原文作者:贤维
原文链接:https://developer.aliyun.com/article/727019
ASK: Alibaba Cloud Serverless Kubernetes
导读
不同于阿里云 ACK 集群默认通过 nginx-ingress-controller 提供 ingress 能力,在 ASK(Serverless Kubernetes) 集群中默认基于 SLB 七层转发提供ingress能力(请参考文档https://help.aliyun.com/document_detail/86398.html)。
这样的优势是Serverless集群开箱即用,用户无需部署任何controller即可创建自己的Ingress资源,更符合Serverless环境的用法。
然而基于SLB七层转发的ingress与nginx-ingress-controller相比,缺少了一些高级Ingress功能,无法满足某些客户场景的需求,比如支持域名path的正则匹配等。
所以ASK集群也提供了与ACK集群同样的 nginx-ingress-controller,供用户使用 nginx 提供的 ingress 转发能力。用户可以根据自己的需求决定选择两者之一。下面我们一起来尝试在 ASK 集群中使用 nginx-ingress。
部署 nginx-ingress-controller
在 ASK 集群中部署 yaml 文件:
https://github.com/AliyunContainerService/serverless-k8s-examples/blob/master/ingress-nginx/nginx-ingress-controller.yaml
#kubectl apply -f https://raw.githubusercontent.com/AliyunContainerService/serverless-k8s-examples/master/ingress-nginx/nginx-ingress-controller.yaml
service/nginx-ingress-lb created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-controller created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-controller created
deployment.apps/nginx-ingress-controller created
# kubectl -n kube-system get pod
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-c9d8697f6-n4bzs 0/1 Running 0 52s
nginx-ingress-controller-c9d8697f6-p8p6j 0/1 Running 0 52s
# kubectl -n kube-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
metrics-server ClusterIP 172.19.4.171 <none> 443/TCP 72d
nginx-ingress-lb LoadBalancer 172.19.6.118 47.93.131.72 80:32676/TCP,443:30256/TCP 116s可以看到一个公网slb已经被创建出来(后端是两个nginx-ingress-controller pod),这是集群中所有ingress的入口IP地址。
部署Ingress示例
我们同样提供了简单的Coffee和Tea Ingress示例:https://github.com/AliyunContainerService/serverless-k8s-examples/blob/master/ingress-nginx/ingress-cafe-demo.yaml
需要注意的是Ingress中需要指定如下Annotation,才能保证ingress被nginx-ingress-controller正确处理。
kubernetes.io/ingress.class:nginx
# kubectl apply -f https://raw.githubusercontent.com/AliyunContainerService/serverless-k8s-examples/master/ingress-nginx/ingress-cafe-demo.yamldeployment.extensions/coffee created
service/coffee-svc created
deployment.extensions/tea created
service/tea-svc created
ingress.extensions/cafe-ingress created
# kubectl get pod
NAME READY STATUS RESTARTS AGE
coffee-56668d6f78-g7g6p 1/1 Running 0 88s
coffee-56668d6f78-x9ktc 1/1 Running 0 88s
tea-85f8bf86fd-477d2 1/1 Running 0 88s
tea-85f8bf86fd-jlq6b 1/1 Running 0 88s
tea-85f8bf86fd-p4ng4 1/1 Running 0 88s
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coffee-svc ClusterIP None <none> 80/TCP 102s
kubernetes ClusterIP 172.19.0.1 <none> 443/TCP 72d
tea-svc ClusterIP None <none> 80/TCP 102s
# kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
cafe-ingress cafe.example.com 47.93.131.72 80 2m1spod 和 ingress 都已创建成功,下面我们尝试访问 Ingress:
# curl -H "Host:cafe.example.com" 47.93.131.72/tea
Server address: 192.168.55.159:80
Server name: default-tea-85f8bf86fd-p4ng4
Date: 14/Nov/2019:09:01:46 +0000
URI: /tea
Request ID: 2c3a87eb89130d62664b640fcbabc74b
# curl -H "Host:cafe.example.com" 47.93.131.72/coffee
Server address: 192.168.55.156:80
Server name: default-coffee-56668d6f78-x9ktc
Date: 14/Nov/2019:09:01:49 +0000
URI: /coffee
Request ID: a4f1d84bb5288a260ecfc5d21ecccff6Ingress 链路访问成功,可以看到上述域名转发由 nginx ingress controller 完成。
当运行上述示例成功后,记得清理集群中的 ingress:
kubectl delete -f https://raw.githubusercontent.com/AliyunContainerService/serverless-k8s-examples/master/ingress-nginx/ingress-cafe-demo.yaml
更多 ASK 集群示例请参考:https://github.com/AliyunContainerService/serverless-k8s-examples
“阿里巴巴云原生微信公众号(ID:Alicloudnative)关注微服务、Serverless、容器、Service Mesh 等技术领域、聚焦云原生流行技术趋势、云原生大规模的落地实践,做最懂云原生开发者的技术公众号。”
