Shulou(Shulou.com)06/01 Report--

This article is to share with you about how to use Ingress API in Kubernetes. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Design and purpose of Ingress resources

The simplest description of a Kubernetes cluster is a set of managed nodes that run an application in a container. In most cases, the nodes in the Kubernetes cluster are not directly exposed to the public Internet. This makes sense, because exposing all services on one node brings incredible risks. To provide public access to selected services, Kubernetes provides Ingress resources.

The Ingress resource exposes HTTP and HTTPS routes from outside the cluster to the selected services in it. Ingress resources also provide rules for controlling traffic. This makes Ingress resources an ideal solution for handling a variety of API provided by a large number of stand-alone services. To do this, it provides an entry point for all clients and then processes requests for back-end services. This is often referred to as a fan out configuration.

You can also set up an Ingress resource for a name-based virtual host that will route requests based on the host header:

In order for the Ingress resources to work properly, you need to install the Ingress controller on the Kubernetes cluster. The controller builds a bridge between the Kubernetes cluster and the existing public-oriented interfaces. For example, most cloud providers hosting Kubernetes provide a unique Ingress controller to interface with their defined public-facing approach. The operation of each controller is different from each other and can provide a different number of additional functions.

Benefits of using Ingress to manage the API lifecycle through the CI / CD pipeline

Ingress resources are defined through a declarative profile, which is usually described in YAML. This is consistent with all Kubernetes resources and allows direct integration into modern deployment models, such as the combined practice of CI / CD. This is the ability to deploy Ingress changes quickly, frequently, and securely. In this way, you can merge Ingress resources into the same type of software development lifecycle pattern as the application itself.

How developers use Kong for Kubernetes to complete Ingress

Kong for Kubernetes is a popular open source and cloud-independent Ingress controller. The Kong for Kubernetes entry controller is built as a custom resource definition (CRD) in Kubernetes. This provides a native Kubernetes experience for those who are used to defining resources within the platform.

Like your applications and services, you can install Kong for Kubernetes through Manifest,Helm or Kustomize.

Kong for Kubernetes Ingress Controller extends the capabilities of Ingress resources by providing an extensive set of plug-ins that cover a variety of functions, including authentication, analysis, monitoring, and request and response conversion, to name just a few. By providing these common (and sometimes not very common) requirements on the Ingress controller, Kong for Kubernetes allows developers to focus more on the core requirements of the service. Its value becomes particularly evident when organizations migrate from a small number of single applications to hundreds (or even thousands) of microservices.

For a list of common plug-ins, visit https://docs.konghq.com/hub/.

Kong plug-ins are defined as Kubernetes resources, and the config section provides settings for each plug-in. The following is an example of a speed limit plug-in that limits traffic to five requests per minute:

The Kong plug-in can be added to the Kubernetes resource by simply commenting in the metadata section of the resource. This allows plug-ins to be applied to different layers. For example, you can apply a plug-in to an entire Ingress resource, or to a single service resource in a more fine-grained way.

This is an example of applying the above plug-in to an Ingress resource:

Kong for Kubernetes can also be integrated into a complete suite of Kong Enterprise products, including Kong Studio,Kong Dev Portal,Kong Manager, Kong Brain and Kong Immunity. This allows the use of more advanced Kong plug-ins and a complete API lifecycle solution. This set of products covers the creation and release of API specifications, as well as the management of Kong resources, and even traffic analysis.

You can use Kong Studio to develop API using the "specification first" approach. In this library, you will find tools for documenting in the standard OpenAPI specification and testing tools for immediate feedback. Kong Studio also provides tools for using GraphQL. Kong Studio is synchronized directly to Git, which integrates your specification files into the CI / CD workflow so that Kong Dev Portal can be updated automatically.

Kong Dev Portal hosts your API documents (either private or public). It is highly customizable and allows you to adapt it to the style and brand of your organization. Having a well-documented API is important to improve productivity, and a well-managed process between Kong Studio and Dev Portal can help ensure that documents are kept as up-to-date as possible.

Kong Manager provides a graphical interface to view and manage the entire Kong product suite. From here, you can observe the relationship between routing, services, and plug-ins. You can learn about traffic and track consumers in real time.

Kong Brain analyzes the traffic passing through the Ingress and creates a visual service graph of the dependencies between services. It also has the function of automatically generating OpenAPI specification documents according to the generated maps. This is a valuable feature because even with the best intentions, the deployed services may not be properly recorded.

Kong Immunity analyzes all traffic passing through the Ingress and learns to identify abnormal patterns. These are usually subtle requests that are inconspicuous, but may arouse interest, such as unknown parameters that are constantly trying to pass. This is also a very valuable feature because it is not easy to stick these needles into thousands of log entries in a haystack.

Make full use of Ingress

The Kubernetes entry resource provides a single entry point from the external Kubernetes to the internal back-end service. By using declarative definition files, you can treat Ingress resources like all other forms of code and integrate them into a common software development lifecycle.

In order to bridge communications outside of Kubernetes, an Ingress controller is needed. Kong for Kubernetes is an Ingress controller that uses custom resource definitions to greatly extend the functionality of Ingress resources by providing a large number of plug-ins, thus allowing developers to focus on core business values. Kong has a set of enterprise tools that can greatly increase productivity and security throughout the API lifecycle.

The above is how to use Ingress API in Kubernetes. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.