上次面试被问到Ingress 一脸懵逼 -_-||,这回学习记录一下。

simple architecture of ingress in k8s:

create ingress controller

To create the ingress controller, use Helm to install nginx-ingress. For added redundancy, two replicas of the NGINX ingress controllers are deployed with the --set controller.replicaCount parameter. To fully benefit from running replicas of the ingress controller, make sure there’s more than one node in your AKS cluster.

When the Kubernetes load balancer service is created for the NGINX ingress controller, a dynamic public IP address is assigned, as shown in the following example output:

No ingress rules have been created yet, so the NGINX ingress controller’s default 404 page is displayed if you browse to the internal IP address.

config DNS:
For the HTTPS certificates to work correctly, configure an FQDN for the ingress controller IP address.

install cert-manager which provides automatic Lets Encrypt certificate generation and management functionality.:

kubectl label namespace kube-system certmanager.k8s.io/disable-validation=true

kubectl apply
-f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml

helm install stable/cert-manager
–namespace kube-system
–set ingressShim.defaultIssuerName=letsencrypt-staging
–set ingressShim.defaultIssuerKind=ClusterIssuer
–set rbac.create=false
–set serviceAccount.create=false
–version v0.6.0

create a CA cluster issuer:

create demo app:

add the Azure samples repository to your Helm environment
Create the first demo application from a Helm chart

Now install a second instance of the demo application. For the second instance, you specify a new title so that the two applications are visually distinct. You also specify a unique service name

create ingress route:

Both applications are now running on your Kubernetes cluster. To route traffic to each application, create a Kubernetes ingress resource. The ingress resource configures the rules that route traffic to one of the two applications.

https://sjhdemo-aks-ingress.eastus.cloudapp.azure.com/ is routed to the service named aks-helloworld. Traffic to the address https://sjhdemo-aks-ingress.eastus.cloudapp.azure.com/hello-world-two is routed to the ingress-demo service.

create a certificate object:

The certificate resource defines the desired X.509 certificate.

Cert-manager has likely automatically created a certificate object for you using ingress-shim, which is automatically deployed with cert-manager since v0.2.2.

kubectl describe certificate tls-secret

otherwise you can create your own certificate

test ingress configuration
Open a web browser to the FQDN of your Kubernetes ingress controller

As these examples use letsencrypt-staging, the issued SSL certificate is not trusted by the browser. Accept the warning prompt to continue to your application. The certificate information shows this Fake LE Intermediate X1 certificate is issued by Let’s Encrypt. This fake certificate indicates cert-manager processed the request correctly and received a certificate from the provider:

then browse https://sjhdemo-aks-ingress.eastus.cloudapp.azure.com/hello-world-two.

Egress

when you app need to be whistlisted and loadbalancer of Serivce 's lifecycle is following app of Service,a static IP with Service and Egress:

This service configures a new frontend IP on the Azure Load Balancer.

check ip by :
curl -s checkip.dyndns.org

k8s ingress and egress相关推荐

  1. 通过阿里云容器服务K8S Ingress Controller实现应用服务的灰度发布

    简介 日常工作中我们经常需要对服务进行版本更新升级,为此我们经常使用到的发布方式有滚动升级.分批暂停发布.蓝绿发布以及灰度发布,今天主要跟大家分享下在阿里云容器服务Kubernetes集群中如何通过I ...

  2. K8s Ingress Provider 为什么选择 MSE 云原生网关?

    作者:如葑 K8s Ingress 简介 K8s 集群内的网络与外部是隔离的,即在 K8s 集群外部无法直接访问集群内部的服务,如何让将 K8s 集群内部的服务提供给外部用户呢?K8s 社区有三种方案 ...

  3. 通过阿里云K8S Ingress Controller实现路由配置的动态更新

    简介 在Kubernetes集群中,Ingress作为集群内服务对外暴露的访问接入点,其几乎承载着集群内服务访问的所有流量.我们知道,Nginx Ingress Controller是Kubernet ...

  4. 六, 跨语言微服务框架 - Istio Ingress和Egress详解(解决Istio无法外网访问问题)

    在微服务中另外一个重点就是网关,网关理论包含入口网关和出口网关,传统意义上的网关很难做到出口网络控制,但是对于Istio是一件非常轻松的事情(因为所有的出口流量都会经过Istio),入口网关控制解析路 ...

  5. K8S ingress nginx 如何设置访问白名单

    K8S ingress nginx 设置访问白名单 前端无代理负载情况: apiVersion: extensions/v1beta1 kind: Ingress metadata:name: ing ...

  6. 7-4 NetworkPolicy网络策略简介与Ingress及Egress案例

    文章目录 前言 准备工作 linux命名空间 python命名空间 Ingress策略 podSelector podSelector-SinglePort podSelector-MultiPort ...

  7. nginx 集群部署_入门级实操教程!从概念到部署,全方位了解K8S Ingress!

    Kubernetes Ingress用于添加规则,以将流量从外部路由到Kubernetes集群的服务中.在本文中你将了解ingress 的概念,以及用于路由外部流量到Kubernetes deploy ...

  8. Istio的Ingress与Egress网关

    一.认识Ingress 在Istio的流量控制中,Ingress可以理解为前端应用的一个代理网格,当被转发到代理容器的流量到达服务前,会先经过该服务的Ingress Gateway,之后:再有Ingr ...

  9. k8s ingress yml 浅薄理解

    在k8s 中,如果是使用的 ingress ,会经常用到的一些配置,简单的记录下. 如果有理解不合理的地方,望指出.共同进步. apiVersion: extensions/v1beta1 kind: ...

最新文章

  1. 如何使用C++ Builder 6.0连接Access数据库
  2. Spring 创建对象的问题,不同构造方法创建对象,使用工厂类类获取对象、单例或多例、延迟创建问题
  3. 服务端第八次上课:mongodb,redis
  4. 【老王来了】之隔壁路由器坏了,他来了...
  5. 常用shader固有函数
  6. mysql截取字符串最后两位_Mysql字符串截取函数SUBSTRING的用法说明
  7. NSZombieEnabled使用
  8. php thinkphp重定向,ThinkPHP框架让页面重定向方法总结
  9. 算法学习之剑指offer(六)
  10. 10个用好模糊效果的超实用设计技巧
  11. shell script语法高亮和自动缩进的配置
  12. Simscape Multibody 多体动力学仿真教程(一)
  13. 读书笔记(随笔5)虚拟终端
  14. Cisco Devnet CCNA【200-901】题库稳定
  15. jav学习笔记-String源码分析
  16. 微信公众平台接口测试帐号登录
  17. 【BZOJ3097】 Hash Killer I
  18. 在Windows中安装一些python的第三方库
  19. Android中GPS简介及其应用
  20. c语言优秀教案,C语言优秀教案.doc

热门文章

  1. 程序员如何防止脑疲劳:下午补充一些干果
  2. 给有从事软件研发想法的在校大学生的一丝建议
  3. 柿饼模组 -- 实现超声波模块测距显示界面
  4. 当你开始听不清这个世界的声音
  5. Debezium同步之DB2数据到Kafka的同步
  6. 这些独家记忆串成我们的2022
  7. Ta,两年拿下了10亿美金
  8. 从gPROMS换到c#的路程! 千里之行,始于足下!
  9. dell服务器键盘接口位置,键盘与接口介绍_戴尔笔记本电脑_笔记本评测-中关村在线...
  10. Python量化:评估投资组合的收益率和风险