Giriş
Açıklaması şöyle
An API object that manages external access to the services in a cluster, typically HTTP. Ingress may provide load balancing, SSL termination and name-based virtual hosting.
Uygulamaya abc.com şeklinde erişebilmeyi sağlar. Yani path based routing yapar
Not : minikube ile bir örnek burada
Ingress ve API Gateway
Ingress genellikle proprietary (sağlayıcıya tescilli) şeyler kullanmayı gerektiriyor. Bunu istemiyorsak, üçüncü bir taraf tarafından sağlanan ve daha standard olan bir API Gateway kullanılabilir. Mesela SIG-NETWORK topluluğu bir standard sağlıyor ve Apache APISIX bu standardı geçekleştirenlerden bir tanesi.
Ingress Neden Lazım?
Açıklaması şöyle. Yani tek bir Ingress ile bir sürü uygulamaya erişimi sağlanabilir.
Ingress is a more capable version of a service. We need a service for each of our applications when we use a LoadBalancer service. For example, if we have 8 apps, then we need 8 services. This is not cost-efficient. With Ingress, we expose multiple services with a single LoadBalancer service.So how does Ingress know which service to route traffic to? How does it know we want to access user service, not invoice service? Ingress uses host-based and path-based routing for that.
Ingressleri görmek için şöyle yaparız
kubectl get ingress
TLS
Açıklaması şöyle
You can secure an Ingress by specifying a Secret that contains a TLS private key and certificate. The Ingress resource only supports a single TLS port, 443, and assumes TLS termination at the ingress point (traffic to the Service and its Pods is in plaintext). If the TLS configuration section in an Ingress specifies different hosts, they are multiplexed on the same port according to the hostname specified through the SNI TLS extension (provided the Ingress controller supports SNI).
Load balancing
Açıklaması şöyle
An Ingress controller is bootstrapped with some load balancing policy settings that it applies to all Ingress, such as the load balancing algorithm, backend weight scheme, and others. More advanced load balancing concepts (e.g. persistent sessions, dynamic weights) are not yet exposed through the Ingress. You can instead get these features through the load balancer used for a Service.
Ingress Çeşitleri
İki çeşit Ingress var. Bunlar şöyle
1. Path Based veya Simple Fanout
2. Host Based veya Name based virtual hosting
1. Path Based veya Simple Fanout
Path Based Routing yazısına taşıdım
2. Host Based veya Name based virtual hosting
Birden fazla host ismi vardır. Http isteğindeki "Host başlığına" göre yönlendirilir
Örnek
Şöyle yaparız
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: name-virtual-host-ingress
spec:
rules:
- host: foo.bar.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service1
port:
number: 80
- host: bar.foo.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: service2
port:
number: 80Örnek
Şöyle yaparız. Uygulamaya keycloak.demo.com ve application.demo.com şeklinde erişebiliriz.
kind: IngressapiVersion: networking.k8s.io/v1metadata:name: backendingressnamespace: spring-keycloak-demoannotations:kubernetes.io/ingress.class: nginxnginx.ingress.kubernetes.io/ssl-redirect: "false"nginx.ingress.kubernetes.io/rewrite-target: /spec:tls:- hosts:- keycloak.demo.com- application.demo.comrules:- host: keycloak.demo.comhttp:paths:- path: /pathType: Prefixbackend:service:name: spring-keycloak-demoport:number: 8080- host: application.demo.comhttp:paths:- path: /pathType: Prefixbackend:service:name: backend-serviceport:number: 8000
Örnek
Şöyle yaparız. user.localhost ve order.localhost şeklinde erişebiliriz.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-host-based
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: order.localtest.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: order-service
port:
number: 8080
- host: user.localtest.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: user-service
port:
number: 8080
Hiç yorum yok:
Yorum Gönder