This is the seventh day of my participation in the More text Challenge. For details, see more text Challenge

In the previous article, users need to enter IP+PORT to access the mapped PORT of the Service NodePort, which is ok to use in the development test, but it is inconvenient to remember. But if the production service to such an address to the user, is certainly not, browsing will give you a dangerous site, the user is confused.

In order to solve the above problems, the traditional way is to use the domain name. Customers only need to know the domain name but do not need to remember the IP+PORT. Therefore, K8S is provided as the entry service in 1.19 version ingress GA.

Introduce Ingress

The entrance

External traffic is forwarded to services in the cluster, exposing services in the cluster to domain names

Example diagram of forwarding traffic requested to the Ingress to the back-end service:

Ingress configures the service to provide externally accessible urls (HTTP, HTTPS) and load balances traffic (based on policy)

Each configuration corresponds to an entry controller, and an entry controller usually has a load balancer to help handle traffic

Ingress does not expose any ports and protocols. To expose services other than HTTP and HTTPS to the Internet, service. Type=NodePort is usually used, which is similar to the Nginx proxy back-end

The controller

Although there are Ingress object resources in K8S, the Ingress controller needs to be created by itself, and there are many corresponding third-party controllers, which may produce difficult choice in the selection.

  • Controller list:

The nginx Ingress officially maintains controllers. You can select controllers based on your own conditions and scenarios

High popularity in the domestic is nginx, istio Traefix, haproxy, apisix, etc. Traefix comes with beautiful UI. Istio is ServiceMesh. Apisix is an open source gateway like service in China, which recently raised a lot of money, and haProxy is an old positive and negative proxy

The blogger did not experience all of them and could not provide a corresponding comparison, but it is customary to test an official recommended Nginx Ingress first.

K8s also supports multiple Ingress in a cluster

Ingress deployment

Nginx ingress website: kubernetes. Making. IO/ingress – ngi…

In this article, we will not use the helm to install ingress. We will install the ingress in the original way, because we have not written an article about helm

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.ya mlCopy the code

You can also download YAML and modify it yourself

To verify the installation, –watch is a continuous output, observing the entire process until the end (success or failure)

kubectl get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx --watch
Copy the code

The Ingress controller is deployed, and the configuration is required to expose the service for external access

Next, use SpringBoot-Hive deployed in depoyment to create a configuration

  • Host is the domain name, and serviceName is the name of the defined service. You can run the kubectl get SVC -n devops command to view servicePort

——————————

apiVersion: extensions/v1
kind: Ingress
metadata:
  name: springboot-hive-ingress
  namespace: devops
  labels:
    app: springboot
spec:
  rules:
    - host: springboot-hive.libaigo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: springboot-hive-service
            servicePort: 8080
Copy the code

——————————-

kubectl apply -f ingress.yaml
kubectl get ingress -A
Copy the code

You can see that spingboot-hive.libaogo.com has been successfully configured with port 80

Since we are not doing DNS resolution, we need to write the domain name to hosts. The IP address corresponding to spingboot-hive.libaogo.com can be the IP address of any node in the K8S cluster

Then visit the spingboot-hive.libaogo.com service

The default service exposes two endpoints, as shown below.

  • /healthz that returns 200

  • / that returns 404

Unified entrance

On the public cloud, it is possible to use SLB load balancing as the entry point and proxy to the corresponding node, but not on the local environment. If you need to test it, you can use MetalLB on the official website (which is still being tested), of course, you can also use nginx or HaProxy on the local environment to proxy the same effect. There was a single point of failure. It was noteworthy

  • Public clouds

  • The local environment