{"id":4077,"date":"2025-07-03T18:34:38","date_gmt":"2025-07-03T15:34:38","guid":{"rendered":"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/kubernetes-ingress\/"},"modified":"2025-07-03T18:41:12","modified_gmt":"2025-07-03T15:41:12","slug":"kubernetes-ingress","status":"publish","type":"docs","link":"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/kubernetes-ingress\/","title":{"rendered":"Kubernetes Ingress (\u041c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0432 Kubernetes)"},"content":{"rendered":"\n<p><strong><a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/kubernetes\/\" data-internallinksmanager029f6b8e52c=\"259\" title=\"Kubernetes (K8s)\">Kubernetes<\/a> Ingress<\/strong> \u2014 \u044d\u0442\u043e \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0432\u043d\u0435\u0448\u043d\u0438\u043c HTTP(S)-\u0442\u0440\u0430\u0444\u0438\u043a\u043e\u043c \u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c \u0432\u043d\u0443\u0442\u0440\u0438 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 Kubernetes \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043f\u0440\u0430\u0432\u0438\u043b \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438. \u0412 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u043f\u0440\u044f\u043c\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f <code>Service<\/code> \u0441 \u0442\u0438\u043f\u043e\u043c <code>LoadBalancer<\/code>, Ingress \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 \u0432\u0445\u043e\u0434\u0430 \u0441 \u0433\u0438\u0431\u043a\u043e\u0439 \u043b\u043e\u0433\u0438\u043a\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.<\/p>\n\n\n\n<p>Ingress \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 <strong>Ingress Controller<\/strong> \u2014 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u043c, \u0440\u0430\u0437\u0432\u0451\u0440\u043d\u0443\u0442\u044b\u043c \u0432 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u0435\u0442 Ingress-\u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0442\u0440\u0430\u0444\u0438\u043a\u0430. \u041e\u0434\u0438\u043d \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u043e\u0432 \u0438 \u0434\u043e\u043c\u0435\u043d\u043e\u0432, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/https\/\" data-internallinksmanager029f6b8e52c=\"221\" title=\"HTTPS (Hyper Text Transfer Protocol Secure)\">HTTPS<\/a>, \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u043f\u0440\u0430\u0432\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0431\u0430\u043b\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u043a\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 L7-\u0443\u0440\u043e\u0432\u043d\u044f.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u0417\u0430\u0447\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c Ingress<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u0426\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044f<\/strong> \u2014 \u043e\u0434\u0438\u043d \u0432\u0445\u043e\u0434\u043d\u043e\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043d\u0430 \u0432\u0435\u0441\u044c \u043a\u043b\u0430\u0441\u0442\u0435\u0440;<\/li>\n\n\n\n<li><strong>\u042d\u043a\u043e\u043d\u043e\u043c\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432<\/strong> \u2014 \u043d\u0435\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u043c <code>LoadBalancer<\/code> \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0438\u0441\u0430;<\/li>\n\n\n\n<li><strong>\u0413\u0438\u0431\u043a\u043e\u0441\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b<\/strong> \u2014 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u044b \u043f\u043e <code>host<\/code>, <code>path<\/code>, \u043f\u0440\u0435\u0444\u0438\u043a\u0441\u0430\u043c, \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u0430\u043c;<\/li>\n\n\n\n<li><strong>\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 HTTPS\/<a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/tls\/\" data-internallinksmanager029f6b8e52c=\"220\" title=\"TLS (Transport Layer Security)\">TLS<\/a><\/strong> \u2014 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0447\u0435\u0440\u0435\u0437 cert-manager);<\/li>\n\n\n\n<li><strong>\u0420\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u043c\u043e\u0441\u0442\u044c<\/strong> \u2014 \u0447\u0435\u0440\u0435\u0437 \u0430\u043d\u043d\u043e\u0442\u0430\u0446\u0438\u0438, middleware, CRD \u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u043d\u044b\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b (\u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u041a\u0430\u043a \u0443\u0441\u0442\u0440\u043e\u0435\u043d\u043e<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Ingress Controller<\/strong> (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, NGINX Ingress Controller) \u0441\u043b\u0443\u0448\u0430\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u0445 \u0442\u0438\u043f\u0430 <code>Ingress<\/code>;<\/li>\n\n\n\n<li>\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0432 YAML-\u0444\u0430\u0439\u043b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 (Ingress rules);<\/li>\n\n\n\n<li>\u041a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u0442 <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/proxy-server\/\" data-internallinksmanager029f6b8e52c=\"210\" title=\"Proxy Server (\u041f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440)\">\u043f\u0440\u043e\u043a\u0441\u0438<\/a> (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, NGINX, <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/envoy-proxy\/\" data-internallinksmanager029f6b8e52c=\"365\" title=\"Envoy Proxy (\u0412\u044b\u0441\u043e\u043a\u043e\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0440\u043e\u043a\u0441\u0438 \u0434\u043b\u044f \u043c\u0438\u043a\u0440\u043e\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432)\">Envoy<\/a> \u0438\u043b\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 engine);<\/li>\n\n\n\n<li>\u0412\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 (\u043f\u043e <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/ip-adres\/\" data-internallinksmanager029f6b8e52c=\"204\" title=\"IP-\u0430\u0434\u0440\u0435\u0441 (Internet Protocol)\">IP<\/a>, <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/dns\/\" data-internallinksmanager029f6b8e52c=\"199\" title=\"DNS (Domain Name System)\">DNS<\/a> \u0438\/\u0438\u043b\u0438 TLS) \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441 \u043f\u0440\u0430\u0432\u0438\u043b\u043e\u043c \u0438 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u043d\u0443\u0436\u043d\u044b\u0439 <code>Service<\/code>, \u0430 \u043e\u0442\u0442\u0443\u0434\u0430 \u2014 \u0432 \u043d\u0443\u0436\u043d\u044b\u0439 <code><a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/pod-v-kubernetes\/\" data-internallinksmanager029f6b8e52c=\"348\" title=\"Pod (\u0432 Kubernetes)\">Pod<\/a><\/code>.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u041f\u0440\u0438\u043c\u0435\u0440 \u0431\u0430\u0437\u043e\u0432\u043e\u0433\u043e Ingress-\u043c\u0430\u043d\u0438\u0444\u0435\u0441\u0442\u0430:<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  name: example-ingress\n  annotations:\n    nginx.ingress.kubernetes.io\/rewrite-target: \/\nspec:\n  rules:\n    - host: app.example.com\n      http:\n        paths:\n          - path: \/<a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/api\/\" data-internallinksmanager029f6b8e52c=\"226\" title=\"API (Application Programming Interface)\">api<\/a>\n            pathType: Prefix\n            backend:\n              service:\n                name: api-service\n                <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/port\/\" data-internallinksmanager029f6b8e52c=\"225\" title=\"Port (\u041f\u043e\u0440\u0442 )\">port<\/a>:\n                  number: 80\n<\/code><\/pre>\n\n\n\n<p>\u0417\u0434\u0435\u0441\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a <code>app.example.com\/api<\/code> \u0431\u0443\u0434\u0443\u0442 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0438\u0441 <code>api-service<\/code> \u0432 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0435.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ingress-NGINX<\/strong> \u2014 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 open source-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440, \u0448\u0438\u0440\u043e\u043a\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0430\u043d\u043d\u043e\u0442\u0430\u0446\u0438\u0438;<\/li>\n\n\n\n<li><strong>AWS ALB Ingress Controller<\/strong> \u2014 \u043d\u0430\u0442\u0438\u0432\u043d\u0430\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 AWS Application <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/load-balancer\/\" data-internallinksmanager029f6b8e52c=\"200\" title=\"Load Balancer (\u0411\u0430\u043b\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u0449\u0438\u043a \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438)\">Load Balancer<\/a>;<\/li>\n\n\n\n<li><strong>GKE Ingress<\/strong> \u2014 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043e\u0442 Google Cloud \u0441 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c provisioning&#8217;\u043e\u043c;<\/li>\n\n\n\n<li><strong>Traefik<\/strong> \u2014 \u043b\u0451\u0433\u043a\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/tcp\/\" data-internallinksmanager029f6b8e52c=\"222\" title=\"TCP (Transmission Control Protocol)\">TCP<\/a>, WebSocket, <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/lets-encrypt\/\" data-internallinksmanager029f6b8e52c=\"319\" title=\"Let\u2019s Encrypt\">Let&#8217;s Encrypt<\/a>;<\/li>\n\n\n\n<li><strong>Kong Ingress Controller<\/strong> \u2014 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0441 <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/api-gateway\/\" data-internallinksmanager029f6b8e52c=\"343\" title=\"API Gateway (API-\u0448\u043b\u044e\u0437)\">API Gateway<\/a>-\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e;<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/istio\/\" data-internallinksmanager029f6b8e52c=\"366\" title=\"Istio (\u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f Service Mesh)\">Istio<\/a> Gateway (\u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u0430)<\/strong> \u2014 \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u043d\u043e\u0439 mesh-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTTPS termination \u0438 passthrough;<\/li>\n\n\n\n<li>Middleware (rate limiting, auth, IP white\/blacklists);<\/li>\n\n\n\n<li>Load balancing, sticky sessions;<\/li>\n\n\n\n<li>Canary deployments \u0438 A\/B-\u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044f (\u0432 Traefik, Istio);<\/li>\n\n\n\n<li>\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 WebSocket \u0438 gRPC (\u0432 NGINX, Envoy).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>Ingress<\/strong> \u2014 \u044d\u0442\u043e \u0444\u0443\u043d\u0434\u0430\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0440\u043e\u0434\u0430\u043a\u0448\u043d-\u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b Kubernetes, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0443\u044e, \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0438\u0440\u0443\u0435\u043c\u0443\u044e \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u0443\u044e \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044e \u0431\u0435\u0437 \u0438\u0437\u0431\u044b\u0442\u043e\u0447\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438.<\/p>\n\n\n\n<p>\u041e\u0442\u043b\u0438\u0447\u043d\u043e. \u0412\u043e\u0442 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u0435 \u2014 <strong>\u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f Ingress \u0441 TLS \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0432\u044b\u0434\u0430\u0447\u0435\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 cert-manager<\/strong>, \u043f\u043b\u044e\u0441 \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 Ingress-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u041f\u0440\u0438\u043c\u0435\u0440: Ingress \u0441 TLS + cert-manager (Let\u2019s Encrypt)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1. Cert-manager: ClusterIssuer<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: cert-manager.io\/v1\nkind: ClusterIssuer\nmetadata:\n  name: letsencrypt-prod\nspec:\n  acme:\n    server: https:\/\/acme-v02.api.letsencrypt.org\/directory\n    email: admin@example.com\n    privateKeySecretRef:\n      name: letsencrypt-prod-key\n    solvers:\n      - http01:\n          ingress:\n            class: nginx\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\">2. Ingress \u0441 TLS-\u0441\u0435\u043a\u0446\u0438\u0435\u0439<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  name: secure-app\n  annotations:\n    cert-manager.io\/cluster-issuer: \"letsencrypt-prod\"\n    nginx.ingress.kubernetes.io\/<a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/ssl\/\" data-internallinksmanager029f6b8e52c=\"219\" title=\"SSL (Secure Sockets Layer)\">ssl<\/a>-redirect: \"true\"\nspec:\n  tls:\n    - hosts:\n        - app.example.com\n      secretName: app-example-com-tls\n  rules:\n    - host: app.example.com\n      http:\n        paths:\n          - path: \/\n            pathType: Prefix\n            backend:\n              service:\n                name: app-service\n                port:\n                  number: 80\n<\/code><\/pre>\n\n\n\n<p>cert-manager \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442 \u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0442 TLS-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u043e\u0442 Let&#8217;s Encrypt, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 <code>app.example.com<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u0421\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 Ingress-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u041a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440<\/th><th>\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 TLS<\/th><th>Middleware<\/th><th>WebSocket\/gRPC<\/th><th>Rate Limiting<\/th><th>Canaries<\/th><th>Cloud-Native<\/th><\/tr><\/thead><tbody><tr><td><strong>NGINX Ingress<\/strong><\/td><td>\u0414\u0430<\/td><td>\u0427\u0435\u0440\u0435\u0437 \u0430\u043d\u043d\u043e\u0442\u0430\u0446\u0438\u0438<\/td><td>\u0414\u0430<\/td><td>\u0427\u0435\u0440\u0435\u0437 LUA\/\u043c\u043e\u0434\u0443\u043b\u0438<\/td><td>\u041d\u0435\u0442 (\u0447\u0430\u0441\u0442\u0438\u0447\u043d\u043e \u0447\u0435\u0440\u0435\u0437 LUA)<\/td><td>\u0427\u0430\u0441\u0442\u0438\u0447\u043d\u043e<\/td><\/tr><tr><td><strong>Traefik<\/strong><\/td><td>\u0414\u0430 (Let&#8217;s Encrypt built-in)<\/td><td>\u0414\u0430 (CRD)<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430<\/td><\/tr><tr><td><strong>Kong<\/strong><\/td><td>\u0414\u0430<\/td><td>\u041f\u043b\u0430\u0433\u0438\u043d\u044b (CRD\/API)<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430 (\u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043e)<\/td><td>\u0414\u0430 (\u0447\u0435\u0440\u0435\u0437 Enterprise)<\/td><td>\u0414\u0430 (via KIC)<\/td><\/tr><tr><td><strong>AWS ALB<\/strong><\/td><td>\u0414\u0430<\/td><td>\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043e<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430 (\u0447\u0435\u0440\u0435\u0437 <a href=\"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/waf\/\" data-internallinksmanager029f6b8e52c=\"305\" title=\"WAF (Web Application Firewall)\">WAF<\/a>)<\/td><td>\u0414\u0430 (\u0447\u0435\u0440\u0435\u0437 Target Groups)<\/td><td>\u0414\u0430 (AWS only)<\/td><\/tr><tr><td><strong>GKE Ingress<\/strong><\/td><td>\u0414\u0430<\/td><td>\u0427\u0430\u0441\u0442\u0438\u0447\u043d\u043e<\/td><td>\u0414\u0430<\/td><td>\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043e<\/td><td>\u041d\u0435\u0442<\/td><td>\u0414\u0430 (GCP only)<\/td><\/tr><tr><td><strong>Istio Gateway<\/strong><\/td><td>\u0414\u0430<\/td><td>\u0414\u0430 (EnvoyFilter)<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430<\/td><td>\u0414\u0430 (Service Mesh)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u041f\u0440\u0438\u043c\u0435\u0440: Canary rollout \u0447\u0435\u0440\u0435\u0437 NGINX Ingress Controller<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1. \u0411\u0430\u0437\u043e\u0432\u044b\u0439 \u0441\u0435\u0440\u0432\u0438\u0441:<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  name: app-ingress\n  annotations:\n    nginx.ingress.kubernetes.io\/canary: \"false\"\nspec:\n  rules:\n    - host: app.example.com\n      http:\n        paths:\n          - path: \/\n            pathType: Prefix\n            backend:\n              service:\n                name: app-v1\n                port:\n                  number: 80\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">2. Canary-\u043c\u0430\u0440\u0448\u0440\u0443\u0442:<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  name: app-canary\n  annotations:\n    nginx.ingress.kubernetes.io\/canary: \"true\"\n    nginx.ingress.kubernetes.io\/canary-weight: \"10\"  # 10% \u0442\u0440\u0430\u0444\u0438\u043a\u0430\nspec:\n  rules:\n    - host: app.example.com\n      http:\n        paths:\n          - path: \/\n            pathType: Prefix\n            backend:\n              service:\n                name: app-v2\n                port:\n                  number: 80\n<\/code><\/pre>\n\n\n\n<p>\u0417\u0434\u0435\u0441\u044c 90% \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e\u0439\u0434\u0443\u0442 \u043d\u0430 <code>app-v1<\/code>, \u0430 10% \u2014 \u043d\u0430 <code>app-v2<\/code>. \u041c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043f\u043e \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0443 (<code>canary-by-header<\/code>) \u0438\u043b\u0438 cookie.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u041f\u0440\u0438\u043c\u0435\u0440: Canary rollout \u0447\u0435\u0440\u0435\u0437 Traefik (CRD)<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: traefik.io\/v1alpha1\nkind: IngressRoute\nmetadata:\n  name: app\nspec:\n  entryPoints:\n    - web\n  routes:\n    - match: Host(`app.example.com`)\n      kind: Rule\n      services:\n        - name: app-v1\n          port: 80\n          weight: 90\n        - name: app-v2\n          port: 80\n          weight: 10\n<\/code><\/pre>\n\n\n\n<p>\u0412 Traefik \u0432\u0435\u0441 \u0437\u0430\u0434\u0430\u0451\u0442\u0441\u044f \u043f\u0440\u044f\u043c\u043e \u0432 CRD \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 L7-\u043f\u0440\u043e\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u0421\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u0435: Canary \u0447\u0435\u0440\u0435\u0437 NGINX vs Traefik<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440<\/th><th>NGINX Ingress<\/th><th>Traefik IngressRoute<\/th><\/tr><\/thead><tbody><tr><td><strong>\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 canary<\/strong><\/td><td>\u0414\u0430 (\u0447\u0435\u0440\u0435\u0437 \u0430\u043d\u043d\u043e\u0442\u0430\u0446\u0438\u0438)<\/td><td>\u0414\u0430 (\u0447\u0435\u0440\u0435\u0437 native weight CRD)<\/td><\/tr><tr><td><strong>\u041c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438<\/strong><\/td><td>HTTP header, cookie, \u043f\u0440\u043e\u0446\u0435\u043d\u0442<\/td><td>\u041f\u0440\u043e\u0446\u0435\u043d\u0442, header, SMI, sticky<\/td><\/tr><tr><td><strong>\u0413\u0438\u0431\u043a\u043e\u0441\u0442\u044c<\/strong><\/td><td>\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0430 \u0430\u043d\u043d\u043e\u0442\u0430\u0446\u0438\u044f\u043c\u0438<\/td><td>\u0420\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u043c\u044b\u0439 CRD<\/td><\/tr><tr><td><strong>A\/B-\u0442\u0435\u0441\u0442\u044b<\/strong><\/td><td>\u0422\u043e\u043b\u044c\u043a\u043e cookie\/header\/manual<\/td><td>\u0414\u0430 (\u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0438 sticky)<\/td><\/tr><tr><td><strong>\u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 mesh<\/strong><\/td><td>\u041d\u0435\u0442<\/td><td>\u0414\u0430 (Traefik Mesh, SMI)<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"featured_media":0,"parent":2927,"menu_order":168,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-4077","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/docs\/4077","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/comments?post=4077"}],"version-history":[{"count":2,"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/docs\/4077\/revisions"}],"predecessor-version":[{"id":4082,"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/docs\/4077\/revisions\/4082"}],"up":[{"embeddable":true,"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/docs\/2927"}],"next":[{"title":"Blue-Green Deployment (\u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439)","link":"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/blue-green-deployment\/","href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/docs\/4092"}],"prev":[{"title":"Redundancy (\u0418\u0437\u0431\u044b\u0442\u043e\u0447\u043d\u043e\u0441\u0442\u044c \u0432 \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435)","link":"https:\/\/cloudvps.by\/community\/docs\/glossarij\/terminy\/redundancy\/","href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/docs\/4058"}],"wp:attachment":[{"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/media?parent=4077"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/cloudvps.by\/community\/wp-json\/wp\/v2\/doc_tag?post=4077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}