Kubernetes Ingress 个性化配置以及Ingress Controller

Ingress：个性化配置

[root@k8s-master ~]# cat ingress-annotations.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: annotation-test
  annotations:
     kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-body-size: "1000m"

spec:
  rules:
  - host: annotation.ctnrs.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web1
            port:
              number: 80

[root@k8s-master ~]# kubectl get ingress
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME              CLASS    HOSTS                  ADDRESS   PORTS   AGE
annotation-test   <none>   annotation.ctnrs.com             80      5s

[root@k8s-master ~]# kubectl describe ingress annotation-test 
annotation.ctnrs.com  
                        /   web1:80   10.244.169.139:80,10.244.169.140:80,10.244.36.77:80)
Annotations:            kubernetes.io/ingress.class: nginx
                        nginx.ingress.kubernetes.io/proxy-body-size: 1000m
                        nginx.ingress.kubernetes.io/proxy-connect-timeout: 600
                        nginx.ingress.kubernetes.io/proxy-read-timeout: 600
                        nginx.ingress.kubernetes.io/proxy-send-timeout: 600


[root@k8s-master ~]# kubectl exec -it  nginx-ingress-controller-4rxqq -n ingress-nginx -- bash
bash-5.0$ vi /etc/nginx/nginx.conf

实际上这个配置文件是由控制器帮你生成的，比我们平时使用nginx的配置文件里面的内容要大很多，里面有很多lua代码。

可以看到帮你创建了server块

  server {                                                                                                                               
                server_name annotation.ctnrs.com ;                                                                                             
                                                                                                                                               
                listen 80  ;                                                                                                                   
                listen [::]:80  ;                                                                                                              
                listen 443  ssl http2 ;                                                                                                        
                listen [::]:443  ssl http2 ;              
 proxy_connect_timeout                   600s;                                                                          
                        proxy_send_timeout                      600s;                                                                          
                        proxy_read_timeout                      600s; 

可以看到帮我们配置上了，上面是配置超时时间

Ingress Contronler怎么工作的？

Ingress Contronler通过与 Kubernetes API 交互，动态的去感知集群中 Ingress 规则变化，然后读取它，按照自定义的规则，规则就是写明了哪个域名对应哪个service，生成一段 Nginx 配置，应用到管理的

Nginx服务，然后热加载生效。以此来达到Nginx负载均衡器配置及动态更新的问题。

流程包流程：客户端 ->Ingress Controller（nginx） -> 分布在各节点Pod

Ingress Controller高可用方案

 一般Ingress Controller会以DaemonSet+nodeSelector部署到几台特定Node，然后将这几台挂载到公网负载均衡器对外提供服务。

修改为DaemonSet

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx


[root@k8s-master ~]# kubectl get pod -o wide -n ingress-nginx
NAME                             READY   STATUS    RESTARTS   AGE   IP                NODE        NOMINATED NODE   READINESS GATES
nginx-ingress-controller-4rxqq   1/1     Running   0          87m   192.168.179.103   
k8s-node1   <none>           <none>
nginx-ingress-controller-vt4cw   1/1     Running   0          87m   192.168.179.104   k8s-node2   <none>           <none>

在实际环境当中k8s节点往往会有很多，在每个节点启动一个pod开销会比较大。可以使用nodeSelector根据某些标签固定在某些节点

ingress负载均衡器在内网，因为k8s集群在内网，那么需要有一个公网的代理服务器，将请求转发到内网k8s集群的ingres control，然后它会将其转发到后端应用上。