Shulou(Shulou.com)05/31 Report--

How to understand Ingress in kubernetes? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

One: brief introduction

Ingress resource object, which is used to forward access requests from different URL to different Service at the back end to implement the service routing mechanism of the HTTP layer. Kubernetes uses an Ingress policy definition and a concrete Ingress Controller, which combine to implement a complete Ingress load balancer.

Ingress Controller will forward customer requests directly to the backend Endpoint corresponding to Service based on Ingress rules, which will skip the forwarding function of kube-proxy and kube-proxy will no longer work.

Two: use Ingress

For more information on how to use it, please refer to the previous blog http://blog.itpub.net/28624388/viewspace-2152650/

1. Create Ingress Controller

Before defining an Ingress policy, you need to deploy Ingress Controller to provide a unified entry for all back-end Service. Ingress Controller needs to implement the load distribution mechanism based on backward forwarding of different HTTP URL, and can flexibly set the load distribution policy of 7 layers. If the public cloud service provider provides this type of HTTP routing LoadBalancer, you can set it to Ingress Controller.

In Kubernetes, Ingress Controller will run as Pod to monitor the backend services behind the / ingress port of the apiserver. If the service changes, the Ingress Controller application automatically updates its forwarding rules.

two。 Install the backend service

In order for Ingress Controller to start properly, you also need to configure a default backend for it to return a correct 404 reply if the URL address accessed by the client does not exist. This backend service can be implemented with any application, as long as it satisfies that the default access to the path returns a 404 reply and provides / healthz to complete its health check.

Three: Ingress policy configuration

1. Forward to a single back-end service

Click (here) to collapse or open

ApiVersion: extensions/v1beta1

Kind: Ingress

Metadata:

Name: test-ingress

Spec:

Backend:

ServiceName: myweb

ServicePort: 8080

Client access requests to Ingress Controller will be forwarded to the unique Service at the back end, in which case Ingress does not need to define any rule.

two。 Under the same domain name, different URL paths are forwarded to different services

Click (here) to collapse or open

ApiVersion: extensions/v1beta1

Kind: Ingress

Metadata:

Name: test-ingress

Spec:

Rules:

-host: mywebsite.com

Http:

Paths:

-path: / web

Backend:

ServiceName: web-service

ServicePort: 80

-path: / api

Backend:

ServiceName: api-service

ServicePort: 8081

3. Different domain names are forwarded to different services

Click (here) to collapse or open

ApiVersion: extensions/v1beta1

Kind: Ingress

Metadata:

Name: test-ingress

Spec:

Rules:

-host: foo.bar.com

Http:

Paths:

-backend:

ServiceName: service1

ServicePort: 80

-host: bar.foo.com

Http:

Paths:

-backend:

ServiceName: service2

ServicePort: 80

4. Forwarding rules that do not use domain names

Click (here) to collapse or open

ApiVersion: extensions/v1beta1

Kind: Ingress

Metadata:

Name: test-ingress

Spec:

Rules:

-http:

Paths:

-path: / web

Backend:

ServiceName: web-service

ServicePort: 80

Note that when using Ingress forwarding rules without a domain name, non-secure HTTP is disabled by default and HTTPS. You can set an annotation "ingress.kubernetes.io/ssl-redirect=false" in the definition of Ingress to turn off the setting that forces HTTPS to be enabled.

Four: Ingress TLS security settings

1. Create a self-signed key and SSL certificate file

two。 Save the certificate to a Secret resource object in Kubernetes

3. Set the Secret object to Ingress

This is the answer to the question about how to understand Ingress in kubernetes. I hope the above content can be of some help to you. If you still have a lot of doubts to solve, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.