通过AWS Ingress的注释alb.ingress.kubernetes.io/group.name,在一个ALB上共享集群中的多个服务,以节省ALB费用
解释
alb.ingress.kubernetes.io/group.nameはAWS Load Balancer Controlerから使うことができるIngressリソースのAnnotation
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#group.name
特徴
今まで、1Ingressに1ALBという1対1の関係でデプロイされていたが、これをn対1にすることができる
そうすることで、単純にコストを押させることができる
1つに集約するため、その分可用性は失われるので、本番環境では一考したほうがいいかもしれない
验证
namspaceを2つ作成し、別々のアプリをデプロイし、それぞれにルーティングされるかを見たい
每个应用程序的准备工作。
mkdir yellow/ green/
黄色应用程序
echo '<html style="background-color: green;"></html>' > green/index.html
cat <<EOF > green/Dockerfile
FROM public.ecr.aws/nginx/nginx:1.20-alpine
RUN mkdir -p /usr/share/nginx/html/green
COPY ./index.html /usr/share/nginx/html/green/index.html
EXPOSE 80
EOF
# ECRリポジトリを作る
aws ecr create-repository --repository-name green
绿色应用
echo '<html style="background-color: green;"></html>' > green/index.html
cat <<EOF > green/Dockerfile
FROM public.ecr.aws/nginx/nginx:1.20-alpine
RUN mkdir -p /usr/share/nginx/html/green
COPY ./index.html /usr/share/nginx/html/green/index.html
EXPOSE 80
EOF
# ECRリポジトリを作る
aws ecr create-repository --repository-name green
登入ECR
export AWS_REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
export AWS_REGISTRY_ID=$(aws ecr describe-registry --query registryId --output text)
export AWS_ECR_REPO=${AWS_REGISTRY_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ECR_REPO
黄色应用的构建和推送
cd yellow/
docker build . -t yellow
docker tag yellow:latest $AWS_ECR_REPO/yellow:latest
docker push $AWS_ECR_REPO/yellow:latest
cd ..
绿色应用的构建和推送
export AWS_REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
export AWS_REGISTRY_ID=$(aws ecr describe-registry --query registryId --output text)
export AWS_ECR_REPO=${AWS_REGISTRY_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ECR_REPO
清单文件
黄色应用
apiVersion: apps/v1
kind: Deployment
metadata:
name: yellow-app
namespace: color-app-1
labels:
app: yellow-app
spec:
selector:
matchLabels:
app: yellow-app
replicas: 2
template:
metadata:
labels:
app: yellow-app
spec:
containers:
- name: yellow-container
image: 697333814333.dkr.ecr.ap-northeast-1.amazonaws.com/yellow:latest
ports:
- containerPort: 80
resources:
limits:
memory: "100Mi"
cpu: "200m"
apiVersion: v1
kind: Service
metadata:
namespace: color-app-1
name: yellow-service
labels:
app: yellow-app
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /yellow/index.html
spec:
type: NodePort
selector:
app: yellow-app
ports:
- port: 80
targetPort: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: color-app-ingress
namespace: color-app-1
labels:
app: color-app
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/group.name: color-group
external-dns.alpha.kubernetes.io/hostname: color-app-1.vamdemic.xyz
spec:
rules:
- host: "color-app-1.vamdemic.xyz"
http:
paths:
- path: /yellow
pathType: Prefix
backend:
service:
name: yellow-service
port:
number: 80
綠色的應用程式使用
apiVersion: apps/v1
kind: Deployment
metadata:
name: yellow-app
namespace: color-app-1
labels:
app: yellow-app
spec:
selector:
matchLabels:
app: yellow-app
replicas: 2
template:
metadata:
labels:
app: yellow-app
spec:
containers:
- name: yellow-container
image: 697333814333.dkr.ecr.ap-northeast-1.amazonaws.com/yellow:latest
ports:
- containerPort: 80
resources:
limits:
memory: "100Mi"
cpu: "200m"
apiVersion: v1
kind: Service
metadata:
namespace: color-app-1
name: yellow-service
labels:
app: yellow-app
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /yellow/index.html
spec:
type: NodePort
selector:
app: yellow-app
ports:
- port: 80
targetPort: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: color-app-ingress
namespace: color-app-2
labels:
app: color-app
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/group.name: color-group
external-dns.alpha.kubernetes.io/hostname: color-app-2.vamdemic.xyz
spec:
rules:
- host: "color-app-2.vamdemic.xyz"
http:
paths:
- path: /green
pathType: Prefix
backend:
service:
name: green-service
port:
number: 80
部署
黄色的应用程序
kubectl create namespace color-app-1
kubectl apply -f color-app-deployment-1.yaml
kubectl apply -f color-app-service-1.yaml
kubectl apply -f color-app-ingress-1.yaml
綠色應用程式
kubectl create namespace color-app-2
kubectl apply -f color-app-deployment-2.yaml
kubectl apply -f color-app-service-2.yaml
kubectl apply -f color-app-ingress-2.yaml
考试
即使为每个命名空间创建了Ingress,由于alb.ingress.kubernetes.io/group.name跨越了命名空间,因此可以进行共享。
请注意
-
- ingressの設定
2.4.1で検証しました
externalDNSを設定してもいけます
その場合は、hostを付ける必要がたぶんあって、つけない場合、メッシュ状に接続できてしまうのでその時点で想定されていないエンドポイントを公開してしまうことになると思うから
参考。
以下是两个链接的中国式表述:
1. https://aws.amazon.com/jp/blogs/news/how-to-expose-multiple-applications-on-amazon-eks-using-a-single-application-load-balancer/ -> 通过单一应用负载均衡器在Amazon EKS上公开多个应用的方法(标题)
2. https://developers.freee.co.jp/entry/2020/12/14/130003 -> 如何在自由雇佣开发者博客上发布应用(标题)
