.115.30-192.168.115.49 kubectl apply -f namespace.yaml kubectl apply -f metallb.yaml [rootk8s-master01 manifests]# kubectl -n metallb-system get pod NAME READY STATUS RESTARTS AGE controller-7476b58756-q7cql 1/1 Running 0 6m speaker-55l64 1/1 Running 0 6m speaker-8jjg8 1/1 Running 0 6m1s测试[rootk8s-master01 ingress-controller]# cat nginx.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx-deploy1 name: nginx-deploy1 spec: replicas: 3 selector: matchLabels: app: nginx-deploy1 template: metadata: labels: app: nginx-deploy1 spec: containers: - image: nginx name: nginx1 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: labels: app: nginx-deploy name: nginx-svc1 spec: ports: - port: 80 protocol: TCP targetPort: 80 selector: app: nginx-deploy type: LoadBalancer ##提交 [rootk8s-master01 ingress-controller]# kubectl apply -f nginx.yaml ##查看 [rootk8s-master01 ingress-controller]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-deploy-5f87d95c-7ph78 1/1 Running 0 50m nginx-deploy-5f87d95c-dswvq 1/1 Running 0 50m nginx-deploy-5f87d95c-vk9vg 1/1 Running 0 50m nginx-deploy1-c8d58b5c7-7dfrd 1/1 Running 0 12m nginx-deploy1-c8d58b5c7-d2hd7 1/1 Running 0 12m nginx-deploy1-c8d58b5c7-pfvhn 1/1 Running 0 12m [rootk8s-master01 ingress-controller]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.10.0.1 none 443/TCP 14d nginx-svc ClusterIP 10.10.83.76 none 80/TCP 50m nginx-svc1 LoadBalancer 10.10.168.131 192.168.115.30 80:31261/TCP 12m ##测试访问 [rootk8s-master01 ingress-controller]# curl 192.168.115.30 !DOCTYPE html html head titleWelcome to nginx!/title style html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } /style /head body h1Welcome to nginx!/h1 pIf you see this page, the nginx web server is successfully installed and working. Further configuration is required./p pFor online documentation and support please refer to a hrefhttp://nginx.org/nginx.org/a.br/ Commercial support is available at a hrefhttp://nginx.com/nginx.com/a./p pemThank you for using nginx./em/p /body /htmlapiVersion: networking.k8s.io/v1 kind: Ingress # 创建一个类型为Ingress的资源 metadata: name: nginx-ingress # 这个资源的名字为 nginx-ingress spec: ingressClassName: nginx # 使用nginx rules: - host: nginx.jx.com # 访问此内容的域名 http: paths: - backend: service: name: nginx-svc # 对应nginx的服务名字 port: number: 80 # 访问的端口 path: / # 匹配规则 pathType: Prefix # 匹配类型这里为前缀匹配 - host: nginx2.jx.com # 访问此内容的域名 http: paths: - backend: service: name: nginx-svc1 # 对应nginx的服务名字 port: number: 80 # 访问的端口 path: / # 匹配规则 pathType: Prefix # 匹配类型这里为前缀匹配修改ingress模式[rootk8s-master01 ~]# kubectl -n ingress-nginx edit svc ingress-nginx-controller type: LoadBalancer status: loadBalancer: {}