Shulou(Shulou.com)06/03 Report--

Detailed description of k8s components Ingress edge router and landing to micro service-kubernetes is written in front

Ingress English translation entry; right of entry; eating, or more accurately, the entrance, that is, the port through which external traffic enters the K8s cluster. What is the use of this to the gate? How do we use Ingress? How does K8s do service discovery? Look at a picture first:

Note: this picture comes from a blog I reprinted, NodePort,LoadBalancer or Ingress? Here is an explanation of how I should choose-kubernetes.

Principle

Although pod and server deployed in K8s cluster have their own IP, they cannot provide public network access. In the past, we could expose the service by monitoring NodePort, but this method is not flexible and is not recommended in production environment. Ingresss is an API resource object in K8s cluster, which acts as edge router (edge router). It can also be understood as cluster firewall and cluster gateway. We can customize routing rules to forward, manage, and expose services (a set of pod), which is very flexible. This method is recommended in production environment. In addition, LoadBlancer can also expose services, but in this way, you need to apply for a debt equalizer from the cloud platform; although many cloud platforms support it, this method is deeply coupled to the cloud platform, so you know.

First of all, let's consider how to deal with this scenario with a traditional web server, such as Nginx.

Nginx acts as a reverse proxy server to intercept external requests, read the routing rule configuration, and forward the corresponding requests to the back-end service.

When dealing with such a scenario, kubernetes involves three components:

Reverse proxy web server

Responsible for intercepting external requests, such as Nginx, Apache, traefik, etc. I usually deploy to the kubernetes cluster in Deployment, but I can also deploy it in DeamonSet. I think these two deployment methods have both advantages and disadvantages. If you are interested, please refer to this article, which will not be discussed here.

Ingress controller

There are many controller in K8s, such as CronJob, DeamonSet, Deployment, ReplicationSet, StatefulSet and so on. Everyone should be most familiar with Deployment (hey, me too). Its function is to monitor the changes of the cluster and keep the cluster in the final state we expect (yml file). Similarly, the function of Ingress controller is to perceive the change of Ingress routing rule set in real time, and then interact with Api Server to obtain the IP of Service and Pod in the cluster, and then send it to the reverse proxy web server to refresh its routing configuration information. This is its service discovery mechanism.

Ingress

Define the set of routing rules, which have been described in detail above, and will not be discussed here.

After the above analysis, you know, if we just create an Ingress object, just define a series of routing rules set and, do not have any effect, do not think too simple, hey.

Ingress selection

I spent a lot of time on this, and finally chose Traefik, which is a lightweight Http reverse proxy and load balancer developed with Golang. Although it is a rising star compared to Nginx, it naturally embraces kubernetes and communicates directly with cluster k8s Api Server. It responds very quickly, perceives the routing rule set defined by Ingress in the cluster and the changes of back-end Service and Pod in real time, and automatically hot updates the Traefik back-end configuration. There is no need to create Ingress controller objects at all, and it also provides a friendly control panel and monitoring interface. You can easily view not only the routing configuration information generated by Traefik based on Ingress, but also some statistical performance metrics, such as total response time, aPCge response time, and the total number of times returned by different response codes. For Traefik deployment, please refer to the official website user example Kubernetes Ingress Controller. Not only that, Traefik also supports rich annotations configuration, which can be configured with many excellent features, such as automatic circuit breaker, load balancing strategy, blacklist, whitelist, and many back-end storage, such as zookeeper, eureka, consul, rancher, docker, etc., which automatically senses changes in these unified configuration centers and hot updates its routing configuration, so Traefik is a magic weapon for micro services. What about the performance of Traefik? Containerized deployment, but also worried about performance, don't be so funny, okay? While Nginx has hindsight in embracing kubernetes, please refer to the official website and the open source project ingress-nginx for details. In addition, Microsoft's open source microservice sample project eShopOnContainers uses ingress-nginx, so you can go down and study it yourself.

Traefik:

The example shows the use of Ingress to expose microservices apiVersion: extensions/v1beta1kind: Ingressmetadata: labels: app: light component: frontend name: light-edge-router namespace: geekbuying-light annotations: kubernetes.io/ingress.class: "traefik" ingress.kubernetes.io/ssl-redirect: "false" traefik.frontend.rule.type: "PathPrefixStrip" traefik.ingress.kubernetes.io/frontend-entry-points: "http Https "traefik.ingress.kubernetes.io/priority:" 3 "spec: rules:-host: http: paths:-path: / api/v1/light backend: serviceName: aggregation-light-api servicePort: 80-path: / api/v1/identity backend: serviceName: identity-api servicePort: 80

Very important:

When we define additional routes, such as / api/vi/identity here, we must add this traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip annotation delivery path, otherwise we will not see any effect; ingress.kubernetes.io/ssl-redirect: "false" whether to force the use of https, other configuration information, please see the details. In addition, for different Ingress selections, please refer to their respective component instructions.

The service discovery rules under other namespaces are: [serviceName]. [namespace]: [port], such as exceptionless-ui.geekbuying-light-addons:80 (Note: Port 80 can be omitted, other ports cannot be omitted), which means to find the exceptionless-ui service under the geekbuying-light-addons namespace and match the port.

Property configuration

Traefik supports powerful annotations configuration and needs to be added to the annotations of the corresponding resource object in kubernetes. As for which object to configure, let's figure out three concepts:

EntryPoint (entry point)

As the name implies, this is the entrance for the external network to enter the traefik, and we intercept requests by listening to the host port.

FrontEnd (front end)

After the request is intercepted by traefik, it is forwarded to FrontEnd. The frontend defines a routing rule set that maps EntryPoint to BackEnd, and the fields include Host, Path, Headers, etc. After matching the request, it is routed to an available BackEnd by default through the weighted polling load algorithm, and then enters the specified micro-service, which is called service discovery.

Note: these routing rules can come from different backend stores, such as Kubernetes, zookeeper, eureka, consul, etc. The Ingress resource object used by Kubernetes defines routing rule sets. It is recommended that you go to the official website to learn Kubernetes Ingress Backend.

BackEnd (backend)

A set of http services that correspond to a set of pod addresses under a service object in kubernetes. For back-end service discovery, you can configure load balancing policies, fuses and other features.

An example of a configuration of a backend service object:

ApiVersion: v1kind: Servicemetadata: annotations: traefik.backend.circuitbreaker: NetworkErrorRatio () > 0.5traefik.backend.loadbalancer.method: drr labels: app: identity name: identity-api namespace: geekbuying-lightspec: ports:-port: 80 selector: app: light component: identity type: webapi effect

Dashboard:

Front-end priority, back-end fuses, and load balancing policies:

Monitoring interface:

Summary

To sum up, first deploy reverse proxy servers (treafik, nginx, etc.) that embrace K8s to intercept requests, and then the intercepted requests will be forwarded to the corresponding Service within the cluster according to the routing rule set defined by Ingress.

Extended reading

Https://docs.traefik.io/

Https://github.com/containous/traefik

Https://docs.traefik.io/user-guide/kubernetes/

Https://docs.traefik.io/configuration/backends/kubernetes/

Https://kubernetes.io/docs/concepts/services-networking/ingress/

Https://kubernetes.io/docs/admin/authorization/rbac/

Https://github.com/kubernetes/ingress-nginx/blob/master/README.md

Https://kubernetes.github.io/ingress-nginx/development/

Https://www.kubernetes.org.cn/1237.html

Https://github.com/kubernetes/ingress-nginx

Https://blog.csdn.net/hxpjava1/article/details/79459489

Https://blog.csdn.net/hxpjava1/article/details/79375452

If you think this article is helpful to you, thank you for your recommendation.

If you are interested in kubernets, you can follow me. I will share my learning experience on my blog regularly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.