Explain the rainbow ingress universal domain name resolution mechanism in detail

Posted by konrad on Mon, 27 Dec 2021 19:00:13 +0100

Rainbond As a cloud native application management platform, it is born with a distributed gateway RBD gateway to guide north-south network traffic. Different from the general progress configuration, users need to define their own domain name experience. The gateway policy of rainbow can automatically generate a domain name access policy with one click. Through this domain name, users can immediately access the business system deployed on rainbow. This user experience is very friendly in the development test scenario. This article explains in detail how this mechanism is implemented.

Gateway and Ingress

The rainbow team has developed a high-performance distributed gateway component RBD gateway, which is used as the Ingress Controller within the cluster to handle the north-south traffic of the cluster. It also supports L4 and L7 layer protocols, as well as advanced functions such as one click opening WebSocket. When using it, a detail function point is very easy to use, that is, you can generate a domain name address that can be accessed with one click.

The format of this domain name is detailed as follows:


- servicePort: Target port name corresponding to access policy
- service_alias: Alias of the current service component
- tenant_name: Alias of the current team
- .17a4cc.grapps.cn: Pan resolved domain name of the current cluster

In fact, this routing rule is defined by the corresponding ingress and service in Kubernetes. The whole access link can be summarized as follows:

Turning on the external service switch is equivalent to automatically generating the following resources:

apiVersion: v1
kind: Service
    creator: Rainbond
    event_id: ""
    name: gr49d848ServiceOUT
    port_protocol: http
    protocol: http
    rainbond.com/tolerate-unready-endpoints: "true"
    service_alias: gr49d848
    service_port: "5000"
    service_type: outer
    tenant_name: 2c9v614j
  name: service-8965-5000out
  namespace: 3be96e95700a480c9b37c6ef5daf3566
  - name: tcp-5000
    port: 5000
    protocol: TCP
    targetPort: 5000
    name: gr49d848
  sessionAffinity: None
  type: ClusterIP
  loadBalancer: {}

apiVersion: extensions/v1beta1
kind: Ingress
    nginx.ingress.kubernetes.io/weight: "100"
  generation: 1
    creator: Rainbond
    service_alias: gr49d848
    tenant_name: 2c9v614j
  name: 3cf8d6bd89250eda87ac127c49694a05
  namespace: 3be96e95700a480c9b37c6ef5daf3566
  - host: 5000.gr49d848.2c9v614j.17a4cc.grapps.cn
      - backend:
          serviceName: service-8965-5000out
          servicePort: 5000
        path: /
  loadBalancer: {}

Automatically generate domain name

For most developers, domain names are a scarce resource. How to allocate domain names for their vast progress rules is a headache. After all, only when you have your own domain name can you fully control the resolution rules and avoid endlessly modifying the / etc/hosts file.

Most Kubernetes management tools on the market can generate Service and progress resources in a semi-automatic way. This semi-automatic method specifically allows the user to input the necessary information on the graphical UI interface, and then the management tool generates the corresponding yaml configuration file and loads it into Kubernetes. However, for the configured domain names, few tools can achieve the same use experience as rainbow.

The key to this excellent experience is the use of Pan resolved domain names.

The simplest and clear explanation for the pan resolved domain name is that it conforms to * mydomain.com any domain name under this rule can be resolved to the same IP address. In the current usage scenario, we only need to add the pan resolved domain name *. 17a4cc grapps. Cn resolves to the IP address of the server where RBD gateway is located, and you can configure the domain name conforming to the rules for the Ingress rule at will.

At the product design level, rainbow combines the Ingress rule and universal domain name resolution to automatically generate a globally unique domain name for each service port. During cluster installation, the resolution records are automatically registered with the public network DNS server. After cluster installation, all domain names generated can be resolved by the public network. As long as the PC client can use the public network DNS service, it can resolve the domain name and access the specified service port.

Rainbow distinguishes different clusters through different three-level domain names (such as 17a4cc in the current scenario). Here is a feature of Pan resolved domain names. The resolution records of child domain names have higher priority than those of parent domain names.

// Register and resolve the two-level universal domain name
*.grapps.cn           =Resolve record registration=>
*.17a4cc.grapps.cn    =Resolve record registration=>
// Client parsing results
abc.grapps.cn         =analysis IP address=>
abc.def.grapps.cn     =analysis IP address=>
abc.17a4cc.grapps.cn  =analysis IP address=>     // *. 17a4cc. Is preferred grapps. Resolution record of CN

Rainbond It is an open-source cloud native application management platform. It is easy to use and does not need to understand containers and Kubernetes. It supports the management of multiple Kubernetes clusters and provides full life cycle management of enterprise applications. Its functions include application development environment, application market, micro service architecture, continuous application delivery, application operation and maintenance, application level multi cloud management, etc.

Github: https://github.com/goodrain/r...

Official website: https://www.rainbond.com?chan...

Wechat group: please search and add group assistant wechat wylhzmyj

Nail group: please search for nail group No. 31096419

Topics: Kubernetes paas