concept

The K8s cluster can be exposed in only three ways: Loadbalancer; NodePort; Ingress

  • Disadvantages of Loadbalancer: Public cloud support such as Aliyun is required and an additional fee is required
  • Disadvantages of NodePort: To expose ports, the range of ports must be 30,000-32767
  • Ingress Benefits: Ingress does not expose arbitrary ports or protocols. There may be some learning costs associated with common configurations and reverse proxies for Traefik and Nginx.

It can be seen from the figure that Ingress acts as a proxy, forwarding the external requests to the back-end service matched in K8S according to the routing address, and the service is connected to the Deployment, and one Deployment runs N pods. The traffic is forwarded.

Knowledge:

  • In order for the Ingress resource to work, the cluster must have a running Ingress Controller.
  • You can deploy any number of Ingress controllers in a cluster. When creating an ingress, each ingress should be annotated with the appropriate ingress.class to indicate which ingress controller should be used if there are multiple Ingress controllers in the cluster.
  • Popular Ingress controllers are nginx-Ingress-Controller and Traefik & Kubernetes
  • Traefik is an edge routing application written in Go. It has a built-in UI, reverse proxy, load balancing, automatic configuration, and SSL certificates. It is very popular recently, but the official documentation is garbage, the configuration is flexible, and it is difficult to use.

platform

  • MacOS 11.2.3
  • Docker Desktop 3.3.3
  • Docker Engine: 20.10.6
  • Kubernates: v1.19.7

pit

Currently commonly used K8S image library has

  • IO (Docker Hub public image library)
  • gcr.io (Google container registry)
  • K8s.gcr. IO (equivalent to GCR. IO/Google-containers)
  • Quay. IO (Red Hat-operated mirror library)

K8s.gcr. IO is blocked by a wall and may fail to pull image. Ali Cloud does not have the latest image library, so I have to go to docker Hub to find someone else. Specific see

steps

  1. Start docker locally and check k8S version 1.19.7

kubectl version

Client Version: Version. The Info {Major: "1", Minor: "19", GitVersion: "v1.19.7 GitCommit:" 1 dd5338295409edcfff11505e7bb246f0d325d15." BuildDate GitTreeState: "clean" : "the 2021-01-13 T13:23:52 Z," GoVersion: "go1.15.5", the Compiler: "gc", Platform:"darwin/amd64"} Server Version: Version. The Info {Major: "1", Minor: "19", GitVersion: "v1.19.7 GitCommit:" 1 dd5338295409edcfff11505e7bb246f0d325d15." GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:" GO1.15.5 ", Compiler:" GC ", Platform:" Linux/AMD64 "}Copy the code
  1. Install NGINX Ingress Controller

Prompt to install kubectl apply-f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.46.0/deploy/static/provider/cloud/deploy.yaml

The browser open https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.46.0/deploy/static/provider/cloud/deploy first. Yaml search image:

IO /ingress-nginx/controller:v0.46.0@sha256:….

Local try down docker pull k8s. GCR. IO/ingress – nginx/controller: v0.46.0… Found failure, very simple, this mirror address is wall, need to find a replacement!

Open the Docker hub and search ingress-nginx-Controller, only find the latest v0.45.0

It’s not a big guess, Download the file and open the editor https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.45.0/deploy/static/provider/cloud/deploy.yaml

Replace image: k8s.gcr. IO /ingress-nginx/controller:v0.45.0 with image: willDockerHub/ingress-nginx-Controller :v0.45.0

This step is very important

  1. Let me rename it to thetaV0.45.0 - deploy. YamlRun him next!

Kubectl apply -f v0.45.0 - deploy. Yaml

verify

kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx

kubectl describe pod

  1. Run an example

Prepare the file, download the three instance files, and image hashicorp/ HTTP-echo is an HTTP server

apple.yaml

kind: Pod
apiVersion: v1
metadata:
  name: apple-app
  labels:
    app: apple
spec:
  containers:
    - name: apple-app
      image: hashicorp/http-echo
      args:
        - "-text=apple"

---

kind: Service
apiVersion: v1
metadata:
  name: apple-service
spec:
  selector:
    app: apple
  ports:
    - port: 5678 # Default port for image
Copy the code

banana.yaml

kind: Pod
apiVersion: v1
metadata:
  name: banana-app
  labels:
    app: banana
spec:
  containers:
    - name: banana-app
      image: hashicorp/http-echo
      args:
        - "-text=banana"

---

kind: Service
apiVersion: v1
metadata:
  name: banana-service
spec:
  selector:
    app: banana
  ports:
    - port: 5678 # Default port for image
Copy the code

ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: ingress.finley.demo
    http:
      paths:
        - path: /apple
          backend:
            serviceName: apple-service
            servicePort: 5678
        - path: /banana
          backend:
            serviceName: banana-service
            servicePort: 5678

Copy the code

Service does not explain. Ingress defines an address that calls port 5678 exposed in apple-service, which provides network services for apple-App pods, when accessing /apple

To run their

 kubectl apply -f sample/apple.yaml 
 kubectl apply -f sample/banana.yaml 
 kubectl apply -f sample/ingress.yaml 
Copy the code

Note that ingress.yaml I configured the domain name to be ingress.finley.demo for local access

  1. Open the/etc/hosts

Add 127.0.0.1 ingress. Finley. Demo

  1. Witness the miracle moment

Browser open http://ingress.finley.demo/apple page shows apple browser open http://ingress.finley.demo/banana page shows a banana

Ingress is actually a proxy function, isn’t it very simple?

reference

Kubernetes. IO/useful/docs/con…

Kubernetes. Making. IO/ingress – ngi…

Developer.aliyun.com/article/759…