Kubernetes 1.18中Ingress API的改进

作者: Rob Scott(Google),Christopher M Luciano(IBM)

Kubernetes中的Ingress API使大量控制器能够提供简单而强大的方法来管理到Kubernetes工作负载的入站网络流量。在Kubernetes 1.18中,我们对该API进行了3个重要的添加:

  • A new pathType field that can specify how Ingress paths should be matched.
  • A new IngressClass resource that can specify how Ingresses should be implemented by controllers.
  • 支持主机名中的通配符。

路径类型更好地匹配

路径类型的新概念使您可以指定路径的匹配方式。支持三种类型:

  • 具体实现(默认): With this path type, matching is up to the controller implementing the IngressClass. Implementations can treat this as a separate pathType or treat it identically to the Prefix or Exact path types.
  • 精确: 与网址路径完全匹配且区分大小写。
  • 字首: Matches based on a URL path prefix split by /. Matching is case sensitive and done on a path element by element basis.

带有入口类的扩展配置

The Ingress resource was designed with simplicity in mind, providing a simple set of fields that would be applicable in all use cases. Over time, as use cases evolved, implementations began to rely on a long list of custom annotations for further configuration. The new IngressClass resource provides a way to replace some of those annotations.

Each IngressClass specifies which controller should implement Ingresses of the class and can reference a custom resource with additional parameters.

apiVersion: "networking.k8s.io/v1beta1"
kind: "IngressClass"
metadata:
  name: "external-lb"
spec:
  controller: "example.com/ingress-controller"
  parameters:
    apiGroup: "k8s.example.com/v1alpha"
    kind: "IngressParameters"
    name: "external-lb"

指定入口的类别

A new ingressClassName field has been added to the Ingress spec that is used to reference the IngressClass that should be used to implement this Ingress.

弃用Ingress类注释

Before the IngressClass resource was added in Kubernetes 1.18, a similar concept of Ingress class was often specified with a kubernetes.io/ingress.class annotation on the Ingress. Although this annotation was never formally defined, it was widely supported by Ingress controllers, and should now be considered formally deprecated.

设置默认的IngressClass

It’s possible to mark a specific IngressClass as default in a cluster. Setting the ingressclass.kubernetes.io/is-default-class 注释为true IngressClass resource will ensure that new Ingresses without an ingressClassName specified will be assigned this default IngressClass.

支持主机名通配符

Many Ingress providers have supported wildcard hostname matching like *.foo.com matching app1.foo.com, but until now the spec assumed an exact FQDN match of the host. 主办 s can now be precise matches (for example “foo.bar.com”) or a wildcard (for example “*.foo.com”). Precise matches require that the http host header matches the 主办 setting. Wildcard matches require the http host header is equal to the suffix of the wildcard rule.

主办 主机头 比赛?
*.foo.combar.foo.com根据共享后缀进行匹配
*.foo.combaz.bar.foo.com没有匹配项,通配符仅覆盖一个DNS标签
*.foo.comfoo.com没有匹配项,通配符仅覆盖一个DNS标签

放在一起

These new Ingress features allow for much more configurability. Here’s an example of an Ingress that makes use of pathType, ingressClassName, and a hostname wildcard:

apiVersion: "networking.k8s.io/v1beta1"
kind: "Ingress"
metadata:
  name: "example-ingress"
spec:
  ingressClassName: "external-lb"
  rules:
  - host: "*.example.com"
    http:
      paths:
      - path: "/example"
        pathType: "Prefix"
        backend:
          serviceName: "example-service"
          servicePort: 80

入口控制器支持

由于这些功能是Kubernetes 1.18中的新增功能,因此每个Ingress控制器实现都需要一些时间来开发对这些新功能的支持。查看首选Ingress控制器的文档,以了解它们何时将支持此新功能。

入侵的未来

Ingress API有望从Beta升级到Kubernetes 1.19中的稳定API。它将继续提供一种简单的方法来管理Kubernetes工作负载的入站网络流量。该API有意保持简单和轻巧,但是一直希望为更高级的用例提供更大的可配置性。

目前正在开发一组高度可配置的新API,这些API将在将来提供Ingress的替代方案。这些API被称为新的“服务API”。它们无意替代任何现有的API,而是为复杂的用例提供了一种更具可配置性的替代方案。有关更多信息,请查看 GitHub上的服务API回购.