Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

An entry-level practical tutorial! Learn all about K8S Ingress from concept to deployment!

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Kubernetes Ingress is used to add rules to route traffic from outside to the services of the Kubernetes cluster. In this article you will learn about the concept of ingress and the ingress controller used to route external traffic to Kubernetes deployment.

Typically, custom Nginx or HAproxy Kubernetes deployments are exposed as services that are used to proxy external traffic to services in the internal cluster. Where the routing rule will be bake to Pod and added as configmap. Kubernetes ingress behaves similarly, except that routing rules are maintained as Kubernetes ingress objects. It has the great advantage of dynamic routing rule configuration, so there is no need to redeploy proxy pods.

A brief Analysis of getting started with Kubernetes Ingress

To get started with Kubernetes Ingress, you need to understand the following two key concepts:

1 、 Kubernetes Ingress

2 、 Kubernetes Ingress Controller

Let's learn one by one.

Kubernetes Ingress

Kubernetes Ingress is a native Kubernetes resource, and you can set rules to route traffic from outside to service endpoints within the cluster. It requires an Ingress Controller to route the rules specified by the ingress object. The Ingress object is as follows:

ApiVersion: extensions/v1beta1kind: Ingressmetadata: name: test-ingress namespace: devspec: rules:-host: test.apps.example.com http: paths:-backend: serviceName: hello-service servicePort: 80

The above declaration means that all calls to test.apps.example.com should hit a service named hello-service, which is located in the dev namespace.

The key things you need to know about Ingress objects are as follows:

You should create ingress rules in the namespace of the service you deploy. If you are in other namespaces that do not have ingress objects, you will not be able to route traffic into the service.

An ingress object needs an ingress controller to route traffic

External traffic will not hit ingress API, but will be hit ingress controller services. Kubernetes Ingress Controller

Ingress controller is a typical proxy service deployed in a cluster, and it is only exposed to the Kubernetes deployment of the service. The following Ingress Controller is available for Kubernetes:

Nginx Ingress Controller

Traefik

HAproxy

Contour

GKE Ingress Controller

At present, Nginx is the choice of most enterprises. Here is how Nginx Ingress Controller works:

The nginx.conf file inside Nginx controller pod is a go template that communicates with Kubernetes Ingress API and gets the latest value of traffic routing in real time.

Nginx controller communicates with Kubernetes ingress API to check if rules have been created for traffic routing.

If it finds any ingress rules, it will apply to the Nginx Controller configuration, that is, the nginx.conf file in pod using the go template.

If you use exec to connect to pod and check the / etc/nginx/nginx.conf file, you can see all the rules specified in the ingress object applied in the conf file.

The following architecture diagram explains the ingress settings on a Kubernetes cluster.

Next, let's take a closer look at how to set up Ingress in Kubernetes using Nginx Ingress Controller.

Preparation in advance

A Kubernetes cluster

Installed kubectl and authenticated Kubernetes cluster

Administrator access to the Kubernetes cluster

Point to the valid domain of the ingress controller load balancer

If you are on Google Cloud, please assign administrator rights to your account to enable the cluster role.

ACCOUNT=$ (gcloud info-- format='value (config.account)') kubectl create clusterrolebinding owner-cluster-admin-binding\-- clusterrole cluster-admin\-- user $ACCOUNT

Please note that this tutorial has been tried on the Google Cloud GKE cluster. In theory, it can be used in all cloud environments. If you do encounter any errors, you may need to make some adjustments in the settings.

Set up Nginx Ingress Controller

There are two nginx ingress controller:

Nginx ingress controller of the Kubernetes community: https://github.com/kubernetes/ingress-nginx

Nginx's Nginx ingress controller: https://github.com/nginxinc/kubernetes-ingress

We will use the nginx controller of the Kubernetes community.

Ingress controller requires specific namespaces, service accounts, cluster role bindings, configmap, and so on. Therefore, you need to use the yaml file in the official ingress repo to create the mentioned Kubernetes object.

Official repo:

Https://github.com/kubernetes/ingress-nginx/tree/master/deploy

Let's deploy ingress controller using the mandatory.yaml file, which you can find at the official repo. It has a list of Kubernetes objects required by nginx.

Let's use kubectl to create a Nginx controller deployment:

Kubectl apply-f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

Check the ingress controller pod to make sure it is set correctly:

Kubectl get pods-n ingress-nginx sets the LoadBalancer service for Ingress Controller

The next step is to create a service of type LoadBalancer to expose the nginx controller deployment outside the cluster.

Step1: create a project directory locally and change to that directory.

Mkdir ingress-deployment & & cd ingress-deployment

Step2: create a file called nginx-ingress.yaml

Vi nginx-ingress.yaml

Step3: copy the following to a file

Please note: annotation under label is very important for nginx controller deployment integration

Kind: ServiceapiVersion: v1metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxspec:externalTrafficPolicy: Localtype: LoadBalancerselector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxports:- name: httpport: 80targetPort: http- name: httpsport: 443targetPort: https

Step4: creating an ingress service

Kubectl apply-f nginx-ingress.yaml

Step5: check whether the created service is connected to an external load balancer

Kubectl get svc-n ingress-nginx maps domain names to Loadbalancer IP

In order for our ingress settings to work, we need to map a domain name to the load balancer IP. You can do this in two ways.

Single DNS Mappin

You can map a single domain as an A record directly to the load balancer IP. With this feature, you can only provide one domain for ingress controller and can route traffic based on multiple paths.

For example:

Www.example.com-- > Loadbalancer IP

You can use this model for path-based routing.

Here are a few examples:

Http://www.example.com/app1http://www.example.com/app2http://www.example.com/app1/apihttp://www.example.com/app2/api wildcard DNS mapping

If you map a wildcard DNS to a load balancer, you can have dynamic DNS endpoints through ingress.

For example:

* .apps.example.com

In this way, you can have multiple dynamic subdomains through a single ingress controller, and each DNS has its own path-based routing.

For example:

# URL one http://demo1.apps.example.com/apihttp://demo1.apps.example.com/api/v1http://demo1.apps.example.com/api/v2#URL two http://demo2.apps.example.com/apihttp://demo2.apps.example.com/api/v1http://demo2.apps.example.com/api/v2

For demonstration purposes, we have mapped the wildcard DNS to LoadBalancer IP. You can make this setting according to your DNS provider.

Set up a Demo application

For testing purposes, we will deploy a demo application and add a ClusterIP service to the application.

Step1: create a namespace named dev

Kubectl create namespace dev

Step2: create a file called hello-app.yaml

Step3: copy the following to a file and save

ApiVersion: apps/v1kind: Deploymentmetadata: name: hello-app namespace: devspec: selector: matchLabels: app: hello replicas: 3 template: metadata: labels: app: hello spec: containers:-name: hello image: "gcr.io/google-samples/hello-app:2.0"

Step4: using kubectl to create deployment

Kubectl create-f hello-app.yaml

Check deployment status

Step5: create a file called hello-app-service.yaml

Step6: copy the following to a file and save

ApiVersion: v1kind: Servicemetadata: name: hello-service namespace: dev labels: app: hellospec: type: ClusterIP selector: app: hello ports:-port: 80 targetPort: 8080 protocol: TCP

Step7: creating services using kubectl

Kubectl create-f hello-app-service.yaml

Check service status

Kubectl get svc-n dev creates a Kubernetes Ingress object

Now let's use a DNS to create an Ingress object to access our hello app. The Ingress object can set routing rules.

Ingress controller pod connects to the Ingress API to check the rules and updates its nginx.conf accordingly.

Step1: create a file called ingress.yaml

Step2: copy the following to a file and save

Replace test.apps.example.info with your domain name. Here, we assume that you already have a wildcard domain name in * .apps.example.info format.

ApiVersion: extensions/v1beta1kind: Ingressmetadata: name: test-ingress namespace: devspec: rules:-host: test.apps.example.info http: paths:-backend: serviceName: hello-service servicePort: 80

Step3: describes the created ingress object, which is used to check the configuration

Kubectl describe ingress-n dev

Now, if you try to access the test.apps.example.info domain (replace it with your domain name), you should be able to access our deployed app.

Original text link:

Https://devopscube.com/kubernetes-ingress-tutorial/

Https://devopscube.com/setup-ingress-kubernetes-nginx-controller/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report