近日, 阿里云 Serverless Kubernetes 服务推出 pod 挂载弹性公网 IP 功能, 此功能使某些 serverless 容器应用的部署和服务访问变得更加简单和便利.
无需创建 VPC NAT 网关即可让单个 pod 访问公网
无需创建 service 也可让单个 pod 暴露公网服务
可以更加灵活而且动态的绑定 pod 和 eip
目前 Serverless Kubernetes 支持两种方法挂载 eip, 支持自动分配 eip, 或者指定 eip 实例进行绑定.
方法一: 自动分配弹性公网 IP
通过指定 Annonation "k8s.aliyun.com/enable-eip" 为 "true",serverless kubernetes 服务会自动为此 pod 分配一个 eip, 并且绑定到 pod 上.
示例:
- #cat nginx-enable-eip-pod.YAML
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx
- annotations:
- "k8s.aliyun.com/enable-eip": "true"
- spec:
- containers:
- - image: registry-vpc.cn-hangzhou.aliyuncs.com/jovi/nginx:alpine
- imagePullPolicy: Always
- name: nginx
- ports:
- - containerPort: 80
- name: http
- protocol: TCP
- restartPolicy: OnFailure
创建 pod:
- #kubectl apply -f nginx-enable-eip-pod.YAML
- pod "nginx" created
- #kubectl get pod
- nginx 1/1 Running 0 20s
查看 pod 的 ip 地址:
- # kubectl describe pod
- Name: nginx
- Namespace: default
- Node: viking-c7d16b6c584544f65bfa4eba3a8b04d63/
- Start Time: Mon, 07 Jan 2019 13:19:47 +0800
- Labels: <none>
- Annotations: k8s.aliyun.com/allocated-eipAddress=47.96.67.132
- k8s.aliyun.com/allocated-eipInstanceId=eip-bp1wtbt7vp18tgu5g7rb2
- k8s.aliyun.com/enable-eip=true
- kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"k8s.aliyun.com/enable-eip":"true"},"name":"nginx","namespace":"default"},"spec":{"container...
- kubernetes.io/limit-ranger=LimitRanger plugin set: CPU, memory request for container nginx
- Status: Running
- IP: 10.1.89.103
- Containers:
- nginx:
- Container ID: eci://779380281b08b325b4b7a1b66c4cb9e706985b25cde0c36345af93a308745b95
- Image: registry-vpc.cn-hangzhou.aliyuncs.com/jovi/nginx:alpine
- Image ID:
- Port: 80/TCP
- State: Running
- Started: Mon, 07 Jan 2019 13:19:47 +0800
- Ready: True
- Restart Count: 0
- Requests:
- CPU: 1
- memory: 2Gi
- Environment: <none>
- ...
- # kubectl describe pod|grep allocated-eipAddress
- Annotations: k8s.aliyun.com/allocated-eipAddress=47.96.67.132
我们可以看到在 pod 的 Annotations 中显示了已分配的 eip, 通过此 eip 可直接访问 pod.
# curl 47.96.67.132
- <!DOCTYPE html>
- <HTML>
- <head>
- <title>
- Welcome to nginx!
- </title>
- ...
因为此方式中 eip 为动态分配, 其生命周期与 pod 相同, 当 pod 被删除时, 动态分配的 eip 也会被一同删除.
请注意, 如果您创建的是 deployment, 那么 deployment 中的每一个 pod 都将会被挂载不同的 eip, 请谨慎使用此操作.
方法二: 指定弹性公网 IP 实例 id
首先用户需要在 eip 控制台购买弹性公网 eip.
通过指定 pod 的 Annonation "k8s.aliyun.com/eipInstanceId" 为 eip 实例 id, 如下:
- # cat nginx-eipid-pod.YAML
- apiVersion: v1
- kind: Pod
- metadata:
- name: nginx
- annotations:
- "k8s.aliyun.com/eipInstanceId": "eip-bp19trewkig3i9pnek99i"
- spec:
- containers:
- - image: registry-vpc.cn-hangzhou.aliyuncs.com/jovi/nginx:alpine
- imagePullPolicy: Always
- name: nginx
- ports:
- - containerPort: 80
- name: http
- protocol: TCP
- restartPolicy: OnFailure
创建 pod
- # kubectl apply -f nginx-eipid-pod.YAML
- pod "nginx" created
- # kubectl get pod
- NAME READY STATUS RESTARTS AGE
- nginx 1/1 Running 0 20s
通过 eip 访问 pod:
# curl 47.111.20.92
- <!DOCTYPE HTML>
- <HTML>
- <head>
- <title>Welcome to nginx!</title>
- <style>
- body {
- width: 35em;
- margin: 0 auto;
- font-family: Tahoma, Verdana, Arial, sans-serif;
- }
- </style>
- </head>
- <body>
- <h1>Welcome to nginx!</h1>
- ...
此种方式种当 pod 被删除时, pod 和 eip 解除绑定. pod 重新创建时 eip 则会重新被绑定.
快速试用 Serverless Kubernetes
欢迎登录容器服务控制台, 公测期间免费使用, https://cs.console.aliyun.com/#/k8s
如在使用中有任何问题, 欢迎扫码加入 Serverless K8s 钉钉群进行讨论
来源: https://yq.aliyun.com/articles/684920