Configuring a backend service through Ingress

This page shows how to use a Kubernetes Ingress object to configure certain properties of a Google Cloud backend service.

Overview

In a GKE cluster, when you create a Kubernetes Ingress object, the GKE ingress controller wakes up and creates a Google Cloud HTTP(S) load balancer. The ingress controller configures the load balancer and also configures one or more backend services that are associated with the load balancer.

Beginning with GKE version 1.11.3-gke.18, you can use an Ingress to configure these properties of a backend service:

The configuration information for a backend service is held in a custom resource named BackendConfig.

To configure the properties of a backend service:

  1. Create a BackendConfig.
  2. Create a Service, and associate one of its ports with the BackendConfig.
  3. Create an Ingress, and associate the Ingress with the (Service, port) pair.

Before you begin

To prepare for this task, perform the following steps:

  • Ensure that you have enabled the Google Kubernetes Engine API.
  • Enable Google Kubernetes Engine API
  • Ensure that you have installed the Cloud SDK.
  • Set your default project ID:
    gcloud config set project [PROJECT_ID]
  • If you are working with zonal clusters, set your default compute zone:
    gcloud config set compute/zone [COMPUTE_ZONE]
  • If you are working with regional clusters, set your default compute region:
    gcloud config set compute/region [COMPUTE_REGION]
  • Update gcloud to the latest version:
    gcloud components update

Creating a Deployment

Before you create a BackendConfig and a Service, you need to create a Deployment. Here is a manifest for a Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-bsc-deployment
spec:
  selector:
    matchLabels:
      purpose: bsc-config-demo
  replicas: 2
  template:
    metadata:
      labels:
        purpose: bsc-config-demo
    spec:
      containers:
      - name: hello-app-container
        image: gcr.io/google-samples/hello-app:1.0

Copy the manifest to a file named my-bsc-deployment.yaml, and create the Deployment:

kubectl apply -f my-bsc-deployment.yaml

Creating a BackendConfig

Here's a manifest for a BackendConfig. The manifest specifies:

  • A timeout of 40 seconds.
  • A connection draining timeout of 60 seconds.
apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: my-bsc-backendconfig
spec:
  timeoutSec: 40
  connectionDraining:
    drainingTimeoutSec: 60

Copy the manifest to a file named my-bsc-backendconfig.yaml, and create the BackendConfig:

kubectl apply -f my-bsc-backendconfig.yaml

Creating a Service

Here's a manifest for a Service:

apiVersion: v1
kind: Service
metadata:
  name: my-bsc-service
  labels:
    purpose: bsc-config-demo
  annotations:
    beta.cloud.google.com/backend-config: '{"ports": {"80":"my-bsc-backendconfig"}}'
spec:
  type: NodePort
  selector:
    purpose: bsc-config-demo
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080

For the purpose of this exercise, these are the important things to note about your Service:

  • Any Pod that has the label purpose: bsc-config-demo is a member of the Service.

  • TCP port 80 of the Service is associated with a BackendConfig named my-bsc-backendconfig. The beta.cloud.google.com/backend-config annotation specifies this.

  • A request sent to port 80 of the Service is forwarded to one of the member Pods on port 8080.

Save the manifest to a file named my-bsc-service.yaml, and create the Service:

kubectl apply -f my-bsc-service.yaml

Creating an Ingress

Here's a manifest for an Ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-bsc-ingress
spec:
  rules:
  - http:
      paths:
      - path: /*
        backend:
          serviceName: my-bsc-service
          servicePort: 80

In the manifest, you can see that incoming requests are routed to port 80 of the Service named my-bsc-service.

Copy the manifest to a file named my-bsc-ingress.yaml, and create the Ingress:

kubectl apply -f my-bsc-ingress.yaml

Wait a few minutes for the ingress controller to configure an HTTP(S) load balancer and an associated backend service.

Viewing the backend service

View your Service:

kubectl get service my-bsc-service

Make a note of the node port value that shows in the output. For example, in the following output, the node port value is 30936.

NAME             TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
my-bsc-service   NodePort   10.83.15.111   none          80:30936/TCP   2m

List the backend services in your Google Cloud project.

gcloud compute backend-services list

In the output, find the name of your backend service. It's the name that contains the node port of your Service. For example, if your node port is 30936, the name of your backend service would be similar to this:

NAME
...
k8s-be-30936--078bc860bb6f7a2f
...

Describe your backend service:

gcloud compute backend-services describe [BACKEND_SERVICE_NAME] --global

where [BACKEND_SERVICE_NAME] is the name of your backend service.

The output shows values for the properties that you configured:

connectionDraining:
  drainingTimeoutSec: 60
...
timeoutSec: 40

Setting client IP affinity

You can use a BackendConfig to configure client IP affinity.

To do this exercise, you need a VPC-native cluster. Client IP affinity is useful only for Services that are backed by network endpoint groups, and network endpoint groups require a VPC-native cluster.

To set client IP affinity, set affinityType to "CLIENT_IP" in your BackendConfig manifest.

apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: my-bsc-backendconfig
spec:
  timeoutSec: 40
  connectionDraining:
    drainingTimeoutSec: 60
  sessionAffinity:
    affinityType: "CLIENT_IP"

In your Service manifest, include the cloud.google.com/neg: '{"ingress": true}' annotation:

kind: Service
metadata:
  name: my-bsc-service
  labels:
    purpose: bsc-config-demo
  annotations:
    cloud.google.com/neg: '{"ingress": true}'
    beta.cloud.google.com/backend-config: '{"ports": {"80":"my-bsc-backendconfig"}}'
...

You can use a BackendConfig to configure generated cookie affinity.

To do this exercise, you need a VPC-native cluster. Generated cookie affinity is useful only for Services that are backed by network endpoint groups, and network endpoint groups require a VPC-native cluster.

To set generated cookie affinity, set affinityType to "GENERATED_COOKIE" in your BackendConfig manifest. You can also use affinityCookieTtlSec to set the time period for the cookie.

sessionAffinity:
  affinityType: "GENERATED_COOKIE"
  affinityCookieTtlSec: 50

In your Service manifest, include the cloud.google.com/neg: '{"ingress": true}' annotation:

kind: Service
metadata:
  name: my-bsc-service
  labels:
    purpose: bsc-config-demo
  annotations:
    cloud.google.com/neg: '{"ingress": true}'
    beta.cloud.google.com/backend-config: '{"ports": {"80":"my-bsc-backendconfig"}}'
...

Cleaning up

After completing the exercises on this page, follow these steps to remove the resources to prevent unwanted charges incurring on your account:

Delete the Kubernetes objects that you created for this exercise:

kubectl delete ingress my-bsc-ingress
kubectl delete service my-bsc-service
kubectl delete backendconfig my-bsc-backendconfig
kubectl delete deployment my-bsc-deployment

What's next

Apakah halaman ini membantu? Beri tahu kami pendapat Anda:

Kirim masukan tentang...

Kubernetes Engine Documentation