Kubernetes网络管理深入理解Ingress配置引言在Kubernetes中Ingress是管理外部访问的关键组件。通过Ingress可以实现HTTP/HTTPS路由、负载均衡和SSL终止等功能。作为一名资深的DevOps工程师我在多个项目中负责Ingress的配置和优化。今天就来分享一下Ingress的配置方法和最佳实践。Ingress概述Ingress概念Ingress的核心功能HTTP路由根据域名和路径将请求路由到不同的服务。SSL终止在Ingress层面终止SSL连接。负载均衡将流量分发到多个后端Pod。虚拟主机支持多个域名共享同一个IP地址。Ingress控制器常用的Ingress控制器NGINX Ingress Controller最常用的Ingress控制器。Traefik现代化的Ingress控制器支持自动配置。HAProxy Ingress基于HAProxy的Ingress控制器。NGINX Ingress配置基本配置创建基本的Ingress配置apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80SSL配置配置SSL证书apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-tls annotations: nginx.ingress.kubernetes.io/ssl-redirect: true spec: tls: - hosts: - myapp.example.com secretName: myapp-tls rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80高级配置配置高级特性apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-advanced annotations: nginx.ingress.kubernetes.io/proxy-read-timeout: 600 nginx.ingress.kubernetes.io/proxy-send-timeout: 600 nginx.ingress.kubernetes.io/limit-rps: 100 nginx.ingress.kubernetes.io/limit-connections: 10 spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80Ingress最佳实践路径重写配置路径重写apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-rewrite annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: rules: - host: api.example.com http: paths: - path: /api(/|$)(.*) pathType: Prefix backend: service: name: api-service port: number: 8080限流配置配置请求限流apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-rate-limit annotations: nginx.ingress.kubernetes.io/limit-rps: 50 nginx.ingress.kubernetes.io/limit-rpm: 1000 nginx.ingress.kubernetes.io/limit-connections: 20 spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80健康检查配置健康检查apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myapp-ingress-health annotations: nginx.ingress.kubernetes.io/health-check-path: /health nginx.ingress.kubernetes.io/health-check-interval: 30s nginx.ingress.kubernetes.io/health-check-timeout: 5s spec: rules: - host: myapp.example.com http: paths: - path: / pathType: Prefix backend: service: name: myapp-service port: number: 80Ingress案例分析案例1多域名配置某公司配置了多个域名配置内容apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: multi-domain-ingress spec: tls: - hosts: - app1.example.com - app2.example.com secretName: wildcard-tls rules: - host: app1.example.com http: paths: - path: / pathType: Prefix backend: service: name: app1-service port: number: 80 - host: app2.example.com http: paths: - path: / pathType: Prefix backend: service: name: app2-service port: number: 80效果实现了多个域名共享同一个Ingress。案例2路径路由配置某公司配置了路径路由配置内容apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: path-routing-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: rules: - host: api.example.com http: paths: - path: /users(/|$)(.*) pathType: Prefix backend: service: name: user-service port: number: 8080 - path: /orders(/|$)(.*) pathType: Prefix backend: service: name: order-service port: number: 8080效果实现了基于路径的路由。结语Ingress是Kubernetes中重要的网络组件。通过合理配置可以实现灵活的流量管理。希望这篇文章能帮助你配置Ingress。如果你有任何问题或经验分享欢迎在评论区交流本文作者侯万里万里侯致力于网络管理的工程师
