https://medium.com/@C.W.Hu/kubernetes-implement-ingress-deployment-tutorial-7431c5f96c3e
https://medium.com/google-cloud/understanding-kubernetes-networking-ingress-1bc341c84078
https://software.danielwatrous.com/istio-ingress-vs-kubernetes-ingress/
<aside> 👉 Ingress 在眾多的 Service 前搭建一個 reverse-proxy。
</aside>
<aside> 👉 Ingress 為 Layer 7 Application,可以接收 http / https
</aside>
<aside> 👉 Ingress 可以幫助我們統一一個對外的 port number,並且根據 hostname 或是 pathname 決定封包要轉發到哪個 Service 上
</aside>
<aside> 👉 Ingress Server 有各式各樣的實作,例如:Ingress-Nginx, Ingress-GCE
</aside>
Deployments
apiVersion: apps/v1
kind: Deployment
metadata:
name: blue-nginx
spec:
replicas: 2
template:
metadata:
labels:
app: blue-nginx
spec:
containers:
- name: nginx
image: hcwxd/blue-whale
ports:
- containerPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: purple-nginx
spec:
replicas: 2
template:
metadata:
labels:
app: purple-nginx
spec:
containers:
- name: nginx
image: hcwxd/purple-whale
ports:
- containerPort: 3000
Services
apiVersion: v1
kind: Service
metadata:
name: blue-service
spec:
type: NodePort
selector:
app: blue-nginx
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: purple-service
spec:
type: NodePort
selector:
app: purple-nginx
ports:
- protocol: TCP
port: 80
targetPort: 3000
Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web
spec:
rules:
- host: blue.demo.com
http:
paths:
- backend:
serviceName: blue-service
servicePort: 80
- host: purple.demo.com
http:
paths:
- backend:
serviceName: purple-service
servicePort: 80
Local Testing: Add dns rule to /etc/hosts
echo {Node IP} blue.demo.com >> /etc/hosts
echo {Node IP} purple.demo.com >> /etc/hosts
https://stackoverflow.com/questions/45079988/ingress-vs-load-balancer
Ingress is actually NOT a type of service. Instead, it sits in front of multiple services and act as a “smart router” or entry point into your cluster.
You can do a lot of different things with an Ingress, and there are many types of Ingress controllers that have different capabilities.
The default GKE ingress controller will spin up a HTTP(S) Load Balancer for you. This will let you do both path based and subdomain based routing to backend services. For example, you can send everything on foo.yourdomain.com to the foo service, and everything under the yourdomain.com/bar/ path to the bar service.
Ingress is probably the most powerful way to expose your services, but can also be the most complicated. There are many types of Ingress controllers, from the Google Cloud Load Balancer, Nginx, Contour, Istio, and more. There are also plugins for Ingress controllers, like the cert-manager, that can automatically provision SSL certificates for your services.
Ingress is the most useful if you want to expose multiple services under the same IP address, and these services all use the same L7 protocol (typically HTTP). You only pay for one load balancer if you are using the native GCP integration, and because Ingress is “smart” you can get a lot of features out of the box (like SSL, Auth, Routing, etc)