Ingress

Ingress Controller

ΠžΠ±ΡŠΠ΅ΠΊΡ‚ слуТит Π² Ρ€ΠΎΠ»ΠΈ прокси ΠΈ балансировщика L7.

БозданиС минимального ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata: 
  name: minimal-ingress-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      name: nginx-ingress
  template:
    metadata:
      labels:
        name: nginx-ingress
    spec: 
      containers:
        - name: nginx-ingress-controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
          args: 
            - /nginx-ingress-controller
            - --configmap=$ (POD_NAMESPACE)/nginx_configuraruin
          env:            # nginx Ρ‚Ρ€Π΅Π±ΡƒΠ΅Ρ‚ 2 ΠΏΠ΅Ρ€Π΅ΠΌΠ΅Π½Π½Ρ‹Π΅ для ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ
            - name: POD_NAME
              valueFrom: 
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom: 
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443

Для ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ ingress Π½Π° nginx Ρ‚Π°ΠΊΠΆΠ΅ Π½ΡƒΠΆΠ΅Π½ ConfigMap. Π’ Π½Π΅Π³ΠΎ закладываСтся конфигурация nginx, которая Π² ΠΎΠ±Ρ‹Ρ‡Π½ΠΎΠΌ Π²Π°Ρ€ΠΈΠ°Π½Ρ‚Π΅ nginx ΠΊΠ°ΠΊ reverse-proxy Π²ΠΏΠΈΡΡ‹Π²Π°Π»Π°ΡΡŒ Π² config самого nginx:

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-configuration

Π’Π°ΠΊΠΆΠ΅ Π½Π΅ΠΎΠ±Ρ…ΠΎΠ΄ΠΈΠΌΠΎ ΡΠΎΠ·Π΄Π°Ρ‚ΡŒ Service, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ ΠΏΡƒΠ±Π»ΠΈΠΊΡƒΠ΅Ρ‚ ingress Π²ΠΎΠ²Π½Π΅:

apiVersion: v1
kind: Service
metadata: 
  name: nginx-ingress
spec: 
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  - port: 443
    targetPort: 443
    protocol: TCP
    name: https
  selector:
    name: nginx-ingress

И Π½ΡƒΠΆΠ΅Π½ Service Account для Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx-ingress-serviceaccounts

Ingress Resource

Набор ΠΏΡ€Π°Π²ΠΈΠ» ingress Π½Π°Π·Ρ‹Π²Π°ΡŽΡ‚ΡΡ Ingress Resource.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-rules
spec:
  backend:
    serviceName: app-service
    servicePort: 80

ΠžΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ нахоТдСния ΠΏΡ€Π°Π²ΠΈΠ» ingress resource:

kubectl get ingress -A # Π½Π°ΠΉΡ‚ΠΈ Ingress Resource срСди Namespaces

Π Π΅Π΄Π°ΠΊΡ‚ΠΈΡ€ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΏΡ€Π°Π²ΠΈΠ» ingress resource:

kubectl edit ingress <имя ingress resource> -n <namespace>

Nginx rewrite rules

Настройка rewrite-target Π½ΡƒΠΆΠ½Π°, Ρ‡Ρ‚ΠΎΠ±Ρ‹ ΠΏΡ€Π°Π²ΠΈΠ»ΡŒΠ½ΠΎ Ρ‚Ρ€Π°Π½ΡΠ»ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ сСтСвой ΠΏΡƒΡ‚ΡŒ.

# Π‘Π΅Π· rewrite-target:
http://<ingress-service>:<ingress-port>/watch --> http://<watch-service>:<port>/path

# Π‘ rewrite-target Ρ‚ΠΈΠΏΠ° replace("/path","/"):
http://<ingress-service>:<ingress-port>/watch --> http://<watch-service>:<port>/

Для Π²ΠΊΠ»ΡŽΡ‡Π΅Π½ΠΈΡ ΠΏΡ€Π°Π²ΠΈΠ» rewrite, Π½ΡƒΠΆΠ½ΠΎ Π΄ΠΎΠ±Π°Π²ΠΈΡ‚ΡŒ Π² манифСст annotations:

1. apiVersion: extensions/v1beta1
2. kind: Ingress
3. metadata:
4.   name: test-ingress
5.   namespace: critical-space
6.   annotations:               # ΠΏΡ€ΠΈΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ rewrite ΠΏΡ€Π°Π²ΠΈΠ»
7.     nginx.ingress.kubernetes.io/rewrite-target: /
8. spec:
9.   rules:
10.   - http:
11.       paths:
12.       - path: /pay
13.         backend:
14.           serviceName: pay-service
15.           servicePort: 8282