如何在 Azure AKS 上的一个入口控制器上创建多个负载均衡器 IP 地址
[英]how to create multiple loadbalancer ip addresses on one ingress controller on Azure AKS
问题描述
I'm trying to setup multiple services on one k8s cluster, with one Ingress controller in front that does tls termination for all services.
我正在尝试在一个 k8s 集群上设置多个服务,前面有一个 Ingress 控制器,它为所有服务执行 tls 终止。 This is a good example: https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/examples/multi-tls/multi-tls.yaml这是一个很好的例子: https ://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/examples/multi-tls/multi-tls.yaml
I initially followed this example: https://github.com/brunoterkaly/ingress , and then expanded it to have multiple tls services.我最初遵循这个例子: https ://github.com/brunoterkaly/ingress ,然后将其扩展为具有多个 tls 服务。
By exposing my nginx replication controller AKS on Azure automatically creates a loadbalancer and a public ip address, to which I can apply an A record: kubectl expose rc nginx-ingress-rc --port="80,443" --type="LoadBalancer"通过在 Azure 上公开我的 nginx 复制控制器 AKS 会自动创建一个负载均衡器和一个公共 IP 地址,我可以向其应用 A 记录: kubectl expose rc nginx-ingress-rc --port="80,443" --type="LoadBalancer"
However, I also want a second A record, that points to the same ip address (I guess?), so that I can access my ingress controller from different domains.但是,我还想要第二个 A 记录,它指向相同的 IP 地址(我猜?),这样我就可以从不同的域访问我的入口控制器。 I can't figure out how to let AKS create a second one for that purpose?我不知道如何让 AKS 为此目的创建第二个?
2 个解决方案
解决方案1
3 2020-12-04 09:24:19
Maybe this is a bit too late and not exactly what the original post was asking for.也许这有点太晚了,而且不完全是原始帖子所要求的。 Unofficially you can create multiple services for your ingress controller and thus also map multiple IPs.非正式地,您可以为入口控制器创建多个服务,从而映射多个 IP。 It is only limitation of single k8s service of type LoadBalancer that it can refer only single IP address. LoadBalancer类型的单个 k8s 服务的唯一限制是它只能引用单个 IP 地址。
In my case, I have AKS cluster with many namespaces and different applications reachable via different URLs.就我而言,我有 AKS 集群,其中包含许多命名空间和可通过不同 URL 访问的不同应用程序。 Each URL has different public IP address because of historical reasons:由于历史原因,每个 URL 都有不同的公共 IP 地址:
Example:例子:
first.example.com -> 1.2.3.4
second.example.com -> 5.6.7.8
...we could go on, IPs are just made up!
I wanted to install nginx ingress into AKS that would handle routing for all namespaces instead of handling each application with dedicated LoadBalancer and reverse proxy pair.我想将 nginx ingress 安装到 AKS 中,它将处理所有命名空间的路由,而不是使用专用的 LoadBalancer 和反向代理对处理每个应用程序。 For that I followed steps described here and provided just one of the IPs as controller.service.loadBalancerIP=”1.2.3.4” during ingress deployment process (using helm).为此,我按照 此处描述的步骤进行操作,并在入口部署过程中(使用 helm)仅提供了一个 IP 作为controller.service.loadBalancerIP=”1.2.3.4” 。
After this steps, I could see these services:完成这些步骤后,我可以看到这些服务:
PS C:\> kubectl get service -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.0.141.84 1.2.3.4 80:30065/TCP,443:31444/TCP 14h
ingress-nginx-controller-admission ClusterIP 10.0.168.127 <none> 443/TCP 14h
After that I manually created another service ingress-nginx-controller-second with exactly same selector labels and next loadBalancerIP: 5.6.7.8 .之后,我手动创建了另一个服务ingress-nginx-controller-second ,它具有完全相同的选择器标签和下一个loadBalancerIP: 5.6.7.8 。
After this steps, I could see these services:完成这些步骤后,我可以看到这些服务:
PS C:\> kubectl get service -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.0.141.84 1.2.3.4 80:30065/TCP,443:31444/TCP 14h
ingress-nginx-controller-admission ClusterIP 10.0.168.127 <none> 443/TCP 14h
ingress-nginx-controller-second LoadBalancer 10.0.204.118 5.6.7.8 80:31275/TCP,443:32751/TCP 10m
Now if I list example ingresses that I defined for two applications, you can see, that both have the same first public IP shown.现在,如果我列出我为两个应用程序定义的示例入口,您可以看到,它们都显示了相同的第一个公共 IP。 This is because that IP is used by ingress as a publish IP.这是因为该 IP 被入口用作发布 IP。 Nevertheless, routing works nicely, since second service forwards all traffic to the same ingress-nginx-controller and you are able to do routing based on different hosts/paths just like always.然而,路由工作得很好,因为第二个服务将所有流量转发到同一个 ingress-nginx-controller,你可以像往常一样基于不同的主机/路径进行路由。
PS C:\Users\sk1u04h9> kubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
first first-ingress <none> first.example.com 1.2.3.4 80, 443 14h
second second-ingress <none> second.example.com 1.2.3.4 80, 443 5m
I hope this helps to someone trying to migrate to nginx ingress without the need to have upfront all URLs pointing to single public IP.我希望这对尝试迁移到 nginx ingress 的人有所帮助,而无需预先将所有 URL 指向单个公共 IP。 You can request to have all URLs pointing to just one IP if needed after this migration step and then you can of course remove all ingress-nginx-controller-* services, that will not be needed anymore.在此迁移步骤之后,如果需要,您可以请求让所有 URL 仅指向一个 IP,然后您当然可以删除所有不再需要ingress-nginx-controller-*服务。
解决方案2
1 2018-03-07 16:07:20
Meanwhile I understand Ingress a bit better.与此同时,我对 Ingress 的理解要好一些。 Only one ip address is created for the ingress controller, which can support path and host based routing. ingress controller只创建一个ip地址,可以支持path和host based routing。 See https://learn.microsoft.com/en-us/azure/aks/ingress for an example.有关示例,请参阅https://learn.microsoft.com/en-us/azure/aks/ingress 。 I'll just need to configure my DNS with different CNAME records for the A record that is associated with the Azure public IP address.我只需要为与 Azure 公共 IP 地址关联的 A 记录配置不同的 CNAME 记录来配置我的 DNS。 If I want to use multiple *.cloudapp.azure.com fqdn's for my services, what I was trying to achieve at first, I'll have to use Azure DNS.如果我想为我的服务使用多个 *.cloudapp.azure.com fqdn,我首先要实现的目标是,我必须使用 Azure DNS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.