k8s的ingress使用

ingress

　　可以配置一个入口来提供k8s上service从外部来访问的url、负载平衡流量、终止SSL和提供基于名称的虚拟主机。

配置ingress的yaml：

　　要求域名解析无误

　　要求service对应的pod正常

一、test1.domain.com   -->  service1:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
        path: /

 

二、test1.domain.com   -->   /aaa   -->   service2:8080

                                         -->   /bbb   -->   service3:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
        path: /aaa
      - backend:
          serviceName: service2
          servicePort: 8080
        path: /bbb

三、test1.domain.com   -->  service1:8080

　　test2.domain.com   -->  service4:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
  - host: test2.domain.com
    http:
      paths:
      - backend:
          serviceName: service4
          servicePort: 8080

 

四、test1.domain.com   -->  service1:8080

　　没在request中定义主机名(即没有显示请求头)的请求   -->   service5:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
  - http:
      paths:
      - backend:
          serviceName: service5
          servicePort: 8080

五、https://test1.domain.com   -->  service1:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
  tls:
  - hosts:
    - test1.domain.com
    secretName: domain-tls　　#证书见下

　　证书yaml

apiVersion: v1
data:
  tls.crt: cert（base64）　　#转码见下
  tls.key: key（base64）
kind: Secret
metadata:
  name: domain-tls
  namespace: test
type: kubernetes.io/tls

　　base64转码

cat fullchain.pem | base64 | tr '
' ' ' | sed s/[[:space:]]//g   #中间去掉换行和空格
cat privkey.pem | base64 | tr '
' ' ' | sed s/[[:space:]]//g

六、nginx中的设置，在ingress是通过annotations来配置的

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
  annotations:
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600s"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600s"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600s"
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
        path: /

详细ingress链接：https://kubernetes.io/docs/concepts/services-networking/ingress/

ingress中annotations的配置选项：https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md