{"msg":"操作成功","code":200,"data":{"createBy":"admin","createTime":"2021-09-02 17:51:10","updateBy":"admin","updateTime":"2021-09-02 17:51:10","remark":null,"id":70,"articleTitle":"Kubernetes(八)Ingress","articleUrl":"k8s_ingress","articleThumbnail":"https://www.asumimoe.com/imgfiles/20220906/f93daad129a04b8db74eed70cd45263b.png","articleFlag":"0","draftStatus":"1","reprintStatement":"1","articleSummary":"根据之前对Service的介绍我们知道,Service的表现形式为IP:PORT,即工作在TCP/IP层。而对于基于HTTP的服务来说,不同的URL地址经常对应到不同的后端服务或者服务器,这些应用层的转发机制仅靠Service机制是无法实现的。从Kubernetes1.1版本开始新增Ingress对象,用于将不同的请求转发到不同的Service,以实现HTTP层的业务路由机制。","articleContent":"## Ingress介绍\n\n根据之前对Service的介绍我们知道,Service的表现形式为IP:PORT,即工作在TCP/IP层。而对于基于HTTP的服务来说,不同的URL地址经常对应到不同的后端服务或者服务器,这些应用层的转发机制仅靠Service机制是无法实现的。从Kubernetes1.1版本开始新增Ingress对象,用于将不同的请求转发到不同的Service,以实现HTTP层的业务路由机制。\n\n使用Ingress进行负载分发时,Ingress Controller基于Ingress规则将客户端的请求直接转发到Service对应的后端Endpoint上,这样会跳过kube-proxy的转发功能,kube-proxy不再起作用。\n\nIngress 可为 Service 提供外部可访问的 URL、负载均衡流量、终止 SSL/TLS,以及基于名称的虚拟托管。 [Ingress 控制器](https://kubernetes.io/zh/docs/concepts/services-networking/ingress-controllers) 通常负责通过负载均衡器来实现 Ingress,尽管它也可以配置边缘路由器或其他前端来帮助处理流量\n\n## Ingress部署\n\n### 下载官方yaml文件\n\n```shell\nkubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.5/deploy/static/provider/cloud/deploy.yaml\n```\n\n### 定义Ingress策略\n\n1.部署应用,准备测试环境。\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: hello-server\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: hello-server\n template:\n metadata:\n labels:\n app: hello-server\n spec:\n containers:\n - name: hello-server\n image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server\n ports:\n - containerPort: 9000\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: nginx-demo\n name: nginx-demo\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: nginx-demo\n template:\n metadata:\n labels:\n app: nginx-demo\n spec:\n containers:\n - image: nginx\n name: nginx\n---\napiVersion: v1\nkind: Service\nmetadata:\n labels:\n app: nginx-demo\n name: nginx-demo\nspec:\n selector:\n app: nginx-demo\n ports:\n - port: 8000\n protocol: TCP\n targetPort: 80\n---\napiVersion: v1\nkind: Service\nmetadata:\n labels:\n app: hello-server\n name: hello-server\nspec:\n selector:\n app: hello-server\n ports:\n - port: 8000\n protocol: TCP\n targetPort: 9000\n```\n\n2.配置Ingress规则(类似nginx)。\n\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress \nmetadata:\n name: ingress-host-bar\nspec:\n ingressClassName: nginx\n rules:\n - host: \"a.asumi.com\"\n http:\n paths:\n - pathType: Prefix\n path: \"/\" # 访问a.asumi.com的请求都会转发到hello-server服务\n backend:\n service:\n name: hello-server\n port:\n number: 8000\n - host: \"b.asumi.com\"\n http:\n paths:\n - pathType: Prefix\n path: \"/\" # 访问b.asumi.com的请求都会转发到hello-server服务\n backend:\n service:\n name: nginx-demo \n port:\n number: 8000\n - host: \"c.asumi.com\"\n http:\n paths:\n - pathType: Prefix\n path: \"/nginx\" # 访问c.asumi.com/nginx会转发到后端的svc/nginx,后端服务一定要可以处理/nginx,否则会报错403\n backend:\n service:\n name: nginx-demo\n port:\n number: 8000\n```\n\nIngress会产生一个服务,则我们访问http://域名:30940就会转到相应的服务。\n\n```shell\n[root@master ~]# kubectl get svc -A\nNAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ningress-nginx ingress-nginx-controller NodePort 10.96.213.218 80:30940/TCP,443:30576/TCP 17m\n\n[root@master ~]# kubectl get ingress\nNAME CLASS HOSTS ADDRESS PORTS AGE\ningress-host-bar nginx a.asumi.com,b.asumi.com,c.asumi.com 192.168.52.213 80 7m21s\n```\n\n\n\n### 访问验证\n\n\n```shell\n[root@master ~]# curl a.asumi.com:30940\nHello World!\n[root@master ~]# curl b.asumi.com:30940\n\n\n\nWelcome to nginx!\n...\n\n # 由于我们的nginx-demo无法处理/nginx请求,所以会报错,此报错为nginx-demo返回。\n[root@master ~]# curl c.asumi.com:30940/nginx\n\n404 Not Found\n\n

404 Not Found

\n
nginx/1.21.5
\n\n\n\n # 由于Ingress策略中没有此路径的映射,于是Ingress会直接返回404,此时请求还没有被转发到后端的nginx-demo\n[root@master ~]# curl c.asumi.com:30940/nsdda\n\n404 Not Found\n\n

404 Not Found

\n
nginx
\n\n\n```\n\n## Ingress高级用法\n\n[https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/)\n\n### 1.路径重写Rewrite\n\n上面的项目中,由于nginx-demo中无法处理/nginx请求于是返回了404,如果我们想要后端正常处理,则可以使用路径重写功能。\n\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress \nmetadata:\n annotations:\n nginx.ingress.kubernetes.io/rewrite-target: /$2 # 开启路径重写\n name: ingress-host-bar\nspec:\n ingressClassName: nginx\n rules:\n - host: \"c.asumi.com\"\n http:\n paths:\n - pathType: Prefix\n path: \"/nginx(/|$)(.*)\"\n backend:\n service:\n name: nginx-demo\n port:\n number: 8000\n```\n\n再次访问验证,发现可以正常访问。\n\n```shell\n[root@master ~]# curl c.asumi.com:30940/nginx\n\n\n\nWelcome to nginx!\n