k8s的ingress使用

ingress

  可以配置一个入口来提供k8s上service从外部来访问的url、负载平衡流量、终止SSL和提供基于名称的虚拟主机。

 

配置ingress的yaml

  要求域名解析无误

  要求service对应的pod正常

 

一、test1.domain.com   -->  service1:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
        path: /

 

二、test1.domain.com   -->   /aaa   -->   service2:8080

                                         -->   /bbb   -->   service3:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
        path: /aaa
      - backend:
          serviceName: service2
          servicePort: 8080
        path: /bbb

 

三、test1.domain.com   -->  service1:8080

  test2.domain.com   -->  service4:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
  - host: test2.domain.com
    http:
      paths:
      - backend:
          serviceName: service4
          servicePort: 8080

 

四、test1.domain.com   -->  service1:8080

  没在request中定义主机名(即没有显示请求头)的请求   -->   service5:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
  - http:
      paths:
      - backend:
          serviceName: service5
          servicePort: 8080

 

五、https://test1.domain.com   -->  service1:8080

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
  tls:
  - hosts:
    - test1.domain.com
    secretName: domain-tls  #证书见下

  证书yaml

apiVersion: v1
data:
  tls.crt: cert(base64)  #转码见下
  tls.key: key(base64)
kind: Secret
metadata:
  name: domain-tls
  namespace: test
type: kubernetes.io/tls

  base64转码

cat fullchain.pem | base64 | tr '\n' ' ' | sed s/[[:space:]]//g   #中间去掉换行和空格
cat privkey.pem | base64 | tr '\n' ' ' | sed s/[[:space:]]//g

 

六、nginx中的设置,在ingress是通过annotations来配置的

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: test
  annotations:
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600s"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600s"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600s"
spec:
  rules:
  - host: test1.domain.com
    http:
      paths:
      - backend:
          serviceName: service1
          servicePort: 8080
        path: /

 

详细ingress链接https://kubernetes.io/docs/concepts/services-networking/ingress/

ingress中annotations的配置选项https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md

转载于:https://www.cnblogs.com/chy-op/p/10566657.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值