入口与负载均衡器 [英] Ingress vs Load Balancer

问题描述

我对 Kubernetes 中 Ingress 和 Load Balancer 的角色很困惑.

I am quite confused about the roles of Ingress and Load Balancer in Kubernetes.

据我所知，Ingress 用于将来自互联网的传入流量映射到集群中运行的服务.

As far as I understand Ingress is used to map incoming traffic from the internet to the services running in the cluster.

负载均衡器的作用是将流量转发到主机.在这方面，入口与负载均衡器有何不同?另外，与 Amazon ELB 和 ALB 相比，Kubernetes 内部的负载均衡器的概念是什么?

The role of load balancer is to forward traffic to a host. In that regard how does ingress differ from load balancer? Also what is the concept of load balancer inside kubernetes as compared to Amazon ELB and ALB?

推荐答案

负载均衡器: kubernetes LoadBalancer 服务是指向不在您的 kubernetes 集群中但存在的外部负载均衡器的服务别处.它们可以与您的 pod 一起使用，假设您的 pod 是外部可路由的.Google 和 AWS 本身就提供了这种功能.在亚马逊方面，这个直接映射到ELB，在AWS运行时kubernetes可以自动为每个部署的LoadBalancer服务预置配置一个ELB实例.

Load Balancer: A kubernetes LoadBalancer service is a service that points to external load balancers that are NOT in your kubernetes cluster, but exist elsewhere. They can work with your pods, assuming that your pods are externally routable. Google and AWS provide this capability natively. In terms of Amazon, this maps directly with ELB and kubernetes when running in AWS can automatically provision and configure an ELB instance for each LoadBalancer service deployed.

Ingress: Ingress 实际上只是一组要传递给监听它们的控制器的规则.你可以部署一堆入口规则，但除非你有一个可以处理它们的控制器，否则什么都不会发生.LoadBalancer 服务可以监听入口规则，如果它被配置为这样做的话.

Ingress: An ingress is really just a set of rules to pass to a controller that is listening for them. You can deploy a bunch of ingress rules, but nothing will happen unless you have a controller that can process them. A LoadBalancer service could listen for ingress rules, if it is configured to do so.

您还可以创建一个 NodePort 服务，该服务在集群外部具有可从外部路由的 IP，但指向集群中存在的 Pod.这可能是一个入口控制器.

You can also create a NodePort service, which has an externally routable IP outside the cluster, but points to a pod that exists within your cluster. This could be an Ingress Controller.

入口控制器只是一个配置为解释入口规则的 pod.kubernetes 支持的最流行的入口控制器之一是 nginx.在亚马逊方面，ALB可以用作入口控制器.

An Ingress Controller is simply a pod that is configured to interpret ingress rules. One of the most popular ingress controllers supported by kubernetes is nginx. In terms of Amazon, ALB can be used as an ingress controller.

例如，这个 nginx 控制器能够摄取入口您定义的规则并将它们转换为 nginx.conf 文件，该文件在其 pod 中加载和启动.

For an example, this nginx controller is able to ingest ingress rules you have defined and translate them to an nginx.conf file that it loads and starts in its pod.

例如，假设您按如下方式定义了一个入口:

Let's for instance say you defined an ingress as follows:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
   ingress.kubernetes.io/rewrite-target: /
 name: web-ingress
spec:
  rules:
  - host: kubernetes.foo.bar
    http:
      paths:
      - backend:
          serviceName: appsvc
          servicePort: 80
        path: /app

如果您随后检查您的 nginx 控制器 pod，您将看到在 /etc/nginx.conf 中定义的以下规则:

If you then inspect your nginx controller pod you'll see the following rule defined in /etc/nginx.conf:

server {
    server_name kubernetes.foo.bar;
    listen 80;
    listen [::]:80;
    set $proxy_upstream_name "-";
    location ~* ^/web2/?(?<baseuri>.*) {
        set $proxy_upstream_name "apps-web2svc-8080";
        port_in_redirect off;

        client_max_body_size                    "1m";

        proxy_set_header Host                   $best_http_host;

        # Pass the extracted client certificate to the backend

        # Allow websocket connections
        proxy_set_header                        Upgrade           $http_upgrade;
        proxy_set_header                        Connection        $connection_upgrade;

        proxy_set_header X-Real-IP              $the_real_ip;
        proxy_set_header X-Forwarded-For        $the_x_forwarded_for;
        proxy_set_header X-Forwarded-Host       $best_http_host;
        proxy_set_header X-Forwarded-Port       $pass_port;
        proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
        proxy_set_header X-Original-URI         $request_uri;
        proxy_set_header X-Scheme               $pass_access_scheme;

        # mitigate HTTPoxy Vulnerability
        # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
        proxy_set_header Proxy                  "";

        # Custom headers

        proxy_connect_timeout                   5s;
        proxy_send_timeout                      60s;
        proxy_read_timeout                      60s;

        proxy_redirect                          off;
        proxy_buffering                         off;
        proxy_buffer_size                       "4k";
        proxy_buffers                           4 "4k";

        proxy_http_version                      1.1;

        proxy_cookie_domain                     off;
        proxy_cookie_path                       off;

    rewrite /app/(.*) /$1 break;
    rewrite /app / break;
    proxy_pass http://apps-appsvc-8080;

    }

Nginx 刚刚创建了一个规则来路由 http://kubernetes.foo.bar/app 以指向集群中的服务 appsvc.

Nginx has just created a rule to route http://kubernetes.foo.bar/app to point to the service appsvc in your cluster.

这是一个示例，说明如何使用 nginx 入口实现 kubernetes 集群控制器.希望这会有所帮助！

Here is an example of how to implement a kubernetes cluster with an nginx ingress controller. Hope this helps!

这篇关于入口与负载均衡器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！