0-前言
最近在搞Ingress Controller,查资料的过程中,发现容易对Ingress和Ingress Controller的理解产生混淆。趁热记录下,给未来的自己。
1-Ingress
Kubernetes Ingress is an API object that provides routing rules to manage external users' access to the services in a Kubernetes cluster.
Ingress 就是定义路由规则:从集群外部-->集群内部的HTTP和HTTPS的路由规则。
下图是一个将外部请求通过Ingress路由规则转发到Service,再有Service根据Selector标签分发到不同的Pod上:
Ingress yaml文件示例:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: conn-dev
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: dev.xxx.com
http:
paths:
- path: / # 该配置表示将dev.xxx.com的请求转发到serviceName为nginx,servicePort为80的服务上
pathType: Prefix
backend:
service:
name: nginx
port:
number: 80
Nginx deploy&service yaml文件示例:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
labels:
app: nginx
name: nginx
namespace: conn-dev
spec:
replicas: 1
selector:
matchLabels:
app: nginx
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: conn-dev
spec:
selector:
app: nginx # 这里的spec.selector要和deploy里的metadata.labels保持一致
ports:
- protocol: TCP
port: 80
targetPort: 80
注意:
- service里的spec.selector要和deploy里的metadata.labels保持一致, 因为svc是通过标签来定位到其对应的pods
- ingress.spec.rules.http.paths.pathType类型有三种:Exact, Prefix,Implementation,详见这里
2-Ingress Controller
If Kubernetes Ingress is the API object that provides routing rules to manage external access to services, Ingress Controller is the actual implementation of the Ingress API. The Ingress Controller is usually a load balancer for routing external traffic to your Kubernetes cluster and is responsible for L4-L7 Network Services.
个人理解:
- 一方面:ingress controller正如其名一样是控制管理(control)ingress资源的一个应用,当在集群中(任意namespce下)部署了一个ingress,ingress controller会捕获到该ingress资源,然后根据一定规则配置到对应的内部组件上。其常用的内部组件是nginx。
- 另一方面,从nginx角度看,ingress controller也是一种反向代理,外部请求,通过ingress controller,获取集群中的ingress资源(通过kind:ingress配置),根据其url规则,转发到不同的service上(类比nginx和nginx.conf配置文件)
