Explain the rainbow ingress universal domain name resolution mechanism

Rainbond As a cloud native application management platform , Born with a distributed gateway to guide north-south network traffic rbd-gateway. Different from the general Ingress Configuration in progress , Users need to define their own domain name experience ,Rainbond The gateway policy can automatically generate domain name access policy with one click , Through this domain name, users can immediately access the deployment in Rainbond Business system on . This user experience is very friendly in the development and test scenario , This article explains in detail how this mechanism is implemented .

Gateway And Ingress

Rainbond The team developed high-performance distributed gateway components rbd-gateway, As an internal part of the cluster Ingress Controller Handle the north-south traffic of the cluster . It also supports L4 and L7 Layer protocol , And one click on WebSocket And other advanced functions . When using it , A detail function point is very easy to use , That is, you can generate a domain name address that can be accessed with one click .

The format of this domain name is explained as follows ：

http://<servicePort>.<service_alias>.<tenant_name>.17a4cc.grapps.cn/

- servicePort:  The name of the target port corresponding to the access policy 
- service_alias:  Alias of the current service component 
- tenant_name:  Alias of the current team 
- .17a4cc.grapps.cn:  The pan resolved domain name of the current cluster 

actually , This routing rule , By Kubernetes Corresponding ingress and service Defined by the . The whole access link can be summarized in the following figure ：

Turn on Foreign service switch , It is equivalent to automatically generating the following resources ：

apiVersion: v1
kind: Service
metadata:
  labels:
    creator: Rainbond
    event_id: ""
    name: gr49d848ServiceOUT
    port_protocol: http
    protocol: http
    rainbond.com/tolerate-unready-endpoints: "true"
    service_alias: gr49d848
    service_port: "5000"
    service_type: outer
    tenant_name: 2c9v614j
  name: service-8965-5000out
  namespace: 3be96e95700a480c9b37c6ef5daf3566
spec:
  clusterIP: 172.21.7.172
  ports:
  - name: tcp-5000
    port: 5000
    protocol: TCP
    targetPort: 5000
  selector:
    name: gr49d848
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}
  
---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/weight: "100"
  generation: 1
  labels:
    creator: Rainbond
    service_alias: gr49d848
    tenant_name: 2c9v614j
  name: 3cf8d6bd89250eda87ac127c49694a05
  namespace: 3be96e95700a480c9b37c6ef5daf3566
spec:
  rules:
  - host: 5000.gr49d848.2c9v614j.17a4cc.grapps.cn
    http:
      paths:
      - backend:
          serviceName: service-8965-5000out
          servicePort: 5000
        path: /
status:
  loadBalancer: {}

Automatically generate domain name

For most developers , Domain name is a scarce resource , How to do more for yourself Ingress rule Assign a domain name , It's a headache . After all, only when you have your own domain name , To fully control the rules of its parsing , Avoid endless modifications /etc/hosts file .

The vast majority of the market Kubernetes Management tools can be generated semi automatically Service And Ingress resources . This semi-automatic approach specifically allows users to graphically UI On the interface , After entering the necessary information , The management tool generates the corresponding yaml The configuration file , And load to Kubernetes In the middle . But for the configured domain name , Few tools can do this, such as Rainbond The same experience .

The key to this excellent experience is the use of Pan resolved domain names .

The simplest and clearest explanation for Pan resolved domain names is ： accord with *.mydomain.com Any domain name of this rule , Can be resolved to the same IP Go to the address . In the current usage scenario , We just need to resolve the pan domain name *.17a4cc.grapps.cn Resolved to rbd-gateway Server IP Address , You can do as you like Ingress rule Configure the domain name that meets the rules .

Rainbond At the product design level Ingress rule Combined with Pan resolved domain names , Automatically generate globally unique domain names for each service port . And during cluster installation , Automatic public network DNS The server registered the resolution record , After the cluster is installed , All generated domain names , All can be parsed by the public network , as long as PC The client can use the public network DNS service , You can resolve the domain name , And access the specified service port .

Rainbond Through different three-level domain names （ For example, in the current scene 17a4cc） To distinguish different clusters . Here comes to a feature of Pan resolved domain names , Resolution record of child domain name , Resolution records with priority higher than the parent domain name .

===========================================
//  Register the resolution record for the two-level universal resolution domain name 
*.grapps.cn           = Resolve record registration => 1.1.1.1
*.17a4cc.grapps.cn    = Resolve record registration => 2.2.2.2
===========================================
===========================================
//  The client parses the result 
abc.grapps.cn         = analysis  IP  Address => 1.1.1.1
abc.def.grapps.cn     = analysis  IP  Address => 1.1.1.1
abc.17a4cc.grapps.cn  = analysis  IP  Address => 2.2.2.2     //  priority of use  *.17a4cc.grapps.cn  The parsing record of 

Rainbond It is an open source cloud native application management platform , Easy to use , You don't need to understand containers and Kubernetes, Support management of multiple Kubernetes colony , Provide full lifecycle management for enterprise applications , Functions include application development environment 、 Application market 、 Microservice architecture 、 Application continuous delivery 、 Application operation and maintenance 、 Application level multi cloud management, etc .

Github：https://github.com/goodrain/rainbond

Official website ：https://www.rainbond.com?channel=tencent