NGINX Ingress Controller 配置代理外部服务
背景说明
前端工程,在开发环境配置了本地代理
上线后需要服务端设置代理;
传统的nginx环境则直接配置如下即可
location /tencent-mapapi/ {
proxy_redirect http:// $scheme://; #做https跳转;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://apis.map.qq.com;
}
在K8s中,则需要结合 NGINX Ingress Controller 进行配置;
NGINX Ingress Controller 基于域名的外部服务访问
定义外部域名的服务
apiVersion: v1
kind: Service
metadata:
name: tencent-map-test
namespace: test
spec:
externalName: apis.map.qq.com
ports:
- name: https
port: 443
protocol: TCP
targetPort: 443
sessionAffinity: None
type: ExternalName
定义ingress
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/rewrite-target: $1
nginx.ingress.kubernetes.io/upstream-vhost: apis.map.qq.com
name: my-external-proxy
namespace: test
spec:
rules:
- host: 'app.domain.com'
http:
paths:
- backend:
serviceName: tencent-map-test
servicePort: 443
path: /tencent-mapapi(.+)$
tls:
- hosts:
- '*.domain.com'
secretName: domain-com-tls