TkeServiceConfig
is a custom resource definition (CRD) provided by TKE to help you manage the various configurations of CLB with an Ingress more flexibly.
The CLB parameters and features that cannot be defined by the semantics of Ingress YAML
can be configured through TkeServiceConfig
.
TkeServiceConfig
helps you quickly configure CLB. You can specify a target configuration for application to an Ingress through the Ingress annotation ingress.cloud.tencent.com/tke-service-config:<config-name>
.
Note:The
TkeServiceConfig
resource needs to be in the same namespace as the Ingress.
TkeServiceConfig
doesn't help you configure and modify the protocol, port, domain name, and forwarding path; instead, you need to describe them in the configuration to specify the forwarding rule for delivery by the configuration.
There can be multiple domain names under each layer-7 listener and multiple forwarding paths under each domain name. Therefore, you can declare multiple combinations of domain name and forwarding rule configurations in TkeServiceConfig
. Currently, configurations are mainly provided for CLB health check and backend access.
spec.loadBalancer.l7Listeners.protocol
: layer-7 protocolspec.loadBalancer.l7Listeners.port
: listening portspec.loadBalancer.l7Listeners.protocol
: layer-7 protocolspec.loadBalancer.l7Listeners.port
: listening portspec.loadBalancer.l7Listeners.domains[].domain
: domain namespec.loadBalancer.l7Listeners.domains[].rules[].url
: forwarding pathspec.loadBalancer.l7listeners.protocol.domain.rules.url.forwardType
: specified backend protocolNote:When your domain name is configured as the default value, i.e., public or private VIP, you can configure by entering a null value in the
domain
field.
**ingress.cloud.tencent.com/tke-service-config-auto:<true>**
when creating an Ingress, <IngressName>-auto-ingress-config
will be created automatically. You can also specify the TkeServiceConfig
you created on your own directly through **ingress.cloud.tencent.com/tke-service-config:<config-name>**
. The two annotations cannot be used at the same time. -auto-service-config
or -auto-ingress-config
.TkeServiceConfig
has the following sync behaviors:Ingress-Controller
will automatically add the corresponding TkeServiceConfig
configuration segment for the rule if it doesn't exist.Ingress-Controller
component will automatically delete the corresponding TkeServiceConfig
segment.TkeServiceConfig
will also be deleted.TkeServiceConfig
of the Ingress, the TkeServiceConfig
content will also be applied to CLB.TkeServiceConfig
configuration reference, which is imported by the Service through the **ingress.cloud.tencent.com/tke-service-config:<config-name>**
annotation.TkeServiceConfig
has the following sync behaviors:TkeServiceConfig
configuration, CLB of the Ingress that imports the configuration will set sync based on the new TkeServiceConfig
.apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: jetty
name: jetty-deployment
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app: jetty
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: jetty
spec:
containers:
- image: jetty:9.4.27-jre11
imagePullPolicy: IfNotPresent
name: jetty
ports:
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
apiVersion: v1
kind: Service
metadata:
name: jetty-service
namespace: default
spec:
ports:
- name: tcp-80-80
port: 80
protocol: TCP
targetPort: 80
- name: tcp-443-443
port: 443
protocol: TCP
targetPort: 443
selector:
app: jetty
type: NodePort
This example contains the following configuration:
Service NodePort
type, with two TCP services declared, one on port 80 and the other on port 443.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.rule-mix: "true"
kubernetes.io/ingress.http-rules: '[{"path":"/health","backend":{"serviceName":"jetty-service","servicePort":"80"}}]'
kubernetes.io/ingress.https-rules: '[{"path":"/","backend":{"serviceName":"jetty-service","servicePort":"443","host":"sample.tencent.com"}}]'
ingress.cloud.tencent.com/tke-service-config: jetty-ingress-config
# Specify the existing `tke-service-config`
# ingress.cloud.tencent.com/tke-service-config-auto: "true"
# Automatically create a `tke-service-config`
name: jetty-ingress
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: jetty-service
servicePort: 80
path: /health
- host: "sample.tencent.com"
http:
paths:
- backend:
serviceName: jetty-service
servicePort: 443
path: /
tls:
- secretName: jetty-cert-secret
This example contains the following configuration:
sample.tencent.com
domain name is used to expose an HTTPS service./health
, and that of the HTTPS service is /
.jetty-ingress-config
CLB configuration is used.TkeServiceConfig
: jetty-ingress-config.yamlapiVersion: cloud.tencent.com/v1alpha1
kind: TkeServiceConfig
metadata:
name: jetty-ingress-config
namespace: default
spec:
loadBalancer:
l7Listeners:
- protocol: HTTP
port: 80
domains:
- domain: "" # When `domain` is null, the VIP is used as the domain name
rules:
- url: "/health"
forwardType: HTTP # It specifies HTTP as the backend protocol
healthCheck:
enable: false
- protocol: HTTPS
port: 443
defaultServer: "sample.tencent.com" # Default domain name
keepaliveEnable: 1 # Enable persistent connection for the listener
domains:
- domain: "sample.tencent.com"
rules:
- url: "/"
forwardType: HTTPS # It specifies HTTPS as the backend protocol
session:
enable: true
sessionExpireTime: 3600
healthCheck:
enable: true
intervalTime: 10 # `intervalTime` must be greater than `timeout`; otherwise, an error will occur.
timeout: 5 # `timeout` must be smaller than `intervalTime`; otherwise, an error will occur.
healthNum: 2
unHealthNum: 2
httpCheckPath: "/checkHealth"
httpCheckDomain: "sample.tencent.com" # Note: the health check must use a fixed domain name for detection. If you enter a wildcard domain name in `.spec.loadBalancer.l7Listeners.protocol.domains.domain`, be sure to use the `httpCheckDomain` field to specify the domain name that requires health check; otherwise, the wildcard domain name does not support health check.
httpCheckMethod: HEAD
scheduler: WRR
This example contains the following configuration:
The name of the TkeServiceConfig
is jetty-ingress-config
, and in the layer-7 listener configuration, two configuration segments are declared:
/health
path is disabled.sample.tencent.com
. Under this domain name, only a forwarding rule configuration with the forwarding path of /
is described, which contains the following:HEAD
requests, the check path is /checkHealth
, and the check domain name is sample.tencent.com
.➜ kubectl apply -f jetty-deployment.yaml
➜ kubectl apply -f jetty-service.yaml
➜ kubectl apply -f jetty-ingress.yaml
➜ kubectl apply -f jetty-ingress-config.yaml
➜ kubectl get pods
NAME READY STATUS RESTARTS AGE
jetty-deployment-8694c44b4c-cxscn 1/1 Running 0 8m8s
jetty-deployment-8694c44b4c-mk285 1/1 Running 0 8m8s
jetty-deployment-8694c44b4c-rjrtm 1/1 Running 0 8m8s
# Get the `TkeServiceConfig` configuration list
➜ kubectl get tkeserviceconfigs.cloud.tencent.com
NAME AGE
jetty-ingress-config 52s
# Update and modify the `TkeServiceConfig` configuration
➜ kubectl edit tkeserviceconfigs.cloud.tencent.com jetty-ingress-config
tkeserviceconfigs.cloud.tencent.com/jetty-ingress-config edited
Apakah halaman ini membantu?