Kubernetes Ingress 個性化配置以及Ingress Controller

Ingress：個性化配置

[root@k8s-master ~]# cat ingress-annotations.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: annotation-test
  annotations:
     kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-body-size: "1000m"

spec:
  rules:
  - host: annotation.ctnrs.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web1
            port:
              number: 80      

[root@k8s-master ~]# kubectl get ingress
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME              CLASS    HOSTS                  ADDRESS   PORTS   AGE
annotation-test   <none>   annotation.ctnrs.com             80      5s

[root@k8s-master ~]# kubectl describe ingress annotation-test 
annotation.ctnrs.com  
                        /   web1:80   10.244.169.139:80,10.244.169.140:80,10.244.36.77:80)
Annotations:            kubernetes.io/ingress.class: nginx
                        nginx.ingress.kubernetes.io/proxy-body-size: 1000m
                        nginx.ingress.kubernetes.io/proxy-connect-timeout: 600
                        nginx.ingress.kubernetes.io/proxy-read-timeout: 600
                        nginx.ingress.kubernetes.io/proxy-send-timeout: 600


[root@k8s-master ~]# kubectl exec -it  nginx-ingress-controller-4rxqq -n ingress-nginx -- bash
bash-5.0$ vi /etc/nginx/nginx.conf      

實際上這個配置檔案是由控制器幫你生成的，比我們平時使用nginx的配置檔案裡面的内容要大很多，裡面有很多lua代碼。

可以看到幫你建立了server塊

server {                                                                                                                               
                server_name annotation.ctnrs.com ;                                                                                             
                                                                                                                                               
                listen 80  ;                                                                                                                   
                listen [::]:80  ;                                                                                                              
                listen 443  ssl http2 ;                                                                                                        
                listen [::]:443  ssl http2 ;              
 proxy_connect_timeout                   600s;                                                                          
                        proxy_send_timeout                      600s;                                                                          
                        proxy_read_timeout                      600s;       

可以看到幫我們配置上了，上面是配置逾時時間

Ingress Contronler怎麼工作的？

Ingress Contronler通過與 Kubernetes API 互動，動态的去感覺叢集中 Ingress 規則變化，然後讀取它，按照自定義的規則，規則就是寫明了哪個域名對應哪個service，生成一段 Nginx 配置，應用到管理的

Nginx服務，然後熱加載生效。以此來達到Nginx負載均衡器配置及動态更新的問題。

流程包流程：用戶端 ->Ingress Controller（nginx） -> 分布在各節點Pod

Ingress Controller高可用方案

 一般Ingress Controller會以DaemonSet+nodeSelector部署到幾台特定Node，然後将這幾台挂載到公網負載均衡器對外提供服務。

修改為DaemonSet

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx


[root@k8s-master ~]# kubectl get pod -o wide -n ingress-nginx
NAME                             READY   STATUS    RESTARTS   AGE   IP                NODE        NOMINATED NODE   READINESS GATES
nginx-ingress-controller-4rxqq   1/1     Running   0          87m   192.168.179.103   
k8s-node1   <none>           <none>
nginx-ingress-controller-vt4cw   1/1     Running   0          87m   192.168.179.104   k8s-node2   <none>           <none>