Kubernetes nginx Ingress usage record

Objective

Nginx ingress controller 

Ingress is a way to expose the internal service of a k8s cluster, and user-edited profiles define a ingress resource to enable external network access to the intranet service.
Ingress Controller is to manage all Ingress objects, ingress controller inside is actually an nginx container, when Ingress controll by interacting with the Kubernetes API, When the ingress rule changes in the perceptual cluster, the nginx.conf file is generated according to the template file, and then the configuration file is reload.
Compared to the kubernetes through the Nodeport mode exposes the service, can provide more advanced features, especially for the HTTP service, he can achieve load balancing, SSL, virtual host, and so on, and ingress is directly forwarding packets to the pod, Not after kube-proxy, relatively more efficient.

Ingress nginx kubernetes 

Build the Environment

Users can set up the environment by referring to the official document deployment.

Nginx ingress controller kubernetes

• First you have to set up a default-backend service. If all the ingress objects are not matched, all requests are forwarded to the default Ingress object, where some error messages can be returned;
• Then set up the RBAC of the cluster, because the ingress controller to access the API server, so he needs to configure resource access rights;
• Install ingress controller, typically create a resource on each node in the form of Daemonset, and then open a port in hostnetwork way
• The last is the Ingress object that creates the service you want to expose.

Kubernetes ingress nginx master

The service can be accessed outside the cluster through the steps above, but it is important to note that the ingress controller is actually an NGINX server, which is also a virtual host in the configuration file Server_ Name to identify which service is forwarded to the backend, for HTTP requests must be in the header of the request to add the host field, so if you do not configure DNS domain name resolution, access in the browser can modify the/etc/hosts file, you can also use Curl-h " Host:xxxxx.com "Nodeip to achieve.
For students who need to customize the default-backend, they can customize the backend implementation according to custom errors,

Ingress Controller Reload

Nginx ingress controller setup

As mentioned above, when we create the ingress, the ingress controller will perform relaod, during which Nginx needs to replace the Nginx worker process, which will cause a transient exception to the service. Using JMeter for distributed testing a service, the observed situation is that the QPS has no effect, but there will be 0.01% error return results, in some small concurrency this can be received, but if it is a high concurrency scenario, and the service ingress object of the backend services are many, At this time reload will also be more frequent, for some services are unacceptable.
One solution is to define multiple ingress controller objects in the cluster, and then register them on different ingress controllers according to Ingress, so that the concept of grouping can be realized. Adding ingress in one group does not cause another group to reload, you need to specify the--ingress-class option in the ingress controller's YAML definition file, and then add the ingress in the YAML definition file The Annotation:kubernetes.io/ingress.class association corresponds to the Controll class.
Note If you are starting multiple ingress controllers on the same host, you will need to change the port number of the default configuration, or you may have ports conflict, you need to add--http-port,--https-port to the boot parameters of the mirror,--status-port, --healthz-port these several options to change the port.

Configuration of Nginx Ingress

Nginx is a powerful load balancer, reverse proxy server, if only through the default template generated by the nginx.conf file may not meet our needs, and there may be a pit, so the need for custom configuration can be implemented in three ways:

• By Configmap, see the Nginx Ingress controller configuration Configmap, he is the global setting, Direct configuration of nginx.conf, which affects all ingress of management, but requires the-configmap=$ (pod_namespace)/nginx-configuration option to be specified;
• The ingress of a single service is configured through annotations;
• Advanced players are directly customizing the template to control Nginx controll generated nginx.conf file

Nginx Ingress four-layer agent

Nginx support four layer proxy, reference to ingress also support, the expression form and nodeport almost, all need to open a port on the host, but support some nginx function, feel more chicken, see exposing TCP and UDP services, The implementation is through a configmap to specify the host port and the corresponding relationship between the intranet service.

Kubernetes nginx Ingress usage record