k8s 结合INgress-nginx 配置访问tomcat 集群

本篇文章主要是部署tomcat 应用，3副本，切实感受一些service 负载均衡。

1、创建命名空间tomcat-test

kubectl create namespace tomcat-test

2、配置tomcat-configmap.yaml

# cat tomcat-configmap.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: tomcat-config
  namespace: tomcat-test
data:
  server.xml: |
    <?xml version="1.0" encoding="UTF-8"?>
    <Server port="8005" shutdown="SHUTDOWN">
      <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
      <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
      <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
      <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
      <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
      
      <GlobalNamingResources>
        <Resource name="UserDatabase" auth="Container"
                  type="org.apache.catalina.UserDatabase"
                  description="User database that can be updated and saved"
                  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
                  pathname="conf/tomcat-users.xml" />
      </GlobalNamingResources>
      
      <Service name="Catalina">
        <Connector port="8080" protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   redirectPort="8443" />
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
        
        <Engine name="Catalina" defaultHost="localhost">
          <Realm className="org.apache.catalina.realm.LockOutRealm">
            <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                   resourceName="UserDatabase"/>
          </Realm>
          
          <Host name="localhost"  appBase="webapps"
                unpackWARs="true" autoDeploy="true">
            <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                   prefix="localhost_access_log" suffix=".txt"
                   pattern="%h %l %u %t "%r" %s %b" />
          </Host>
        </Engine>
      </Service>
    </Server>

3、创建文件tomcat-pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: tomcat-pvc
  namespace: tomcat-test
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: nfs-client
  resources:
    requests:
      storage: 10Gi

4、创建文件tomcat-deployment.yaml

# cat tomcat-deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-deployment
  namespace: tomcat-test
  labels:
    app: tomcat
spec:
  replicas: 3
  selector:
    matchLabels:
      app: tomcat
  template:
    metadata:
      labels:
        app: tomcat
    spec:
      containers:
      - name: tomcat
        image: tomcat:9.0
        ports:
        - containerPort: 8080
        env:
        - name: JAVA_OPTS
          value: "-Xms512m -Xmx1024m"
        resources:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "500m"
        volumeMounts:
        - name: tomcat-config
          mountPath: /usr/local/tomcat/conf/server.xml
          subPath: server.xml
        - name: tomcat-webapps
          mountPath: /usr/local/tomcat/webapps
      volumes:
      - name: tomcat-config
        configMap:
          name: tomcat-config
      - name: tomcat-webapps
        persistentVolumeClaim:
          claimName: tomcat-pvc

5、创建配置文件tomcat-service.yaml

# cat tomcat-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: tomcat-service
  namespace: tomcat-test
  labels:
    app: tomcat
spec:
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
      nodePort: 30001  # 可自定义NodePort范围(30000-32767)
  selector:
    app: tomcat

6、创建文件tomcat-ingress.yaml

# cat tomcat-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tomcat-ingress
  namespace: tomcat-test  # 与 Tomcat 服务在同一命名空间
  annotations:
    # 配置 Ingress Controller 类型（以 NGINX 为例）
    kubernetes.io/ingress.class: "nginx"
    # 可选：启用 HTTPS 时添加（需提前准备证书）
    # cert-manager.io/cluster-issuer: "letsencrypt-prod"  # 若使用 cert-manager 自动签发证书
spec:
  # 可选：配置 HTTPS（需提前创建 Secret 存储证书）
  # tls:
  # - hosts:
  #   - app2.czm.com
  #   secretName: tomcat-tls-secret  # 存储证书的 Secret 名称
  rules:
  - host: app2.czm.com  # 对外暴露的域名
    http:
      paths:
      - path: /  # 访问路径（/ 表明根路径）
        pathType: Prefix  # 路径匹配方式（Prefix 表明前缀匹配）
        backend:
          service:
            name: tomcat-service  # 关联的 Service 名称（需与前面创建的一致）
            port:
              number: 8080  # Service 的端口（与 Service 中定义的 port 一致）

7、我这边pvc是通过nfs服务器构建的，可以查看前面文件，到nfs目录查看

其中index.jsp 功能主要是获取本地主机名、IP地址等，这样在浏览器访问的时候才知道是否实现了负载均衡。

8、域名通过绑定本地host，浏览器进行访问：

访问结果可以明显说明通过访问ingress 流量会分发到后端3个不同pod tomcat 容器。