[英]Ingress resource vs NGINX ingress controller on Kubernetes
I am setting up NGINX ingress controller on AWS EKS. 我正在AWS EKS上设置NGINX入口控制器。
I went through k8s Ingress resource and it is very helpful to understand we map LB ports to k8s service ports with eg file def. 我浏览了k8s Ingress资源,了解我们将LB端口映射到k8s服务端口非常有用,例如文件def。 I installed nginx controller till pre-requisite step . 我安装了nginx控制器直到先决条件步骤 。 Then the tutorial directs me to create an ingress resource. 然后教程指导我创建入口资源。
https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/#create-an-ingress-resource https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/#create-an-ingress-resource
But below it is telling me to apply a service config. 但它下面告诉我应用服务配置。 I am confused with this provider-specific step. 我对这个特定于提供者的步骤感到困惑。 Which is different in terms of kind, version, spec
definition (Service vs Ingress). 在kind, version, spec
定义(Service vs Ingress)方面有所不同。
https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l7.yaml https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l7.yaml
I am missing something here? 我在这里遗失了什么?
This is a concept that is at first a little tricky to wrap your head around. 这个概念起初有点棘手。 The Nginx ingress controller is nothing but a service of type LoadBalancer
. Nginx入口控制器只是LoadBalancer
类型的服务。 What is does is be the public-facing endpoint for your services. 面向公众的服务端点是什么? The IP address assigned to this service can route traffic to multiple services. 分配给此服务的IP地址可以将流量路由到多个服务。 So you can go ahead and define your services as ClusterIP
and have them exposed through the Nginx ingress controller. 因此,您可以继续将服务定义为ClusterIP
并通过Nginx入口控制器公开它们。
Here's a diagram to portray the concept a little better: 这是一个更好地描绘概念的图表: image source 图像源
On that note, if you have acquired a static IP for your service, you need to assign it to your Nginx ingress-controller. 在这方面,如果您已获得服务的静态IP,则需要将其分配给Nginx入口控制器。 So what is an ingress? 那么什么是入口? Ingress is basically a way for you to communicate to your Nginx ingress-controller how to direct traffic incoming to your LB public IP. Ingress基本上是一种与您的Nginx入口控制器进行通信的方式,如何将流量传入您的LB公共IP。 So as it is clear now, you have one loadbalancer service, and multiple ingress resources. 因此,现在很清楚,您有一个负载均衡器服务和多个入口资源。 Each ingress corresponds to a single service that can change based on how you define your services, but you get the idea. 每个入口对应一个服务,可以根据您定义服务的方式进行更改,但您会明白这一点。
Let's get into some yaml code. 让我们进入一些yaml代码。 As mentioned, you will need the ingress controller service regardless of how many ingress resources you have. 如上所述,无论您拥有多少入口资源,都需要入口控制器服务。 So go ahead and apply this code on your EKS cluster. 因此,请继续在EKS群集上应用此代码 。
Now let's see how you would expose your pod to the world through Nginx-ingress. 现在让我们看看如何通过Nginx-ingress将你的pod暴露给世界。 Say you have a wordpress
deployment. 假设您有wordpress
部署。 You can define a simple ClusterIP
service for this app: 您可以为此应用定义简单的ClusterIP
服务:
apiVersion: v1
kind: Service
metadata:
labels:
app: ${WORDPRESS_APP}
namespace: ${NAMESPACE}
name: ${WORDPRESS_APP}
spec:
type: ClusterIP
ports:
- port: 9000
targetPort: 9000
name: ${WORDPRESS_APP}
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
targetPort: 443
protocol: TCP
name: https
selector:
app: ${WORDPRESS_APP}
This creates a service for your wordpress
app which is not accessible outside of the cluster. 这将为您的wordpress
应用程序创建一个服务,该服务无法在群集外部访问。 Now you can create an ingress resource to expose this service: 现在,您可以创建一个入口资源来公开此服务:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: ${NAMESPACE}
name: ${INGRESS_NAME}
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- ${URL}
secretName: ${TLS_SECRET}
rules:
- host: ${URL}
http:
paths:
- path: /
backend:
serviceName: ${WORDPRESS_APP}
servicePort: 80
Now if you run kubectl get svc
you can see the following: 现在,如果您运行kubectl get svc
您可以看到以下内容:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wordpress ClusterIP 10.23.XXX.XX <none> 9000/TCP,80/TCP,443/TCP 1m
nginx-ingress-controller LoadBalancer 10.23.XXX.XX XX.XX.XXX.XXX 80:X/TCP,443:X/TCP 1m
Now you can access your wordpress
service through the URL defined, which maps to the public IP of your ingress controller LB service. 现在,您可以通过定义的URL访问您的wordpress
服务,该URL映射到入口控制器LB服务的公共IP。
the NGINX ingress controller is the actual process that shapes your traffic to your services. NGINX入口控制器是实际处理您的服务流量的过程。 basically like the nginx or loadbalancer installation on a traditional vm. 基本上像传统的vm上的nginx或loadbalancer安装。 the ingress resource (kind: Ingress) is more like the nginx-config on your old VM, where you would define host mappings, paths and proxies. 入口资源(种类:Ingress)更像是旧VM上的nginx-config,您可以在其中定义主机映射,路径和代理。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.