ingress
可以配置一个入口来提供k8s上service从外部来访问的url、负载平衡流量、终止SSL和提供基于名称的虚拟主机。
配置ingress的yaml:
要求域名解析无误
要求service对应的pod正常
一、test1.domain.com --> service1:8080
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress namespace: test spec: rules: - host: test1.domain.com http: paths: - backend: serviceName: service1 servicePort: 8080 path: /
二、test1.domain.com --> /aaa --> service2:8080
--> /bbb --> service3:8080
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress namespace: test spec: rules: - host: test1.domain.com http: paths: - backend: serviceName: service1 servicePort: 8080 path: /aaa - backend: serviceName: service2 servicePort: 8080 path: /bbb
三、test1.domain.com --> service1:8080
test2.domain.com --> service4:8080
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress namespace: test spec: rules: - host: test1.domain.com http: paths: - backend: serviceName: service1 servicePort: 8080 - host: test2.domain.com http: paths: - backend: serviceName: service4 servicePort: 8080
四、test1.domain.com --> service1:8080
没在request中定义主机名(即没有显示请求头)的请求 --> service5:8080
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress namespace: test spec: rules: - host: test1.domain.com http: paths: - backend: serviceName: service1 servicePort: 8080 - http: paths: - backend: serviceName: service5 servicePort: 8080
五、https://test1.domain.com --> service1:8080
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress namespace: test spec: rules: - host: test1.domain.com http: paths: - backend: serviceName: service1 servicePort: 8080 tls: - hosts: - test1.domain.com secretName: domain-tls #证书见下
证书yaml
apiVersion: v1 data: tls.crt: cert(base64) #转码见下 tls.key: key(base64) kind: Secret metadata: name: domain-tls namespace: test type: kubernetes.io/tls
base64转码
cat fullchain.pem | base64 | tr '\n' ' ' | sed s/[[:space:]]//g #中间去掉换行和空格 cat privkey.pem | base64 | tr '\n' ' ' | sed s/[[:space:]]//g
六、nginx中的设置,在ingress是通过annotations来配置的
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress namespace: test annotations: nginx.ingress.kubernetes.io/proxy-connect-timeout: "600s" nginx.ingress.kubernetes.io/proxy-read-timeout: "600s" nginx.ingress.kubernetes.io/proxy-send-timeout: "600s" spec: rules: - host: test1.domain.com http: paths: - backend: serviceName: service1 servicePort: 8080 path: /
详细ingress链接:https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress中annotations的配置选项:https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md