2017-08-21 17:44:43 +08:00
<!DOCTYPE HTML>
< html lang = "zh-cn" >
< head >
< meta charset = "UTF-8" >
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< title > 2.2.14 Ingress · Kubernetes Handbook< / title >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" / >
< meta name = "description" content = "" >
< meta name = "generator" content = "GitBook 3.2.2" >
< meta name = "author" content = "Jimmy Song" >
< link rel = "stylesheet" href = "../gitbook/style.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-splitter/splitter.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-page-toc-button/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-image-captions/image-captions.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-page-footer-ex/style/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-search-plus/search.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-highlight/website.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-fontsettings/website.css" >
< meta name = "HandheldFriendly" content = "true" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" >
< meta name = "apple-mobile-web-app-capable" content = "yes" >
< meta name = "apple-mobile-web-app-status-bar-style" content = "black" >
< link rel = "apple-touch-icon-precomposed" sizes = "152x152" href = "../gitbook/images/apple-touch-icon-precomposed-152.png" >
< link rel = "shortcut icon" href = "../gitbook/images/favicon.ico" type = "image/x-icon" >
< link rel = "next" href = "configmap.html" / >
< link rel = "prev" href = "cronjob.html" / >
< / head >
< body >
< div class = "book" >
< div class = "book-summary" >
< div id = "book-search-input" role = "search" >
< input type = "text" placeholder = "輸入並搜尋" / >
< / div >
< nav role = "navigation" >
< ul class = "summary" >
< li class = "chapter " data-level = "1.1" data-path = "../" >
< a href = "../" >
1. 前言
< / a >
< / li >
< li class = "chapter " data-level = "1.2" data-path = "./" >
< a href = "./" >
2. 概念原理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.1" data-path = "concepts.html" >
< a href = "concepts.html" >
2.1 设计理念
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2" data-path = "objects.html" >
< a href = "objects.html" >
2017-09-03 13:29:38 +08:00
2.2 Objects
2017-08-21 17:44:43 +08:00
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.2.1" data-path = "pod-overview.html" >
< a href = "pod-overview.html" >
2.2.1 Pod
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.2.2.1.1" data-path = "pod.html" >
< a href = "pod.html" >
2.2.1.1 Pod解析
< / a >
2017-08-31 23:28:33 +08:00
< / li >
< li class = "chapter " data-level = "1.2.2.1.2" data-path = "init-containers.html" >
< a href = "init-containers.html" >
2.2.1.2 Init容器
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< li class = "chapter " data-level = "1.2.2.1.3" data-path = "pod-security-policy.html" >
< a href = "pod-security-policy.html" >
2.2.1.3 Pod安全策略
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.2.2.2" data-path = "node.html" >
< a href = "node.html" >
2.2.2 Node
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.3" data-path = "namespace.html" >
< a href = "namespace.html" >
2.2.3 Namespace
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.4" data-path = "service.html" >
< a href = "service.html" >
2.2.4 Service
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.5" data-path = "volume.html" >
< a href = "volume.html" >
2.2.5 Volume和Persistent Volume
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.6" data-path = "deployment.html" >
< a href = "deployment.html" >
2.2.6 Deployment
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.7" data-path = "secret.html" >
< a href = "secret.html" >
2.2.7 Secret
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.8" data-path = "statefulset.html" >
< a href = "statefulset.html" >
2.2.8 StatefulSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.9" data-path = "daemonset.html" >
< a href = "daemonset.html" >
2.2.9 DaemonSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.10" data-path = "serviceaccount.html" >
< a href = "serviceaccount.html" >
2.2.10 ServiceAccount
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.11" data-path = "replicaset.html" >
< a href = "replicaset.html" >
2.2.11 ReplicationController和ReplicaSet
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.12" data-path = "job.html" >
< a href = "job.html" >
2.2.12 Job
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.13" data-path = "cronjob.html" >
< a href = "cronjob.html" >
2.2.13 CronJob
< / a >
< / li >
< li class = "chapter active" data-level = "1.2.2.14" data-path = "ingress.html" >
< a href = "ingress.html" >
2.2.14 Ingress
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.15" data-path = "configmap.html" >
< a href = "configmap.html" >
2.2.15 ConfigMap
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.16" data-path = "horizontal-pod-autoscaling.html" >
< a href = "horizontal-pod-autoscaling.html" >
2.2.16 Horizontal Pod Autoscaling
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.17" data-path = "label.html" >
< a href = "label.html" >
2.2.17 Label
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< li class = "chapter " data-level = "1.2.2.18" data-path = "garbage-collection.html" >
< a href = "garbage-collection.html" >
2.2.18 垃圾收集
< / a >
< / li >
< li class = "chapter " data-level = "1.2.2.19" data-path = "network-policy.html" >
< a href = "network-policy.html" >
2.2.19 NetworkPolicy
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3" data-path = "../guide/" >
< a href = "../guide/" >
3. 用户指南
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.1" data-path = "../guide/resource-configuration.html" >
< a href = "../guide/resource-configuration.html" >
3.1 资源配置
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.1.1" data-path = "../guide/configure-liveness-readiness-probes.html" >
< a href = "../guide/configure-liveness-readiness-probes.html" >
3.1.1 配置Pod的liveness和readiness探针
< / a >
< / li >
< li class = "chapter " data-level = "1.3.1.2" data-path = "../guide/configure-pod-service-account.html" >
< a href = "../guide/configure-pod-service-account.html" >
3.1.2 配置Pod的Service Account
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.2" data-path = "../guide/command-usage.html" >
< a href = "../guide/command-usage.html" >
3.2 命令使用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.2.1" data-path = "../guide/using-kubectl.html" >
< a href = "../guide/using-kubectl.html" >
3.2.1 使用kubectl
< / a >
2017-09-16 20:56:43 +08:00
< / li >
< li class = "chapter " data-level = "1.3.2.2" data-path = "../guide/docker-cli-to-kubectl.html" >
< a href = "../guide/docker-cli-to-kubectl.html" >
3.2.2 docker用户过度到kubectl命令行指南
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-09-07 12:29:13 +08:00
< li class = "chapter " data-level = "1.3.3" data-path = "../guide/cluster-security-management.html" >
2017-08-21 17:44:43 +08:00
2017-09-07 12:29:13 +08:00
< a href = "../guide/cluster-security-management.html" >
2017-08-21 17:44:43 +08:00
2017-09-07 12:29:13 +08:00
3.3 集群安全性管理
2017-08-21 17:44:43 +08:00
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.3.1" data-path = "../guide/managing-tls-in-a-cluster.html" >
< a href = "../guide/managing-tls-in-a-cluster.html" >
3.3.1 管理集群中的TLS
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< li class = "chapter " data-level = "1.3.3.2" data-path = "../guide/kubelet-authentication-authorization.html" >
< a href = "../guide/kubelet-authentication-authorization.html" >
3.3.2 kubelet的认证授权
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.3" data-path = "../guide/tls-bootstrapping.html" >
< a href = "../guide/tls-bootstrapping.html" >
3.3.3 TLS bootstrap
< / a >
2017-08-31 14:23:44 +08:00
< / li >
< li class = "chapter " data-level = "1.3.3.4" data-path = "../guide/kubectl-user-authentication-authorization.html" >
< a href = "../guide/kubectl-user-authentication-authorization.html" >
3.3.4 kubectl的用户认证授权
< / a >
< / li >
< li class = "chapter " data-level = "1.3.3.5" data-path = "../guide/rbac.html" >
< a href = "../guide/rbac.html" >
3.3.5 RBAC——基于角色的访问控制
< / a >
2017-09-07 14:13:59 +08:00
< / li >
< li class = "chapter " data-level = "1.3.3.6" data-path = "../guide/ip-masq-agent.html" >
< a href = "../guide/ip-masq-agent.html" >
3.3.6 IP伪装代理
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.4" data-path = "../guide/access-kubernetes-cluster.html" >
< a href = "../guide/access-kubernetes-cluster.html" >
3.4 访问 Kubernetes 集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.4.1" data-path = "../guide/access-cluster.html" >
< a href = "../guide/access-cluster.html" >
3.4.1 访问集群
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.2" data-path = "../guide/authenticate-across-clusters-kubeconfig.html" >
< a href = "../guide/authenticate-across-clusters-kubeconfig.html" >
3.4.2 使用 kubeconfig 文件配置跨集群认证
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.3" data-path = "../guide/connecting-to-applications-port-forward.html" >
< a href = "../guide/connecting-to-applications-port-forward.html" >
3.4.3 通过端口转发访问集群中的应用程序
< / a >
< / li >
< li class = "chapter " data-level = "1.3.4.4" data-path = "../guide/service-access-application-cluster.html" >
< a href = "../guide/service-access-application-cluster.html" >
3.4.4 使用 service 访问群集中的应用程序
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.3.5" data-path = "../guide/application-development-deployment-flow.html" >
< a href = "../guide/application-development-deployment-flow.html" >
3.5 在kubernetes中开发部署应用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.3.5.1" data-path = "../guide/deploy-applications-in-kubernetes.html" >
< a href = "../guide/deploy-applications-in-kubernetes.html" >
3.5.1 适用于kubernetes的应用开发部署流程
< / a >
2017-08-21 18:44:34 +08:00
< / li >
< li class = "chapter " data-level = "1.3.5.2" data-path = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
< a href = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4" data-path = "../practice/" >
< a href = "../practice/" >
4. 最佳实践
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.1" data-path = "../practice/install-kbernetes1.6-on-centos.html" >
< a href = "../practice/install-kbernetes1.6-on-centos.html" >
4.1 在CentOS上部署kubernetes1.6集群
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.1.1" data-path = "../practice/create-tls-and-secret-key.html" >
< a href = "../practice/create-tls-and-secret-key.html" >
4.1.1 创建TLS证书和秘钥
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.2" data-path = "../practice/create-kubeconfig.html" >
< a href = "../practice/create-kubeconfig.html" >
4.1.2 创建kubeconfig文件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.3" data-path = "../practice/etcd-cluster-installation.html" >
< a href = "../practice/etcd-cluster-installation.html" >
4.1.3 创建高可用etcd集群
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.4" data-path = "../practice/kubectl-installation.html" >
< a href = "../practice/kubectl-installation.html" >
4.1.4 安装kubectl命令行工具
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.5" data-path = "../practice/master-installation.html" >
< a href = "../practice/master-installation.html" >
4.1.5 部署master节点
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.6" data-path = "../practice/node-installation.html" >
< a href = "../practice/node-installation.html" >
4.1.6 部署node节点
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.7" data-path = "../practice/kubedns-addon-installation.html" >
< a href = "../practice/kubedns-addon-installation.html" >
4.1.7 安装kubedns插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.8" data-path = "../practice/dashboard-addon-installation.html" >
< a href = "../practice/dashboard-addon-installation.html" >
4.1.8 安装dashboard插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.9" data-path = "../practice/heapster-addon-installation.html" >
< a href = "../practice/heapster-addon-installation.html" >
4.1.9 安装heapster插件
< / a >
< / li >
< li class = "chapter " data-level = "1.4.1.10" data-path = "../practice/efk-addon-installation.html" >
< a href = "../practice/efk-addon-installation.html" >
4.1.10 安装EFK插件
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.2" data-path = "../practice/service-discovery-and-loadbalancing.html" >
< a href = "../practice/service-discovery-and-loadbalancing.html" >
4.2 服务发现与负载均衡
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.2.1" data-path = "../practice/traefik-ingress-installation.html" >
< a href = "../practice/traefik-ingress-installation.html" >
4.2.1 安装Traefik ingress
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.2" data-path = "../practice/distributed-load-test.html" >
< a href = "../practice/distributed-load-test.html" >
4.2.2 分布式负载测试
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.3" data-path = "../practice/network-and-cluster-perfermance-test.html" >
< a href = "../practice/network-and-cluster-perfermance-test.html" >
4.2.3 网络和集群性能测试
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.4" data-path = "../practice/edge-node-configuration.html" >
< a href = "../practice/edge-node-configuration.html" >
4.2.4 边缘节点配置
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.3" data-path = "../practice/operation.html" >
< a href = "../practice/operation.html" >
4.3 运维管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.3.1" data-path = "../practice/service-rolling-update.html" >
< a href = "../practice/service-rolling-update.html" >
4.3.1 服务滚动升级
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.2" data-path = "../practice/app-log-collection.html" >
< a href = "../practice/app-log-collection.html" >
4.3.2 应用日志收集
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.3" data-path = "../practice/configuration-best-practice.html" >
< a href = "../practice/configuration-best-practice.html" >
4.3.3 配置最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.4" data-path = "../practice/monitor.html" >
< a href = "../practice/monitor.html" >
4.3.4 集群及应用监控
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.5" data-path = "../practice/jenkins-ci-cd.html" >
< a href = "../practice/jenkins-ci-cd.html" >
4.3.5 使用Jenkins进行持续构建与发布
< / a >
< / li >
< li class = "chapter " data-level = "1.4.3.6" data-path = "../practice/data-persistence-problem.html" >
< a href = "../practice/data-persistence-problem.html" >
4.3.6 数据持久化问题
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< li class = "chapter " data-level = "1.4.3.7" data-path = "../practice/manage-compute-resources-container.html" >
< a href = "../practice/manage-compute-resources-container.html" >
4.3.7 管理容器的计算资源
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.4" data-path = "../practice/storage.html" >
< a href = "../practice/storage.html" >
4.4 存储管理
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.1" data-path = "../practice/glusterfs.html" >
< a href = "../practice/glusterfs.html" >
4.4.1 GlusterFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.1.1" data-path = "../practice/using-glusterfs-for-persistent-storage.html" >
< a href = "../practice/using-glusterfs-for-persistent-storage.html" >
4.4.1.1 使用GlusterFS做持久化存储
< / a >
< / li >
< li class = "chapter " data-level = "1.4.4.1.2" data-path = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
< a href = "../practice/storage-for-containers-using-glusterfs-with-openshift.html" >
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
< / a >
2017-09-01 21:04:51 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.4.4.2" data-path = "../practice/cephfs.html" >
< a href = "../practice/cephfs.html" >
4.4.2 CephFS
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.4.4.2.1" data-path = "../practice/using-ceph-for-persistent-storage.html" >
< a href = "../practice/using-ceph-for-persistent-storage.html" >
4.4.2.1 使用Ceph做持久化存储
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< / ul >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5" data-path = "../usecases/" >
< a href = "../usecases/" >
5. 领域应用
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.1" data-path = "../usecases/microservices.html" >
< a href = "../usecases/microservices.html" >
5.1 微服务架构
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.1.1" data-path = "../usecases/istio.html" >
< a href = "../usecases/istio.html" >
5.1.1 Istio
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.1.1.1" data-path = "../usecases/istio-installation.html" >
< a href = "../usecases/istio-installation.html" >
5.1.1.1 安装istio
< / a >
< / li >
< li class = "chapter " data-level = "1.5.1.1.2" data-path = "../usecases/configuring-request-routing.html" >
< a href = "../usecases/configuring-request-routing.html" >
5.1.1.2 配置请求的路由规则
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.1.2" data-path = "../usecases/linkerd.html" >
< a href = "../usecases/linkerd.html" >
5.1.2 Linkerd
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.1.2.1" data-path = "../usecases/linkerd-user-guide.html" >
< a href = "../usecases/linkerd-user-guide.html" >
5.1.2.1 Linkerd 使用指南
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.1.3" data-path = "../usecases/service-discovery-in-microservices.html" >
< a href = "../usecases/service-discovery-in-microservices.html" >
5.1.3 微服务中的服务发现
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.2" data-path = "../usecases/big-data.html" >
< a href = "../usecases/big-data.html" >
5.2 大数据
< / a >
< ul class = "articles" >
2017-08-30 14:20:52 +08:00
< li class = "chapter " data-level = "1.5.2.1" data-path = "../usecases/spark-standalone-on-kubernetes.html" >
2017-08-21 17:44:43 +08:00
2017-08-30 14:20:52 +08:00
< a href = "../usecases/spark-standalone-on-kubernetes.html" >
2017-08-21 17:44:43 +08:00
2017-08-30 14:20:52 +08:00
5.2.1 Spark standalone on Kubernetes
2017-08-21 17:44:43 +08:00
< / a >
2017-08-31 14:23:44 +08:00
< / li >
2017-09-14 15:57:50 +08:00
< li class = "chapter " data-level = "1.5.2.2" data-path = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
2017-08-31 14:23:44 +08:00
2017-09-14 15:57:50 +08:00
< a href = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
2017-08-31 14:23:44 +08:00
5.2.2 运行支持kubernetes原生调度的Spark程序
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
2017-08-30 16:52:33 +08:00
< / li >
< li class = "chapter " data-level = "1.5.3" data-path = "../usecases/serverless.html" >
< a href = "../usecases/serverless.html" >
5.3 Serverless架构
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.6" data-path = "../develop/" >
< a href = "../develop/" >
6. 开发指南
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.6.1" data-path = "../develop/developing-environment.html" >
< a href = "../develop/developing-environment.html" >
6.1 开发环境搭建
< / a >
< / li >
< li class = "chapter " data-level = "1.6.2" data-path = "../develop/testing.html" >
< a href = "../develop/testing.html" >
6.2 单元测试和集成测试
< / a >
< / li >
< li class = "chapter " data-level = "1.6.3" data-path = "../develop/client-go-sample.html" >
< a href = "../develop/client-go-sample.html" >
6.3 client-go示例
< / a >
< / li >
< li class = "chapter " data-level = "1.6.4" data-path = "../develop/contribute.html" >
< a href = "../develop/contribute.html" >
6.4 社区贡献
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.7" data-path = "../appendix/" >
< a href = "../appendix/" >
7. 附录
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.7.1" data-path = "../appendix/docker-best-practice.html" >
< a href = "../appendix/docker-best-practice.html" >
7.1 Docker最佳实践
< / a >
< / li >
< li class = "chapter " data-level = "1.7.2" data-path = "../appendix/issues.html" >
< a href = "../appendix/issues.html" >
7.2 问题记录
< / a >
< / li >
< li class = "chapter " data-level = "1.7.3" data-path = "../appendix/tricks.html" >
< a href = "../appendix/tricks.html" >
7.3 使用技巧
< / a >
< / li >
< / ul >
< / li >
< li class = "divider" > < / li >
< li >
< a href = "https://www.gitbook.com" target = "blank" class = "gitbook-link" >
本書使用 GitBook 釋出
< / a >
< / li >
< / ul >
< / nav >
< / div >
< div class = "book-body" >
< div class = "body-inner" >
< div class = "book-header" role = "navigation" >
<!-- Title -->
< h1 >
< i class = "fa fa-circle-o-notch fa-spin" > < / i >
< a href = ".." > 2.2.14 Ingress< / a >
< / h1 >
< / div >
< div class = "page-wrapper" tabindex = "-1" role = "main" >
< div class = "page-inner" >
< div class = "search-plus" id = "book-search-results" >
< div class = "search-noresults" >
< section class = "normal markdown-section" >
< h1 id = "ingress解析" > Ingress解 析 < / h1 >
< h2 id = "前言" > 前 言 < / h2 >
< p > 这 是 kubernete官 方 文 档 中 < a href = "https://kubernetes.io/docs/concepts/services-networking/ingress/" target = "_blank" > Ingress Resource< / a > 的 翻 译 , 后 面 的 章 节 会 讲 到 使 用 < a href = "https://github.com/containous/traefik" target = "_blank" > Traefik< / a > 来 做 Ingress controller, 文 章 末 尾 给 出 了 几 个 相 关 链 接 。 < / p >
< p > < strong > 术 语 < / strong > < / p >
< p > 在 本 篇 文 章 中 你 将 会 看 到 一 些 在 其 他 地 方 被 交 叉 使 用 的 术 语 , 为 了 防 止 产 生 歧 义 , 我 们 首 先 来 澄 清 下 。 < / p >
< ul >
< li > 节 点 : Kubernetes集 群 中 的 一 台 物 理 机 或 者 虚 拟 机 。 < / li >
< li > 集 群 : 位 于 Internet防 火 墙 后 的 节 点 , 这 是 kubernetes管 理 的 主 要 计 算 资 源 。 < / li >
< li > 边 界 路 由 器 : 为 集 群 强 制 执 行 防 火 墙 策 略 的 路 由 器 。 这 可 能 是 由 云 提 供 商 或 物 理 硬 件 管 理 的 网 关 。 < / li >
< li > 集 群 网 络 : 一 组 逻 辑 或 物 理 链 接 , 可 根 据 Kubernetes< a href = "https://kubernetes.io/docs/admin/networking/" target = "_blank" > 网 络 模 型 < / a > 实 现 群 集 内 的 通 信 。 集 群 网 络 的 实 现 包 括 Overlay模 型 的 < a href = "https://github.com/coreos/flannel#flannel" target = "_blank" > flannel< / a > 和 基 于 SDN的 < a href = "https://kubernetes.io/docs/admin/ovs-networking/" target = "_blank" > OVS< / a > 。 < / li >
< li > 服 务 : 使 用 标 签 选 择 器 标 识 一 组 pod成 为 的 Kubernetes< a href = "https://kubernetes.io/docs/user-guide/services/" target = "_blank" > 服 务 < / a > 。 除 非 另 有 说 明 , 否 则 服 务 假 定 在 集 群 网 络 内 仅 可 通 过 虚 拟 IP访 问 。 < / li >
< / ul >
< h2 id = "什么是ingress?" > 什 么 是 Ingress? < / h2 >
< p > 通 常 情 况 下 , service和 pod仅 可 在 集 群 内 部 网 络 中 通 过 IP地 址 访 问 。 所 有 到 达 边 界 路 由 器 的 流 量 或 被 丢 弃 或 被 转 发 到 其 他 地 方 。 从 概 念 上 讲 , 可 能 像 下 面 这 样 : < / p >
< pre > < code > internet
|
------------
[ Services ]
< / code > < / pre > < p > Ingress是 授 权 入 站 连 接 到 达 集 群 服 务 的 规 则 集 合 。 < / p >
< pre > < code > internet
|
[ Ingress ]
--|-----|--
[ Services ]
< / code > < / pre > < p > 你 可 以 给 Ingress配 置 提 供 外 部 可 访 问 的 URL、 负 载 均 衡 、 SSL、 基 于 名 称 的 虚 拟 主 机 等 。 用 户 通 过 POST Ingress资 源 到 API server的 方 式 来 请 求 ingress。 < a href = "https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-controllers" target = "_blank" > Ingress controller< / a > 负 责 实 现 Ingress, 通 常 使 用 负 载 平 衡 器 , 它 还 可 以 配 置 边 界 路 由 和 其 他 前 端 , 这 有 助 于 以 HA方 式 处 理 流 量 。 < / p >
< h2 id = "先决条件" > 先 决 条 件 < / h2 >
< p > 在 使 用 Ingress resource之 前 , 有 必 要 先 了 解 下 面 几 件 事 情 。 Ingress是 beta版 本 的 resource, 在 kubernetes1.1之 前 还 没 有 。 你 需 要 一 个 < code > Ingress Controller< / code > 来 实 现 < code > Ingress< / code > , 单 纯 的 创 建 一 个 < code > Ingress< / code > 没 有 任 何 意 义 。 < / p >
< p > GCE/GKE会 在 master节 点 上 部 署 一 个 ingress controller。 你 可 以 在 一 个 pod中 部 署 任 意 个 自 定 义 的 ingress controller。 你 必 须 正 确 地 annotate每 个 ingress, 比 如 < a href = "https://github.com/kubernetes/ingress/tree/master/controllers/nginx#running-multiple-ingress-controllers" target = "_blank" > 运 行 多 个 ingress controller< / a > 和 < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/gce/BETA_LIMITATIONS.md#disabling-glbc" target = "_blank" > 关 闭 glbc< / a > .< / p >
< p > 确 定 你 已 经 阅 读 了 Ingress controller的 < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/gce/BETA_LIMITATIONS.md" target = "_blank" > beta版 本 限 制 < / a > 。 在 非 GCE/GKE的 环 境 中 , 你 需 要 在 pod中 < a href = "https://github.com/kubernetes/ingress/tree/master/controllers" target = "_blank" > 部 署 一 个 controller< / a > 。 < / p >
< h2 id = "ingress-resource" > Ingress Resource< / h2 >
< p > 最 简 化 的 Ingress配 置 : < / p >
< pre > < code class = "lang-yaml" > < span class = "hljs-number" > 1< / span > : apiVersion: extensions/v1beta1
< span class = "hljs-number" > 2< / span > : kind: Ingress
< span class = "hljs-number" > 3< / span > : metadata:
< span class = "hljs-number" > 4< / span > : name: test-ingress
< span class = "hljs-number" > 5< / span > : spec:
< span class = "hljs-number" > 6< / span > : rules:
< span class = "hljs-number" > 7< / span > : - http:
< span class = "hljs-number" > 8< / span > : paths:
< span class = "hljs-number" > 9< / span > : - path: /testpath
< span class = "hljs-number" > 10< / span > : backend:
< span class = "hljs-number" > 11< / span > : serviceName: test
< span class = "hljs-number" > 12< / span > : servicePort: < span class = "hljs-number" > 80< / span >
< / code > < / pre >
< p > < em > 如 果 你 没 有 配 置 Ingress controller就 将 其 POST到 API server不 会 有 任 何 用 处 < / em > < / p >
< p > < strong > 配 置 说 明 < / strong > < / p >
< p > < strong > 1-4行 < / strong > : 跟 Kubernetes的 其 他 配 置 一 样 , ingress的 配 置 也 需 要 < code > apiVersion< / code > , < code > kind< / code > 和 < code > metadata< / code > 字 段 。 配 置 文 件 的 详 细 说 明 请 查 看 < a href = "https://kubernetes.io/docs/user-guide/deploying-applications" target = "_blank" > 部 署 应 用 < / a > , < a href = "https://kubernetes.io/docs/user-guide/configuring-containers" target = "_blank" > 配 置 容 器 < / a > 和 < a href = "https://kubernetes.io/docs/user-guide/working-with-resources" target = "_blank" > 使 用 resources< / a > .< / p >
< p > < strong > 5-7行 < / strong > : Ingress < a href = "https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status" target = "_blank" > spec< / a > 中 包 含 配 置 一 个 loadbalancer或 proxy server的 所 有 信 息 。 最 重 要 的 是 , 它 包 含 了 一 个 匹 配 所 有 入 站 请 求 的 规 则 列 表 。 目 前 ingress只 支 持 http规 则 。 < / p >
< p > < strong > 8-9行 < / strong > : 每 条 http规 则 包 含 以 下 信 息 : 一 个 < code > host< / code > 配 置 项 ( 比 如 for.bar.com, 在 这 个 例 子 中 默 认 是 *) , < code > path< / code > 列 表 ( 比 如 : /testpath) , 每 个 path都 关 联 一 个 < code > backend< / code > (比 如 test:80)。 在 loadbalancer将 流 量 转 发 到 backend之 前 , 所 有 的 入 站 请 求 都 要 先 匹 配 host和 path。 < / p >
< p > < strong > 10-12行 < / strong > : 正 如 < a href = "https://kubernetes.io/docs/user-guide/services" target = "_blank" > services doc< / a > 中 描 述 的 那 样 , backend是 一 个 < code > service:port< / code > 的 组 合 。 Ingress的 流 量 被 转 发 到 它 所 匹 配 的 backend。 < / p >
< p > < strong > 全 局 参 数 < / strong > : 为 了 简 单 起 见 , Ingress示 例 中 没 有 全 局 参 数 , 请 参 阅 资 源 完 整 定 义 的 < a href = "https://releases.k8s.io/master/pkg/apis/extensions/v1beta1/types.go" target = "_blank" > api参 考 < / a > 。 在 所 有 请 求 都 不 能 跟 spec中 的 path匹 配 的 情 况 下 , 请 求 被 发 送 到 Ingress controller的 默 认 后 端 , 可 以 指 定 全 局 缺 省 backend。 < / p >
< h2 id = "ingress-controllers" > Ingress controllers< / h2 >
< p > 为 了 使 Ingress正 常 工 作 , 集 群 中 必 须 运 行 Ingress controller。 这 与 其 他 类 型 的 控 制 器 不 同 , 其 他 类 型 的 控 制 器 通 常 作 为 < code > kube-controller-manager< / code > 二 进 制 文 件 的 一 部 分 运 行 , 在 集 群 启 动 时 自 动 启 动 。 你 需 要 选 择 最 适 合 自 己 集 群 的 Ingress controller或 者 自 己 实 现 一 个 。 示 例 和 说 明 可 以 在 < a href = "https://github.com/kubernetes/ingress/tree/master/controllers" target = "_blank" > 这 里 < / a > 找 到 。 < / p >
< h2 id = "在你开始前" > 在 你 开 始 前 < / h2 >
< p > 以 下 文 档 描 述 了 Ingress资 源 中 公 开 的 一 组 跨 平 台 功 能 。 理 想 情 况 下 , 所 有 的 Ingress controller都 应 该 符 合 这 个 规 范 , 但 是 我 们 还 没 有 实 现 。 GCE和 nginx控 制 器 的 文 档 分 别 在 < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/gce/README.md" target = "_blank" > 这 里 < / a > 和 < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/nginx/README.md" target = "_blank" > 这 里 < / a > 。 < strong > 确 保 您 查 看 控 制 器 特 定 的 文 档 , 以 便 您 了 解 每 个 文 档 的 注 意 事 项 。 < / strong > < / p >
< h2 id = "ingress类型" > Ingress类 型 < / h2 >
< h3 id = "单service-ingress" > 单 Service Ingress< / h3 >
< p > Kubernetes中 已 经 存 在 一 些 概 念 可 以 暴 露 单 个 service( 查 看 < a href = "https://kubernetes.io/docs/concepts/services-networking/ingress/#alternatives" target = "_blank" > 替 代 方 案 < / a > ) , 但 是 你 仍 然 可 以 通 过 Ingress来 实 现 , 通 过 指 定 一 个 没 有 rule的 默 认 backend的 方 式 。 < / p >
< p > ingress.yaml定 义 文 件 : < / p >
< pre > < code class = "lang-Yaml" > < span class = "hljs-attr" > apiVersion:< / span > extensions/v1beta1
< span class = "hljs-attr" > kind:< / span > Ingress
< span class = "hljs-attr" > metadata:< / span >
< span class = "hljs-attr" > name:< / span > test-ingress
< span class = "hljs-attr" > spec:< / span >
< span class = "hljs-attr" > backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > testsvc
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< / code > < / pre >
< p > 使 用 < code > kubectl create -f< / code > 命 令 创 建 , 然 后 查 看 ingress: < / p >
< pre > < code class = "lang-bash" > $ kubectl get ing
NAME RULE BACKEND ADDRESS
< span class = "hljs-built_in" > test< / span > -ingress - testsvc:80 107.178.254.228
< / code > < / pre >
< p > < code > 107.178.254.228< / code > 就 是 Ingress controller为 了 实 现 Ingress而 分 配 的 IP地 址 。 < code > RULE< / code > 列 表 示 所 有 发 送 给 该 IP的 流 量 都 被 转 发 到 了 < code > BACKEND< / code > 所 列 的 Kubernetes service上 。 < / p >
< h3 id = "简单展开" > 简 单 展 开 < / h3 >
< p > 如 前 面 描 述 的 那 样 , kubernete pod中 的 IP只 在 集 群 网 络 内 部 可 见 , 我 们 需 要 在 边 界 设 置 一 个 东 西 , 让 它 能 够 接 收 ingress的 流 量 并 将 它 们 转 发 到 正 确 的 端 点 上 。 这 个 东 西 一 般 是 高 可 用 的 loadbalancer。 使 用 Ingress能 够 允 许 你 将 loadbalancer的 个 数 降 低 到 最 少 , 例 如 , 假 如 你 想 要 创 建 这 样 的 一 个 设 置 : < / p >
< pre > < code > foo.bar.com -> 178.91.123.132 -> / foo s1:80
/ bar s2:80
< / code > < / pre > < p > 你 需 要 一 个 这 样 的 ingress: < / p >
< pre > < code class = "lang-yaml" > < span class = "hljs-attr" > apiVersion:< / span > extensions/v1beta1
< span class = "hljs-attr" > kind:< / span > Ingress
< span class = "hljs-attr" > metadata:< / span >
< span class = "hljs-attr" > name:< / span > test
< span class = "hljs-attr" > spec:< / span >
< span class = "hljs-attr" > rules:< / span >
< span class = "hljs-attr" > - host:< / span > foo.bar.com
< span class = "hljs-attr" > http:< / span >
< span class = "hljs-attr" > paths:< / span >
< span class = "hljs-attr" > - path:< / span > /foo
< span class = "hljs-attr" > backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > s1
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< span class = "hljs-attr" > - path:< / span > /bar
< span class = "hljs-attr" > backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > s2
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< / code > < / pre >
< p > 使 用 < code > kubectl create -f< / code > 创 建 完 ingress后 : < / p >
< pre > < code class = "lang-bash" > $ kubectl get ing
NAME RULE BACKEND ADDRESS
< span class = "hljs-built_in" > test< / span > -
foo.bar.com
/foo s1:80
/bar s2:80
< / code > < / pre >
< p > 只 要 服 务 ( s1, s2) 存 在 , Ingress controller就 会 将 提 供 一 个 满 足 该 Ingress的 特 定 loadbalancer实 现 。 这 一 步 完 成 后 , 您 将 在 Ingress的 最 后 一 列 看 到 loadbalancer的 地 址 。 < / p >
< h3 id = "基于名称的虚拟主机" > 基 于 名 称 的 虚 拟 主 机 < / h3 >
< p > Name-based的 虚 拟 主 机 在 同 一 个 IP地 址 下 拥 有 多 个 主 机 名 。 < / p >
< pre > < code > foo.bar.com --| |-> foo.bar.com s1:80
| 178.91.123.132 |
bar.foo.com --| |-> bar.foo.com s2:80
< / code > < / pre > < p > 下 面 这 个 ingress说 明 基 于 < a href = "https://tools.ietf.org/html/rfc7230#section-5.4" target = "_blank" > Host header< / a > 的 后 端 loadbalancer的 路 由 请 求 : < / p >
< pre > < code class = "lang-Yaml" > < span class = "hljs-attr" > apiVersion:< / span > extensions/v1beta1
< span class = "hljs-attr" > kind:< / span > Ingress
< span class = "hljs-attr" > metadata:< / span >
< span class = "hljs-attr" > name:< / span > test
< span class = "hljs-attr" > spec:< / span >
< span class = "hljs-attr" > rules:< / span >
< span class = "hljs-attr" > - host:< / span > foo.bar.com
< span class = "hljs-attr" > http:< / span >
< span class = "hljs-attr" > paths:< / span >
< span class = "hljs-attr" > - backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > s1
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< span class = "hljs-attr" > - host:< / span > bar.foo.com
< span class = "hljs-attr" > http:< / span >
< span class = "hljs-attr" > paths:< / span >
< span class = "hljs-attr" > - backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > s2
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< / code > < / pre >
< p > < strong > 默 认 backend< / strong > : 一 个 没 有 rule的 ingress, 如 前 面 章 节 中 所 示 , 所 有 流 量 都 将 发 送 到 一 个 默 认 backend。 你 可 以 用 该 技 巧 通 知 loadbalancer如 何 找 到 你 网 站 的 404页 面 , 通 过 制 定 一 些 列 rule和 一 个 默 认 backend的 方 式 。 如 果 请 求 header中 的 host不 能 跟 ingress中 的 host匹 配 , 并 且 /或 请 求 的 URL不 能 与 任 何 一 个 path匹 配 , 则 流 量 将 路 由 到 你 的 默 认 backend。 < / p >
< h3 id = "tls" > TLS< / h3 >
< p > 你 可 以 通 过 指 定 包 含 TLS私 钥 和 证 书 的 < a href = "https://kubernetes.io/docs/user-guide/secrets" target = "_blank" > secret< / a > 来 加 密 Ingress。 目 前 , Ingress仅 支 持 单 个 TLS端 口 443, 并 假 定 TLS termination。 如 果 Ingress中 的 TLS配 置 部 分 指 定 了 不 同 的 主 机 , 则 它 们 将 根 据 通 过 SNI TLS扩 展 指 定 的 主 机 名 ( 假 如 Ingress controller支 持 SNI) 在 多 个 相 同 端 口 上 进 行 复 用 。 TLS secret中 必 须 包 含 名 为 < code > tls.crt< / code > 和 < code > tls.key< / code > 的 密 钥 , 这 里 面 包 含 了 用 于 TLS的 证 书 和 私 钥 , 例 如 : < / p >
< pre > < code class = "lang-Yaml" > < span class = "hljs-attr" > apiVersion:< / span > v1
< span class = "hljs-attr" > data:< / span >
tls.crt: base64 encoded cert
tls.key: base64 encoded key
< span class = "hljs-attr" > kind:< / span > Secret
< span class = "hljs-attr" > metadata:< / span >
< span class = "hljs-attr" > name:< / span > testsecret
< span class = "hljs-attr" > namespace:< / span > default
< span class = "hljs-attr" > type:< / span > Opaque
< / code > < / pre >
< p > 在 Ingress中 引 用 这 个 secret将 通 知 Ingress controller使 用 TLS加 密 从 将 客 户 端 到 loadbalancer的 channel: < / p >
< pre > < code class = "lang-yaml" > < span class = "hljs-attr" > apiVersion:< / span > extensions/v1beta1
< span class = "hljs-attr" > kind:< / span > Ingress
< span class = "hljs-attr" > metadata:< / span >
< span class = "hljs-attr" > name:< / span > < span class = "hljs-literal" > no< / span > -rules-map
< span class = "hljs-attr" > spec:< / span >
< span class = "hljs-attr" > tls:< / span >
< span class = "hljs-attr" > - secretName:< / span > testsecret
< span class = "hljs-attr" > backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > s1
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< / code > < / pre >
< p > 请 注 意 , 各 种 Ingress controller支 持 的 TLS功 能 之 间 存 在 差 距 。 请 参 阅 有 关 < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/nginx/README.md#https" target = "_blank" > nginx< / a > , < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/gce/README.md#tls" target = "_blank" > GCE< / a > 或 任 何 其 他 平 台 特 定 Ingress controller的 文 档 , 以 了 解 TLS在 你 的 环 境 中 的 工 作 原 理 。 < / p >
< p > Ingress controller启 动 时 附 带 一 些 适 用 于 所 有 Ingress的 负 载 平 衡 策 略 设 置 , 例 如 负 载 均 衡 算 法 , 后 端 权 重 方 案 等 。 更 高 级 的 负 载 平 衡 概 念 ( 例 如 持 久 会 话 , 动 态 权 重 ) 尚 未 在 Ingress中 公 开 。 你 仍 然 可 以 通 过 < a href = "https://github.com/kubernetes/contrib/tree/master/service-loadbalancer" target = "_blank" > service loadbalancer< / a > 获 取 这 些 功 能 。 随 着 时 间 的 推 移 , 我 们 计 划 将 适 用 于 跨 平 台 的 负 载 平 衡 模 式 加 入 到 Ingress资 源 中 。 < / p >
< p > 还 值 得 注 意 的 是 , 尽 管 健 康 检 查 不 直 接 通 过 Ingress公 开 , 但 Kubernetes中 存 在 并 行 概 念 , 例 如 < a href = "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/" target = "_blank" > 准 备 探 查 < / a > , 可 以 使 你 达 成 相 同 的 最 终 结 果 。 请 查 看 特 定 控 制 器 的 文 档 , 以 了 解 他 们 如 何 处 理 健 康 检 查 ( < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/nginx/README.md" target = "_blank" > nginx< / a > , < a href = "https://github.com/kubernetes/ingress/blob/master/controllers/gce/README.md#health-checks" target = "_blank" > GCE< / a > ) 。 < / p >
< h2 id = "更新ingress" > 更 新 Ingress< / h2 >
< p > 假 如 你 想 要 向 已 有 的 ingress中 增 加 一 个 新 的 Host, 你 可 以 编 辑 和 更 新 该 ingress: < / p >
< pre > < code class = "lang-Bash" > $ kubectl get ing
NAME RULE BACKEND ADDRESS
< span class = "hljs-built_in" > test< / span > - 178.91.123.132
foo.bar.com
/foo s1:80
$ kubectl edit ing < span class = "hljs-built_in" > test< / span >
< / code > < / pre >
< p > 这 会 弹 出 一 个 包 含 已 有 的 yaml文 件 的 编 辑 器 , 修 改 它 , 增 加 新 的 Host配 置 。 < / p >
< pre > < code class = "lang-yaml" > < span class = "hljs-attr" > spec:< / span >
< span class = "hljs-attr" > rules:< / span >
< span class = "hljs-attr" > - host:< / span > foo.bar.com
< span class = "hljs-attr" > http:< / span >
< span class = "hljs-attr" > paths:< / span >
< span class = "hljs-attr" > - backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > s1
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< span class = "hljs-attr" > path:< / span > /foo
< span class = "hljs-attr" > - host:< / span > bar.baz.com
< span class = "hljs-attr" > http:< / span >
< span class = "hljs-attr" > paths:< / span >
< span class = "hljs-attr" > - backend:< / span >
< span class = "hljs-attr" > serviceName:< / span > s2
< span class = "hljs-attr" > servicePort:< / span > < span class = "hljs-number" > 80< / span >
< span class = "hljs-attr" > path:< / span > /foo
..
< / code > < / pre >
< p > 保 存 它 会 更 新 API server中 的 资 源 , 这 会 触 发 ingress controller重 新 配 置 loadbalancer。 < / p >
< pre > < code class = "lang-bash" > $ kubectl get ing
NAME RULE BACKEND ADDRESS
< span class = "hljs-built_in" > test< / span > - 178.91.123.132
foo.bar.com
/foo s1:80
bar.baz.com
/foo s2:80
< / code > < / pre >
< p > 在 一 个 修 改 过 的 ingress yaml文 件 上 调 用 < code > kubectl replace -f< / code > 命 令 一 样 可 以 达 到 同 样 的 效 果 。 < / p >
< h2 id = "跨可用域故障" > 跨 可 用 域 故 障 < / h2 >
< p > 在 不 通 云 供 应 商 之 间 , 跨 故 障 域 的 流 量 传 播 技 术 有 所 不 同 。 有 关 详 细 信 息 , 请 查 看 相 关 Ingress controller的 文 档 。 有 关 在 federation集 群 中 部 署 Ingress的 详 细 信 息 , 请 参 阅 < a href = "" > federation文 档 < / a > 。 < / p >
< h2 id = "未来计划" > 未 来 计 划 < / h2 >
< ul >
< li > 多 样 化 的 HTTPS/TLS模 型 支 持 ( 如 SNI, re-encryption) < / li >
< li > 通 过 声 明 来 请 求 IP或 者 主 机 名 < / li >
< li > 结 合 L4和 L7 Ingress< / li >
< li > 更 多 的 Ingress controller< / li >
< / ul >
< p > 请 跟 踪 < a href = "https://github.com/kubernetes/kubernetes/pull/12827" target = "_blank" > L7和 Ingress的 proposal< / a > , 了 解 有 关 资 源 演 进 的 更 多 细 节 , 以 及 < a href = "https://github.com/kubernetes/ingress/tree/master" target = "_blank" > Ingress repository< / a > , 了 解 有 关 各 种 Ingress controller演 进 的 更 多 详 细 信 息 。 < / p >
< h2 id = "替代方案" > 替 代 方 案 < / h2 >
< p > 你 可 以 通 过 很 多 种 方 式 暴 露 service而 不 必 直 接 使 用 ingress: < / p >
< ul >
< li > 使 用 < a href = "https://kubernetes.io/docs/user-guide/services/#type-loadbalancer" target = "_blank" > Service.Type=LoadBalancer< / a > < / li >
< li > 使 用 < a href = "https://kubernetes.io/docs/user-guide/services/#type-nodeport" target = "_blank" > Service.Type=NodePort< / a > < / li >
< li > 使 用 < a href = "https://github.com/kubernetes/contrib/tree/master/for-demos/proxy-to-service" target = "_blank" > Port Proxy< / a > < / li >
< li > 部 署 一 个 < a href = "https://github.com/kubernetes/contrib/tree/master/service-loadbalancer" target = "_blank" > Service loadbalancer< / a > 这 允 许 你 在 多 个 service之 间 共 享 单 个 IP, 并 通 过 Service Annotations实 现 更 高 级 的 负 载 平 衡 。 < / li >
< / ul >
< h2 id = "参考" > 参 考 < / h2 >
< p > < a href = "https://kubernetes.io/docs/concepts/services-networking/ingress/" target = "_blank" > Kubernetes Ingress Resource< / a > < / p >
< p > < a href = "http://dockone.io/article/957" target = "_blank" > 使 用 NGINX Plus负 载 均 衡 Kubernetes服 务 < / a > < / p >
< p > < a href = "http://www.cnblogs.com/276815076/p/6407101.html" target = "_blank" > 使 用 NGINX 和 NGINX Plus 的 Ingress Controller 进 行 Kubernetes 的 负 载 均 衡 < / a > < / p >
< p > < a href = "https://blog.osones.com/en/kubernetes-ingress-controller-with-traefik-and-lets-encrypt.html" target = "_blank" > Kubernetes : Ingress Controller with Træ fɪ k and Let' s Encrypt< / a > < / p >
< p > < a href = "https://blog.osones.com/en/kubernetes-traefik-and-lets-encrypt-at-scale.html" target = "_blank" > Kubernetes : Træ fɪ k and Let' s Encrypt at scale< / a > < / p >
< p > < a href = "https://docs.traefik.io/user-guide/kubernetes/" target = "_blank" > Kubernetes Ingress Controller-Træ fɪ k< / a > < / p >
< p > < a href = "http://blog.kubernetes.io/2016/03/Kubernetes-1.2-and-simplifying-advanced-networking-with-Ingress.html" target = "_blank" > Kubernetes 1.2 and simplifying advanced networking with Ingress< / a > < / p >
< footer class = "page-footer-ex" > < span class = "page-footer-ex-copyright" > for GitBook< / span >                       < span class = "page-footer-ex-footer-update" > update
2017-08-21 18:44:34 +08:00
2017-08-21 18:23:34
2017-08-21 17:44:43 +08:00
< / span > < / footer >
< / section >
< / div >
< div class = "search-results" >
< div class = "has-results" >
< h1 class = "search-results-title" > < span class = 'search-results-count' > < / span > results matching "< span class = 'search-query' > < / span > "< / h1 >
< ul class = "search-results-list" > < / ul >
< / div >
< div class = "no-results" >
< h1 class = "search-results-title" > No results matching "< span class = 'search-query' > < / span > "< / h1 >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< a href = "cronjob.html" class = "navigation navigation-prev " aria-label = "Previous page: 2.2.13 CronJob" >
< i class = "fa fa-angle-left" > < / i >
< / a >
< a href = "configmap.html" class = "navigation navigation-next " aria-label = "Next page: 2.2.15 ConfigMap" >
< i class = "fa fa-angle-right" > < / i >
< / a >
< / div >
< script >
var gitbook = gitbook || [];
gitbook.push(function() {
2017-09-16 20:56:43 +08:00
gitbook.page.hasChanged({"page":{"title":"2.2.14 Ingress","level":"1.2.2.14","depth":3,"next":{"title":"2.2.15 ConfigMap","level":"1.2.2.15","depth":3,"path":"concepts/configmap.md","ref":"concepts/configmap.md","articles":[]},"previous":{"title":"2.2.13 CronJob","level":"1.2.2.13","depth":3,"path":"concepts/cronjob.md","ref":"concepts/cronjob.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","page-footer-ex","editlink","-lunr","-search","search-plus"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"page-footer-ex":{"copyright":"for GitBook","update_format":"YYYY-MM-DD HH:mm:ss","update_label":"update"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"page-toc-button":{},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"variable_name":"_pictures"}},"page-footer-ex":{"copyright":"Jimmy Song","update_label":"最后更新:","update_format":"YYYY-MM-DD HH:mm:ss"},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"concepts/index.html#fig1.2.1","level":"1.2","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":1,"url":"../images/borg.png","index":1,"caption_template":"Figure: _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"concepts/index.html#fig1.2.2","level":"1.2","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":2,"url":"../images/architecture.png","index":2,"caption_template":"Figure: _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"concepts/index.html#fig1.2.3","level":"1.2","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":3,"url":"../images/kubernetes-whole-arch.png","index":3,"caption_template":"Figure: _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"concepts/index.html#fig1.2.4","level":"1.2","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":4,"url":"../images/kubernetes-master-arch.png","index":4,"caption_template":"Figure: _CAPTION_","label":"Kubernetes master架构示意图","attributes":{},"skip":false,"key":"1.2.4"},{"backlink":"concepts/index.html#fig1.2.5","level":"1.2","list_caption":"Figure: kubernetes node架构示意图","alt":"kubernetes node架构示意图","nro":5,"url":"../images/kubernetes-node-arch.png","index":5,"caption_template":"Figure: _CAPTION_","label":"kubernetes node架构示意图","attributes":{},"skip":false,"key":"1.2.5"},{"backlink":"concepts/index.html#fig1.2.6","level":"1.2","list_caption":"Figure: Kubernetes分层架构示意图","alt":"Kubernetes分层架构示意图","nro":6,"url":"../images/kubernetes-layers-arch.jpg","index":6,"caption_template":"Figure: _CAPTION_","label":"Kubernetes分层架构示意图","attributes":{},"skip":false,"key":"1.2.6"},{"backlink":"concepts/concepts.html#fig1.2.1.1","level":"1.2.1","list_caption":"Figure: 分层架构示意图","alt":"分层架构
2017-08-21 17:44:43 +08:00
});
< / script >
< / div >
< script src = "../gitbook/gitbook.js" > < / script >
< script src = "../gitbook/theme.js" > < / script >
< script src = "../gitbook/gitbook-plugin-github/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-splitter/splitter.js" > < / script >
< script src = "../gitbook/gitbook-plugin-page-toc-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-editlink/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/search.js" > < / script >
< script src = "../gitbook/gitbook-plugin-sharing/buttons.js" > < / script >
< script src = "../gitbook/gitbook-plugin-fontsettings/fontsettings.js" > < / script >
< / body >
< / html >