HTTP 應用程式路由HTTP application routing

HTTP 應用程式路由解決方案可讓您輕鬆存取已部署至 Azure Kubernetes Service (AKS) 叢集的應用程式。The HTTP application routing solution makes it easy to access applications that are deployed to your Azure Kubernetes Service (AKS) cluster. 啟用此解決方案時,它會在 AKS 叢集中設定輸入控制器。When the solution's enabled, it configures an Ingress controller in your AKS cluster. 部署應用程式時,此解決方案也會針對應用程式端點建立可公開存取的 DNS 名稱。As applications are deployed, the solution also creates publicly accessible DNS names for application endpoints.

啟用附加元件時,它會在您的訂用帳戶中建立 DNS 區域。When the add-on is enabled, it creates a DNS Zone in your subscription. 如需 DNS 成本的詳細資訊,請參閱 DNS 定價For more information about DNS cost, see DNS pricing.

警告

HTTP 應用程式路由附加元件依設計可讓您快速建立輸入控制器,以及存取您的應用程式。The HTTP application routing add-on is designed to let you quickly create an ingress controller and access your applications. 不建議將此附加元件用於生產環境。This add-on is not recommended for production use. 若要進行包含多個複本和 TLS 支援的生產環境輸入部署,請參閱建立 HTTPS 輸入控制器For production-ready ingress deployments that include multiple replicas and TLS support, see Create an HTTPS ingress controller.

HTTP 路由解決方案概觀HTTP routing solution overview

附加元件會部署兩個元件:Kubernetes 輸入控制器External-DNS 控制器。The add-on deploys two components: a Kubernetes Ingress controller and an External-DNS controller.

  • 輸入控制器:輸入控制器會使用 LoadBalancer 類型的 Kubernetes 服務來向網際網路公開。Ingress controller: The Ingress controller is exposed to the internet by using a Kubernetes service of type LoadBalancer. 輸入控制器會監看並實作 Kubernetes 輸入資源,以建立應用程式端點的路由。The Ingress controller watches and implements Kubernetes Ingress resources, which creates routes to application endpoints.
  • External-DNS 控制器:監看 Kubernetes 輸入資源,並在叢集特有的 DNS 區域中建立 DNS A 記錄。External-DNS controller: Watches for Kubernetes Ingress resources and creates DNS A records in the cluster-specific DNS zone.

部署 HTTP 路由:CLIDeploy HTTP routing: CLI

部署 AKS 叢集時,可以使用 Azure CLI 來啟用 HTTP 應用程式路由附加元件。The HTTP application routing add-on can be enabled with the Azure CLI when deploying an AKS cluster. 若要這樣做,請使用 az aks create 命令並搭配 --enable-addons 引數。To do so, use the az aks create command with the --enable-addons argument.

az aks create --resource-group myResourceGroup --name myAKSCluster --enable-addons http_application_routing

提示

如果您想要啟用多個附加元件,請以逗號分隔的清單來提供它們。If you want to enable multiple add-ons, provide them as a comma-separated list. 例如,若要啟用 HTTP 應用程式路由和監視,請使用格式 --enable-addons http_application_routing,monitoringFor example, to enable HTTP application routing and monitoring, use the format --enable-addons http_application_routing,monitoring.

您也可以使用 az aks enable-addons 命令,在現有 AKS 叢集上啟用 HTTP 路由。You can also enable HTTP routing on an existing AKS cluster using the az aks enable-addons command. 若要在現有叢集上啟用 HTTP 路由,請新增 --addons 參數並指定 http_application_routing,如下列範例所示:To enable HTTP routing on an existing cluster, add the --addons parameter and specify http_application_routing as shown in the following example:

az aks enable-addons --resource-group myResourceGroup --name myAKSCluster --addons http_application_routing

部署或更新叢集之後,請使用 az aks show 命令來擷取 DNS 區域名稱。After the cluster is deployed or updated, use the az aks show command to retrieve the DNS zone name. 需要此名稱,才能將應用程式部署至 AKS 叢集。This name is needed to deploy applications to the AKS cluster.

$ az aks show --resource-group myResourceGroup --name myAKSCluster --query addonProfiles.httpApplicationRouting.config.HTTPApplicationRoutingZoneName -o table

Result
-----------------------------------------------------
9f9c1fe7-21a1-416d-99cd-3543bb92e4c3.eastus.aksapp.io

部署 HTTP 路由:入口網站Deploy HTTP routing: Portal

部署 AKS 叢集時,可透過 Azure 入口網站啟用 HTTP 應用程式路由附加元件。The HTTP application routing add-on can be enabled through the Azure portal when deploying an AKS cluster.

啟用 HTTP 路由功能

部署叢集之後,瀏覽至自動建立的 AKS 資源群組,並選取 DNS 區域。After the cluster is deployed, browse to the auto-created AKS resource group and select the DNS zone. 記下 DNS 區域名稱。Take note of the DNS zone name. 需要此名稱,才能將應用程式部署至 AKS 叢集。This name is needed to deploy applications to the AKS cluster.

取得 DNS 區域名稱

使用 HTTP 路由Use HTTP routing

HTTP 應用程式路由解決方案只會在所標註的輸入資源上觸發,如下所示:The HTTP application routing solution may only be triggered on Ingress resources that are annotated as follows:

annotations:
  kubernetes.io/ingress.class: addon-http-application-routing

建立名為 samples-http-application-routing.yaml 的檔案,然後將下列 YAML 複製進來。Create a file named samples-http-application-routing.yaml and copy in the following YAML. 在第 43 行上,使用本文上一個步驟所收集的 DNS 區域名稱來更新 <CLUSTER_SPECIFIC_DNS_ZONE>On line 43, update <CLUSTER_SPECIFIC_DNS_ZONE> with the DNS zone name collected in the previous step of this article.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: party-clippy
spec:
  template:
    metadata:
      labels:
        app: party-clippy
    spec:
      containers:
      - image: r.j3ss.co/party-clippy
        name: party-clippy
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 250m
            memory: 256Mi
        tty: true
        command: ["party-clippy"]
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: party-clippy
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: party-clippy
  type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: party-clippy
  annotations:
    kubernetes.io/ingress.class: addon-http-application-routing
spec:
  rules:
  - host: party-clippy.<CLUSTER_SPECIFIC_DNS_ZONE>
    http:
      paths:
      - backend:
          serviceName: party-clippy
          servicePort: 80
        path: /

使用 kubectl apply 命令來建立資源。Use the kubectl apply command to create the resources.

$ kubectl apply -f samples-http-application-routing.yaml

deployment "party-clippy" created
service "party-clippy" created
ingress "party-clippy" created

使用 cURL 或瀏覽器來瀏覽至 samples-http-application-routing.yaml 檔案 host 區段中所指定的主機名稱。Use cURL or a browser to navigate to the hostname specified in the host section of the samples-http-application-routing.yaml file. 應用程式最多需要一分鐘的時間,就能透過網際網路使用。The application can take up to one minute before it's available via the internet.

$ curl party-clippy.471756a6-e744-4aa0-aa01-89c4d162a7a7.canadaeast.aksapp.io

 _________________________________
/ It looks like you're building a \
\ microservice.                   /
 ---------------------------------
 \
  \
     __
    /  \
    |  |
    @  @
    |  |
    || |/
    || ||
    |\_/|
    \___/

移除 HTTP 路由Remove HTTP routing

HTTP 路由解決方案可以使用 Azure CLI 來移除。The HTTP routing solution can be removed using the Azure CLI. 若要執行此動作,請執行下列命令,並替代您的 AKS 叢集和資源群組名稱。To do so run the following command, substituting your AKS cluster and resource group name.

az aks disable-addons --addons http_application_routing --name myAKSCluster --resource-group myResourceGroup --no-wait

停用 HTTP 應用程式路由附加元件時,某些 Kubernetes 資源可能會留在叢集中。When the HTTP application routing add-on is disabled, some Kubernetes resources may remain in the cluster. 這些資源包括 configMaps 和 secrets ,且會建立在 kube-system 命名空間中。These resources include configMaps and secrets, and are created in the kube-system namespace. 為了讓叢集保持乾淨,建議您移除這些資源。To maintain a clean cluster, you may want to remove these resources.

使用下列 kubectl get 命令尋找 addon-http-application-routing 資源:Look for addon-http-application-routing resources using the following kubectl get commands:

kubectl get deployments --namespace kube-system
kubectl get services --namespace kube-system
kubectl get configmaps --namespace kube-system
kubectl get secrets --namespace kube-system

下列範例輸出會顯示應該刪除的 configMaps:The following example output shows configMaps that should be deleted:

$ kubectl get configmaps --namespace kube-system

NAMESPACE     NAME                                                       DATA   AGE
kube-system   addon-http-application-routing-nginx-configuration         0      9m7s
kube-system   addon-http-application-routing-tcp-services                0      9m7s
kube-system   addon-http-application-routing-udp-services                0      9m7s

若要刪除資源,請使用 kubectl delete 命令。To delete resources, use the kubectl delete command. 指定資源類型、資源名稱和命名空間。Specify the resource type, resource name, and namespace. 下列範例會刪除先前的其中一個 configmaps:The following example deletes one of the previous configmaps:

kubectl delete configmaps addon-http-application-routing-nginx-configuration --namespace kube-system

針對留在叢集中的所有 addon-http-application-routing 資源重複先前 kubectl delete 步驟。Repeat the previous kubectl delete step for all addon-http-application-routing resources that remained in your cluster.

疑難排解Troubleshoot

使用 kubectl logs 命令來檢視 External-DNS 應用程式的應用程式記錄。Use the kubectl logs command to view the application logs for the External-DNS application. 記錄應該確認是否已成功建立 A 和 TXT DNS 記錄。The logs should confirm that an A and TXT DNS record were created successfully.

$ kubectl logs -f deploy/addon-http-application-routing-external-dns -n kube-system

time="2018-04-26T20:36:19Z" level=info msg="Updating A record named 'party-clippy' to '52.242.28.189' for Azure DNS zone '471756a6-e744-4aa0-aa01-89c4d162a7a7.canadaeast.aksapp.io'."
time="2018-04-26T20:36:21Z" level=info msg="Updating TXT record named 'party-clippy' to '"heritage=external-dns,external-dns/owner=default"' for Azure DNS zone '471756a6-e744-4aa0-aa01-89c4d162a7a7.canadaeast.aksapp.io'."

這些記錄也可在 Azure 入口網站中的 DNS 區域資源上看到。These records can also be seen on the DNS zone resource in the Azure portal.

取得 DNS 記錄

使用 kubectl logs 命令來檢視 Nginx 輸入控制器的應用程式記錄。Use the kubectl logs command to view the application logs for the Nginx Ingress controller. 記錄應該確認輸入資源的 CREATE 以及是否已重新載入控制器。The logs should confirm the CREATE of an Ingress resource and the reload of the controller. 系統會記錄所有 HTTP 活動。All HTTP activity is logged.

$ kubectl logs -f deploy/addon-http-application-routing-nginx-ingress-controller -n kube-system

-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:    0.13.0
  Build:      git-4bc943a
  Repository: https://github.com/kubernetes/ingress-nginx
-------------------------------------------------------------------------------

I0426 20:30:12.212936       9 flags.go:162] Watching for ingress class: addon-http-application-routing
W0426 20:30:12.213041       9 flags.go:165] only Ingress with class "addon-http-application-routing" will be processed by this ingress controller
W0426 20:30:12.213505       9 client_config.go:533] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0426 20:30:12.213752       9 main.go:181] Creating API client for https://10.0.0.1:443
I0426 20:30:12.287928       9 main.go:225] Running in Kubernetes Cluster version v1.8 (v1.8.11) - git (clean) commit 1df6a8381669a6c753f79cb31ca2e3d57ee7c8a3 - platform linux/amd64
I0426 20:30:12.290988       9 main.go:84] validated kube-system/addon-http-application-routing-default-http-backend as the default backend
I0426 20:30:12.294314       9 main.go:105] service kube-system/addon-http-application-routing-nginx-ingress validated as source of Ingress status
I0426 20:30:12.426443       9 stat_collector.go:77] starting new nginx stats collector for Ingress controller running in namespace  (class addon-http-application-routing)
I0426 20:30:12.426509       9 stat_collector.go:78] collector extracting information from port 18080
I0426 20:30:12.448779       9 nginx.go:281] starting Ingress controller
I0426 20:30:12.463585       9 event.go:218] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"kube-system", Name:"addon-http-application-routing-nginx-configuration", UID:"2588536c-4990-11e8-a5e1-0a58ac1f0ef2", APIVersion:"v1", ResourceVersion:"559", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap kube-system/addon-http-application-routing-nginx-configuration
I0426 20:30:12.466945       9 event.go:218] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"kube-system", Name:"addon-http-application-routing-tcp-services", UID:"258ca065-4990-11e8-a5e1-0a58ac1f0ef2", APIVersion:"v1", ResourceVersion:"561", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap kube-system/addon-http-application-routing-tcp-services
I0426 20:30:12.467053       9 event.go:218] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"kube-system", Name:"addon-http-application-routing-udp-services", UID:"259023bc-4990-11e8-a5e1-0a58ac1f0ef2", APIVersion:"v1", ResourceVersion:"562", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap kube-system/addon-http-application-routing-udp-services
I0426 20:30:13.649195       9 nginx.go:302] starting NGINX process...
I0426 20:30:13.649347       9 leaderelection.go:175] attempting to acquire leader lease  kube-system/ingress-controller-leader-addon-http-application-routing...
I0426 20:30:13.649776       9 controller.go:170] backend reload required
I0426 20:30:13.649800       9 stat_collector.go:34] changing prometheus collector from  to default
I0426 20:30:13.662191       9 leaderelection.go:184] successfully acquired lease kube-system/ingress-controller-leader-addon-http-application-routing
I0426 20:30:13.662292       9 status.go:196] new leader elected: addon-http-application-routing-nginx-ingress-controller-5cxntd6
I0426 20:30:13.763362       9 controller.go:179] ingress backend successfully reloaded...
I0426 21:51:55.249327       9 event.go:218] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"party-clippy", UID:"092c9599-499c-11e8-a5e1-0a58ac1f0ef2", APIVersion:"extensions", ResourceVersion:"7346", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress default/party-clippy
W0426 21:51:57.908771       9 controller.go:775] service default/party-clippy does not have any active endpoints
I0426 21:51:57.908951       9 controller.go:170] backend reload required
I0426 21:51:58.042932       9 controller.go:179] ingress backend successfully reloaded...
167.220.24.46 - [167.220.24.46] - - [26/Apr/2018:21:53:20 +0000] "GET / HTTP/1.1" 200 234 "" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 197 0.001 [default-party-clippy-80] 10.244.0.13:8080 234 0.004 200

清除Clean up

移除本文中所建立的相關聯 Kubernetes 物件。Remove the associated Kubernetes objects created in this article.

$ kubectl delete -f samples-http-application-routing.yaml

deployment "party-clippy" deleted
service "party-clippy" deleted
ingress "party-clippy" deleted

後續步驟Next steps

如需在 AKS 中安裝 HTTPS 所保護之輸入控制器的相關資訊,請參閱 Azure Kubernetes Service (AKS) 上的 HTTPS 輸入For information on how to install an HTTPS-secured Ingress controller in AKS, see HTTPS Ingress on Azure Kubernetes Service (AKS).