在kubernetes集群中使用Nginx反向代理组织.net核心应用的最佳方法是什么?
[英]What is the best way to organize a .net core app with nginx reverse proxy inside a kubernetes cluster?
问题描述
I want to deploy a .NET Core app with NGINX reverse proxy on Azure Kubernetes Service. 
我想在Azure Kubernetes服务上使用NGINX反向代理部署.NET Core应用程序。 What is the best way to organize the pods and containers? 整理豆荚和容器的最佳方法是什么?
Two single-container pods, one pod for nginx and one pod for the app (.net-core/kestrel), so each one can scale independently of the other
两个单一容器的容器,一个用于nginx的容器,一个用于应用程序(.net-core / kestrel)的容器,因此每个容器可以独立于另一个容器进行扩展 One multi-container pod, this single pod with two containers (one for nginx and one for the app)
一个多容器容器,该容器具有两个容器(一个用于nginx,一个用于应用程序) One single-container pod, a single container running both the nginx and the .net app
一个单一容器的容器,一个同时运行Nginx和.net应用程序的容器
I would choose the 1st option, but I don't know if it is the right choice, would be great to know the the pros and cons of each option. 我会选择第一个选项,但是我不知道它是否是正确的选择,知道每个选项的优缺点将非常高兴。
If I choose the 1st option, is it best to set affinity to put nginx pod in the same node that the app pod? 如果我选择第一个选项,那么最好设置亲和力以将Nginx Pod放置在与App Pod相同的节点中吗? Or anti-affinity so they deploy on different nodes? 还是反亲和力,以便它们部署在不同的节点上? Or no affinity/anti-affinity at all? 还是根本没有亲和力/反亲和力?
1 个解决方案
解决方案1
1 已采纳 2018-08-21 19:57:48
The best practice for inbound traffic in Kubernetes is to use the Ingress resource. Kubernetes中入站流量的最佳实践是使用Ingress资源。 This requires a bit of extra setup in AKS because there's no built-in ingress controller. 由于没有内置的入口控制器,因此需要在AKS中进行一些额外的设置。 You definitely don't want to do #2 because it's not flexible, and #3 is not possible to my knowledge. 您绝对不愿意做#2,因为它不灵活,而据我所知,#3是不可能的。
The Kubernetes Ingress resource is a configuration file that manages reverse proxy rules for inbound cluster traffic. Kubernetes Ingress资源是一个配置文件,用于管理入站群集流量的反向代理规则。 This allows you to surface multiple services as if they were a combined API. 这样,您就可以将多个服务看作是组合的API。
To set up ingress, start by creating a public IP address in your auto-generated MC resource group: 要设置入口,请首先在自动生成的MC资源组中创建一个公共IP地址:
az network public-ip create `
-g MC_rg-name_cluster-name_centralus `
-n cluster-name-ingress-ip `
-l centralus `
--allocation-method static `
--dns-name cluster-name-ingress
Now create an ingress controller. 现在创建一个入口控制器。 This is required to actually handle the inbound traffic from your public IP. 这实际上是处理来自公共IP的入站流量所必需的。 It sits and listens to the Kubernetes API Ingress updates, and auto-generates an nginx.conf file. 它坐着并监听Kubernetes API Ingress更新,并自动生成nginx.conf文件。
# Note: you'll have to install Helm and its service account prior to running this. See my GitHub link below for more information
helm install stable/nginx-ingress `
--name nginx-ingress `
--namespace default `
--set controller.service.loadBalancerIP=ip.from.above.result `
--set controller.scope.enabled=true `
--set controller.scope.namespace="default" `
--set controller.replicaCount=3
kubectl get service nginx-ingress-controller -n default -w
Once that's provisioned, make sure to use this annotation on your Ingress resource: kubernetes.io/ingress.class: nginx 设置好之后,请确保在您的Ingress资源上使用此注释: kubernetes.io/ingress.class: nginx
If you'd like more information on how to set this up, please see this GitHub readme I put together this week. 如果您想了解有关如何进行设置的更多信息,请参阅我本周整理的GitHub自述文件 。 I've also included TLS termination with cert-manager , also installed with Helm. 我还在cert-manager包括了TLS终止,并且也随Helm一起安装了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.