K 8 s Ingress Ngix使用
ここでは、どのようにイングレス・controllerを展開するかについては説明しませんが、イングレスのinxの使い方だけを実証します.主なプレゼンテーションは、手動で展開したnginxと同じように、ingres inxを使用することができるように、ingres inxの多様な構成を実現するために、ingres inxを使用する方法を示しています.ここでは以下のいくつかのケースを使って説明します.ケース1(基本転送、https構成とannotationsベース使用) ケース2(annotationsによるnginxの個別設定) ケース3(annotationsによるrewrite基本構成) ケース4(inx.ingress.kubergnetes.io/server-snippetの使い方を紹介する) ケース5(configMapを使ってよりパーソナライズされた構成をする) ケース1(最も簡単な基本構成):
-
apiVersion:
extensions/v1beta1
-
kind:
Ingress
-
metadata:
-
name:
ingress
-
namespace:
test
-
annotations:
-
kubernetes.io/ingress.class:
"nginx"
-
nginx.ingress.kubernetes.io/use-regex:
"true"
-
spec:
-
tls:
-
-
hosts:
-
-
nginx-a.gogen.cn
-
secretName:
gogen.cn
-
rules:
-
-
host:
nginx-a.gogen.cn
-
http:
-
paths:
-
-
path:
/
-
backend:
-
serviceName:
nginx-a
-
servicePort:
80
-
-
path:
/.*.(txt|css|doc)
-
backend:
-
serviceName:
nginx-b
-
servicePort:
80
-
-
path:
/(api|app)/
-
backend:
-
serviceName:
nginx-c
-
servicePort:
80
-
-
path:
/api
-
backend:
-
serviceName:
nginx-d
-
servicePort:
80
ingress, test ( )。 , :nginx-a,nginx-b,nginx-c nginx-d, port 80( )。
ingress tls , host secret。 secret, secret, :
kubectl create secret tls gogen.cn --cert=1592339__gogen.cn.pem --key=1592339__gogen.cn.key -n test
-
tls:
-
-
hosts:
# , ,
-
-
nginx-a.gogen.cn
# , , secret
-
secretName:
gogen.cn
# secret
annotations : server
-
# ingress controller , ingress controller
-
kubernetes.io/ingress.
class:
"nginx"
-
-
# rules path , ,
-
nginx.ingress.kubernetes.io/
use-
regex: "
true"
rules : location
-
rules:
-
-
host:
nginx-a.gogen.cn
# nginx server_name
-
http:
-
paths:
-
-
path:
/
# path location,path “/”。 ,
-
backend:
-
serviceName:
nginx-a
# service
-
servicePort:
80
# service , service port
-
-
path:
/.*.(txt|css|doc)
# ( ), , ingress controller nginx , txt,css,doc url nginx-b service
-
backend:
-
serviceName:
nginx-b
-
servicePort:
80
-
-
path:
/(api|app)/
# api app nginx-c service
-
backend:
-
serviceName:
nginx-c
-
servicePort:
80
-
-
path:
/api
# api url( , ) , nginx-d
-
backend:
-
serviceName:
nginx-d
-
servicePort:
80
: path ingress controller nginx location , location nginx 。path nginx , path , 。
2( ):
-
apiVersion: extensions/v1beta1
-
kind: Ingress
-
metadata:
-
name: ingress
-
namespace: test
-
annotations:
-
kubernetes.io/ingress.
class:
"nginx"
-
nginx.ingress.kubernetes.io/
use-regex:
"true"
-
nginx.ingress.kubernetes.io/
proxy-connect-timeout:
"600"
-
nginx.ingress.kubernetes.io/
proxy-send-timeout:
"600"
-
nginx.ingress.kubernetes.io/
proxy-read-timeout:
"600"
-
nginx.ingress.kubernetes.io/
proxy-body-size:
"10m"
-
spec:
-
tls:
-
-
hosts:
-
- nginx-a.gogen.cn
-
secretName: gogen.cn
-
rules:
-
-
host: nginx-a.gogen.cn
-
http:
-
paths:
-
-
path: /
-
backend:
-
serviceName: nginx-a
-
servicePort:
80
-
-
path: /.*.(txt|css|doc)
-
backend:
-
serviceName: nginx-b
-
servicePort:
80
-
-
path: /(api|app)/
-
backend:
-
serviceName: nginx-c
-
servicePort:
80
-
-
path: /api
-
backend:
-
serviceName: nginx-d
-
servicePort:
80
1 annotations
-
kubernetes.io/ingress.class: "nginx"
-
nginx.ingress.kubernetes.io/
use-regex:
"true"
-
-
# , 5s
-
nginx.ingress.kubernetes.io/proxy-
connect-
timeout:
"600"
-
-
# , 60s
-
nginx.ingress.kubernetes.io/proxy-send-
timeout:
"600"
-
-
# , 60s
-
nginx.ingress.kubernetes.io/proxy-
read-
timeout:
"600"
-
-
# , , 20m
-
nginx.ingress.kubernetes.io/proxy-
body-
size:
"10m"
, , nginx-configuration annotations
3(rewrite ):
-
apiVersion: extensions/v1beta1
-
kind: Ingress
-
metadata:
-
name: ingress-rewrite-tfs
-
namespace: test
-
annotations:
-
kubernetes.io/ingress.
class:
"nginx"
-
nginx.ingress.kubernetes.io/
rewrite-target:
https:
//gogen-test.oss-cn-hangzhou.aliyuncs.com
-
spec:
-
tls:
-
-
hosts:
-
- nginx-a.gogen.cn
-
secretName: gogen.cn
-
rules:
-
-
host: nginx-a.gogen.cn
-
http:
-
paths:
-
-
path: /v1/tfs
-
backend:
-
serviceName: nginx-a
-
servicePort:
80
, “nginx.ingress.kubernetes.io/rewrite-target” 。 https://nginx-a.gogen.cn/v1/tfs/(.*), rewrite https://gogen-test.oss-cn-hangzhou.aliyuncs.com/$1, path, rewrite, path( location) manifests 。 , ,
3(rewrite ):
-
apiVersion:
extensions/v1beta1
-
kind:
Ingress
-
metadata:
-
name:
ingress
-
namespace:
test
-
annotations:
-
kubernetes.io/ingress.class:
"nginx"
-
nginx.ingress.kubernetes.io/use-regex:
"true"
-
nginx.ingress.kubernetes.io/server-snippet:
|
-
if ($uri ~* "/v1/tfs/.*") {
-
rewrite ^/v1/tfs/(.*)$ https://gogen-test.oss-cn-hangzhou.aliyuncs.com/$1 permanent;
-
}
-
spec:
-
tls:
-
-
hosts:
-
-
nginx-a.gogen.cn
-
secretName:
gogen.cn
-
rules:
-
-
host:
nginx-a.gogen.cn
-
http:
-
paths:
-
-
path:
/
-
backend:
-
serviceName:
nginx-a
-
servicePort:
80
-
-
path:
/.*.(txt|css|doc)
-
backend:
-
serviceName:
nginx-b
-
servicePort:
80
-
-
path:
/(api|app)/
-
backend:
-
serviceName:
nginx-c
-
servicePort:
80
-
-
path:
/api
-
backend:
-
serviceName:
nginx-d
-
servicePort:
80
“nginx.ingress.kubernetes.io/server-snippet” , nginx , rewrite , , server
5(configMap ):
annotations nginx , configMap 。 configMap ,annotations configMap
configMap , :
-
apiVersion: v1
-
kind: ConfigMap
-
metadata:
-
name: nginx-configuration
-
namespace: kube-system
-
data:
-
use-http2:
"false"
-
ssl-protocols:
"TLSv1 TLSv1.1 TLSv1.2"
-
ssl-ciphers:
"HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM"
data 【 configMap 】,metadata name namespace , nginx-ingress-controller YAML
-
containers:
-
- args:
-
- /nginx-ingress-controller
-
-
--configmap=$(POD_NAMESPACE)/nginx-configuration
-
-
--tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
-
-
--udp-services-configmap=$(POD_NAMESPACE)/udp-services
-
-
--annotations-prefix=nginx.ingress.kubernetes.io
-
-
--publish-service=$(POD_NAMESPACE)/nginx-ingress-lb
-
-
--v=2
”- --configmap=$(POD_NAMESPACE)/nginx-configuration)“, configmap nginx-ingress-controller , ”/“
apply , configMap apply , pods, edit nginx-ingress-controller controller, pods , pods , , :
-
livenessProbe:
-
failureThreshold:
3
-
httpGet:
-
path:
/healthz
-
port:
10254
-
scheme:
HTTP
-
initialDelaySeconds:
10
-
periodSeconds:
10
-
successThreshold:
1
-
timeoutSeconds:
1
”initialDelaySeconds“ 11 , pod ,
https://blog.51cto.com/270142877/2338348