Kubernetes网络管理:深入理解Ingress配置
Kubernetes网络管理:深入理解Ingress配置
引言
在Kubernetes中,Ingress是管理外部访问的关键组件。通过Ingress,可以实现HTTP/HTTPS路由、负载均衡和SSL终止等功能。
作为一名资深的DevOps工程师,我在多个项目中负责Ingress的配置和优化。今天就来分享一下Ingress的配置方法和最佳实践。
Ingress概述
Ingress概念
Ingress的核心功能:
HTTP路由:根据域名和路径将请求路由到不同的服务。
SSL终止:在Ingress层面终止SSL连接。
负载均衡:将流量分发到多个后端Pod。
虚拟主机:支持多个域名共享同一个IP地址。
Ingress控制器
常用的Ingress控制器:
NGINX Ingress Controller:最常用的Ingress控制器。
Traefik:现代化的Ingress控制器,支持自动配置。
HAProxy Ingress:基于HAProxy的Ingress控制器。
NGINX Ingress配置
基本配置
创建基本的Ingress配置:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80SSL配置
配置SSL证书:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-tls annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: tls: - hosts: - myapp.example.com secretName: myapp-tls rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80高级配置
配置高级特性:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-advanced annotations: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/limit-rps: "100" nginx.ingress.kubernetes.io/limit-connections: "10" spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80Ingress最佳实践
路径重写
配置路径重写:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-rewrite annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: rules: - host: api.example.com http: paths: - path: /api(/|$)(.*) pathType: Prefix backend: service: name: api-service port: number: 8080限流配置
配置请求限流:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-rate-limit annotations: nginx.ingress.kubernetes.io/limit-rps: "50" nginx.ingress.kubernetes.io/limit-rpm: "1000" nginx.ingress.kubernetes.io/limit-connections: "20" spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80健康检查
配置健康检查:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-health annotations: nginx.ingress.kubernetes.io/health-check-path: /health nginx.ingress.kubernetes.io/health-check-interval: "30s" nginx.ingress.kubernetes.io/health-check-timeout: "5s" spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80Ingress案例分析
案例1:多域名配置
某公司配置了多个域名:
配置内容:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: multi-domain-ingress spec: tls: - hosts: - app1.example.com - app2.example.com secretName: wildcard-tls rules: - host: app1.example.com http: paths: - path: / pathType: Prefix backend: service: name: app1-service port: number: 80 - host: app2.example.com http: paths: - path: / pathType: Prefix backend: service: name: app2-service port: number: 80效果:实现了多个域名共享同一个Ingress。
案例2:路径路由配置
某公司配置了路径路由:
配置内容:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: path-routing-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: rules: - host: api.example.com http: paths: - path: /users(/|$)(.*) pathType: Prefix backend: service: name: user-service port: number: 8080 - path: /orders(/|$)(.*) pathType: Prefix backend: service: name: order-service port: number: 8080效果:实现了基于路径的路由。
结语
Ingress是Kubernetes中重要的网络组件。通过合理配置,可以实现灵活的流量管理。
希望这篇文章能帮助你配置Ingress。如果你有任何问题或经验分享,欢迎在评论区交流!
本文作者:侯万里(万里侯),致力于网络管理的工程师