Kubernetes网络管理：深入理解Ingress配置

Kubernetes网络管理：深入理解Ingress配置

引言

在Kubernetes中，Ingress是管理外部访问的关键组件。通过Ingress，可以实现HTTP/HTTPS路由、负载均衡和SSL终止等功能。

作为一名资深的DevOps工程师，我在多个项目中负责Ingress的配置和优化。今天就来分享一下Ingress的配置方法和最佳实践。

Ingress概述

Ingress概念

Ingress的核心功能：

HTTP路由：根据域名和路径将请求路由到不同的服务。
SSL终止：在Ingress层面终止SSL连接。
负载均衡：将流量分发到多个后端Pod。
虚拟主机：支持多个域名共享同一个IP地址。

Ingress控制器

常用的Ingress控制器：

NGINX Ingress Controller：最常用的Ingress控制器。
Traefik：现代化的Ingress控制器，支持自动配置。
HAProxy Ingress：基于HAProxy的Ingress控制器。

NGINX Ingress配置

基本配置

创建基本的Ingress配置：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80

SSL配置

配置SSL证书：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-tls annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: tls: - hosts: - myapp.example.com secretName: myapp-tls rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80

高级配置

配置高级特性：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-advanced annotations: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/limit-rps: "100" nginx.ingress.kubernetes.io/limit-connections: "10" spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80

Ingress最佳实践

路径重写

配置路径重写：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-rewrite annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: rules: - host: api.example.com http: paths: - path: /api(/|$)(.*) pathType: Prefix backend: service: name: api-service port: number: 8080

限流配置

配置请求限流：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-rate-limit annotations: nginx.ingress.kubernetes.io/limit-rps: "50" nginx.ingress.kubernetes.io/limit-rpm: "1000" nginx.ingress.kubernetes.io/limit-connections: "20" spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80

健康检查

配置健康检查：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-health annotations: nginx.ingress.kubernetes.io/health-check-path: /health nginx.ingress.kubernetes.io/health-check-interval: "30s" nginx.ingress.kubernetes.io/health-check-timeout: "5s" spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80

Ingress案例分析

案例1：多域名配置

某公司配置了多个域名：

配置内容：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: multi-domain-ingress spec: tls: - hosts: - app1.example.com - app2.example.com secretName: wildcard-tls rules: - host: app1.example.com http: paths: - path: / pathType: Prefix backend: service: name: app1-service port: number: 80 - host: app2.example.com http: paths: - path: / pathType: Prefix backend: service: name: app2-service port: number: 80

效果：实现了多个域名共享同一个Ingress。

案例2：路径路由配置

某公司配置了路径路由：

配置内容：

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: path-routing-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: rules: - host: api.example.com http: paths: - path: /users(/|$)(.*) pathType: Prefix backend: service: name: user-service port: number: 8080 - path: /orders(/|$)(.*) pathType: Prefix backend: service: name: order-service port: number: 8080

效果：实现了基于路径的路由。

结语

Ingress是Kubernetes中重要的网络组件。通过合理配置，可以实现灵活的流量管理。

希望这篇文章能帮助你配置Ingress。如果你有任何问题或经验分享，欢迎在评论区交流！

本文作者：侯万里（万里侯），致力于网络管理的工程师