You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1117 lines
75 KiB
1117 lines
75 KiB
3 years ago
|
<!DOCTYPE html><html><head>
|
||
|
<title>ingress-config</title>
|
||
|
<meta charset="utf-8">
|
||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
|
|
||
|
<link rel="stylesheet" href="file:///c:\Users\liter\.vscode\extensions\shd101wyy.markdown-preview-enhanced-0.6.1\node_modules\@shd101wyy\mume\dependencies\katex\katex.min.css">
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
<style>
|
||
|
/**
|
||
|
* prism.js Github theme based on GitHub's theme.
|
||
|
* @author Sam Clarke
|
||
|
*/
|
||
|
code[class*="language-"],
|
||
|
pre[class*="language-"] {
|
||
|
color: #333;
|
||
|
background: none;
|
||
|
font-family: Consolas, "Liberation Mono", Menlo, Courier, monospace;
|
||
|
text-align: left;
|
||
|
white-space: pre;
|
||
|
word-spacing: normal;
|
||
|
word-break: normal;
|
||
|
word-wrap: normal;
|
||
|
line-height: 1.4;
|
||
|
|
||
|
-moz-tab-size: 8;
|
||
|
-o-tab-size: 8;
|
||
|
tab-size: 8;
|
||
|
|
||
|
-webkit-hyphens: none;
|
||
|
-moz-hyphens: none;
|
||
|
-ms-hyphens: none;
|
||
|
hyphens: none;
|
||
|
}
|
||
|
|
||
|
/* Code blocks */
|
||
|
pre[class*="language-"] {
|
||
|
padding: .8em;
|
||
|
overflow: auto;
|
||
|
/* border: 1px solid #ddd; */
|
||
|
border-radius: 3px;
|
||
|
/* background: #fff; */
|
||
|
background: #f5f5f5;
|
||
|
}
|
||
|
|
||
|
/* Inline code */
|
||
|
:not(pre) > code[class*="language-"] {
|
||
|
padding: .1em;
|
||
|
border-radius: .3em;
|
||
|
white-space: normal;
|
||
|
background: #f5f5f5;
|
||
|
}
|
||
|
|
||
|
.token.comment,
|
||
|
.token.blockquote {
|
||
|
color: #969896;
|
||
|
}
|
||
|
|
||
|
.token.cdata {
|
||
|
color: #183691;
|
||
|
}
|
||
|
|
||
|
.token.doctype,
|
||
|
.token.punctuation,
|
||
|
.token.variable,
|
||
|
.token.macro.property {
|
||
|
color: #333;
|
||
|
}
|
||
|
|
||
|
.token.operator,
|
||
|
.token.important,
|
||
|
.token.keyword,
|
||
|
.token.rule,
|
||
|
.token.builtin {
|
||
|
color: #a71d5d;
|
||
|
}
|
||
|
|
||
|
.token.string,
|
||
|
.token.url,
|
||
|
.token.regex,
|
||
|
.token.attr-value {
|
||
|
color: #183691;
|
||
|
}
|
||
|
|
||
|
.token.property,
|
||
|
.token.number,
|
||
|
.token.boolean,
|
||
|
.token.entity,
|
||
|
.token.atrule,
|
||
|
.token.constant,
|
||
|
.token.symbol,
|
||
|
.token.command,
|
||
|
.token.code {
|
||
|
color: #0086b3;
|
||
|
}
|
||
|
|
||
|
.token.tag,
|
||
|
.token.selector,
|
||
|
.token.prolog {
|
||
|
color: #63a35c;
|
||
|
}
|
||
|
|
||
|
.token.function,
|
||
|
.token.namespace,
|
||
|
.token.pseudo-element,
|
||
|
.token.class,
|
||
|
.token.class-name,
|
||
|
.token.pseudo-class,
|
||
|
.token.id,
|
||
|
.token.url-reference .token.variable,
|
||
|
.token.attr-name {
|
||
|
color: #795da3;
|
||
|
}
|
||
|
|
||
|
.token.entity {
|
||
|
cursor: help;
|
||
|
}
|
||
|
|
||
|
.token.title,
|
||
|
.token.title .token.punctuation {
|
||
|
font-weight: bold;
|
||
|
color: #1d3e81;
|
||
|
}
|
||
|
|
||
|
.token.list {
|
||
|
color: #ed6a43;
|
||
|
}
|
||
|
|
||
|
.token.inserted {
|
||
|
background-color: #eaffea;
|
||
|
color: #55a532;
|
||
|
}
|
||
|
|
||
|
.token.deleted {
|
||
|
background-color: #ffecec;
|
||
|
color: #bd2c00;
|
||
|
}
|
||
|
|
||
|
.token.bold {
|
||
|
font-weight: bold;
|
||
|
}
|
||
|
|
||
|
.token.italic {
|
||
|
font-style: italic;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* JSON */
|
||
|
.language-json .token.property {
|
||
|
color: #183691;
|
||
|
}
|
||
|
|
||
|
.language-markup .token.tag .token.punctuation {
|
||
|
color: #333;
|
||
|
}
|
||
|
|
||
|
/* CSS */
|
||
|
code.language-css,
|
||
|
.language-css .token.function {
|
||
|
color: #0086b3;
|
||
|
}
|
||
|
|
||
|
/* YAML */
|
||
|
.language-yaml .token.atrule {
|
||
|
color: #63a35c;
|
||
|
}
|
||
|
|
||
|
code.language-yaml {
|
||
|
color: #183691;
|
||
|
}
|
||
|
|
||
|
/* Ruby */
|
||
|
.language-ruby .token.function {
|
||
|
color: #333;
|
||
|
}
|
||
|
|
||
|
/* Markdown */
|
||
|
.language-markdown .token.url {
|
||
|
color: #795da3;
|
||
|
}
|
||
|
|
||
|
/* Makefile */
|
||
|
.language-makefile .token.symbol {
|
||
|
color: #795da3;
|
||
|
}
|
||
|
|
||
|
.language-makefile .token.variable {
|
||
|
color: #183691;
|
||
|
}
|
||
|
|
||
|
.language-makefile .token.builtin {
|
||
|
color: #0086b3;
|
||
|
}
|
||
|
|
||
|
/* Bash */
|
||
|
.language-bash .token.keyword {
|
||
|
color: #0086b3;
|
||
|
}
|
||
|
|
||
|
/* highlight */
|
||
|
pre[data-line] {
|
||
|
position: relative;
|
||
|
padding: 1em 0 1em 3em;
|
||
|
}
|
||
|
pre[data-line] .line-highlight-wrapper {
|
||
|
position: absolute;
|
||
|
top: 0;
|
||
|
left: 0;
|
||
|
background-color: transparent;
|
||
|
display: block;
|
||
|
width: 100%;
|
||
|
}
|
||
|
|
||
|
pre[data-line] .line-highlight {
|
||
|
position: absolute;
|
||
|
left: 0;
|
||
|
right: 0;
|
||
|
padding: inherit 0;
|
||
|
margin-top: 1em;
|
||
|
background: hsla(24, 20%, 50%,.08);
|
||
|
background: linear-gradient(to right, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
|
||
|
pointer-events: none;
|
||
|
line-height: inherit;
|
||
|
white-space: pre;
|
||
|
}
|
||
|
|
||
|
pre[data-line] .line-highlight:before,
|
||
|
pre[data-line] .line-highlight[data-end]:after {
|
||
|
content: attr(data-start);
|
||
|
position: absolute;
|
||
|
top: .4em;
|
||
|
left: .6em;
|
||
|
min-width: 1em;
|
||
|
padding: 0 .5em;
|
||
|
background-color: hsla(24, 20%, 50%,.4);
|
||
|
color: hsl(24, 20%, 95%);
|
||
|
font: bold 65%/1.5 sans-serif;
|
||
|
text-align: center;
|
||
|
vertical-align: .3em;
|
||
|
border-radius: 999px;
|
||
|
text-shadow: none;
|
||
|
box-shadow: 0 1px white;
|
||
|
}
|
||
|
|
||
|
pre[data-line] .line-highlight[data-end]:after {
|
||
|
content: attr(data-end);
|
||
|
top: auto;
|
||
|
bottom: .4em;
|
||
|
}html body{font-family:"Helvetica Neue",Helvetica,"Segoe UI",Arial,freesans,sans-serif;font-size:16px;line-height:1.6;color:#333;background-color:#fff;overflow:initial;box-sizing:border-box;word-wrap:break-word}html body>:first-child{margin-top:0}html body h1,html body h2,html body h3,html body h4,html body h5,html body h6{line-height:1.2;margin-top:1em;margin-bottom:16px;color:#000}html body h1{font-size:2.25em;font-weight:300;padding-bottom:.3em}html body h2{font-size:1.75em;font-weight:400;padding-bottom:.3em}html body h3{font-size:1.5em;font-weight:500}html body h4{font-size:1.25em;font-weight:600}html body h5{font-size:1.1em;font-weight:600}html body h6{font-size:1em;font-weight:600}html body h1,html body h2,html body h3,html body h4,html body h5{font-weight:600}html body h5{font-size:1em}html body h6{color:#5c5c5c}html body strong{color:#000}html body del{color:#5c5c5c}html body a:not([href]){color:inherit;text-decoration:none}html body a{color:#08c;text-decoration:none}html body a:hover{color:#00a3f5;text-decoration:none}html body img{max-width:100%}html body>p{margin-top:0;margin-bottom:16px;word-wrap:break-word}html body>ul,html body>ol{margin-bottom:16px}html body ul,html body ol{padding-left:2em}html body ul.no-list,html body ol.no-list{padding:0;list-style-type:none}html body ul ul,html body ul ol,html body ol ol,html body ol ul{margin-top:0;margin-bottom:0}html body li{margin-bottom:0}html body li.task-list-item{list-style:none}html body li>p{margin-top:0;margin-bottom:0}html body .task-list-item-checkbox{margin:0 .2em .25em -1.8em;vertical-align:middle}html body .task-list-item-checkbox:hover{cursor:pointer}html body blockquote{margin:16px 0;font-size:inherit;padding:0 15px;color:#5c5c5c;background-color:#f0f0f0;border-left:4px solid #d6d6d6}html body blockquote>:first-child{margin-top:0}html body blockquote>:last-child{margin-bottom:0}html body hr{height:4px;margin:32px 0;background-color:#d6d6d6;border:0 none}html body table{margin:10px 0 15px 0;border-collapse:collapse;border-spacing:0;display:block;width:100%;overflow:auto;word-break:normal;word-break:keep-all}html body table th{font-weight:bold;color:#000}html body table td,html body table th{border:1px solid #d6d6d6;padding:6px 13px}html body dl{padding:0}html body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:bold}html body dl dd{padding:0 16px;margin-bottom:16px}html body code{font-family:Menlo,Monaco,Consolas,'Courier New',monospace;font-size:.85em !important;color:#000;background-color:#f0f0f0;border-radius:3px;padding:.2em 0}html body code::before,html body code::after{letter-spacing:-0.2em;content:"\00a0"}html body pre>code{padding:0;margin:0;font-size:.85em !important;word-break:normal;white-space:pre;background:transparent;border:0}html body .highlight{margin-bottom:16px}html body .highlight pre,html body pre{padding:1em;overflow:auto;font-size:.85em !important;line-height:1.45;border:#d6d6d6;border-radius:3px}html body .highlight pre{margin-bottom:0;word-break:normal}html body pre code,html body pre tt{display:inline;max-width:initial;padding:0;margin:0;overflow:initial;line-height:inherit;word-wrap:normal;background-color:transparent;border:0}html body pre code:before,html body pre tt:before,html body pre code:after,html body pre tt:after{content:normal}html body p,html body blockquote,html body ul,html body ol,html body dl,html body pre{margin-top:0;margin-bottom:16px}html body kbd{color:#000;border:1px solid #d6d6d6;border-bottom:2px solid #c7c7c7;padding:2px 4px;background-color:#f0f0f0;border-radius:3px}@media print{html body{background-color:#fff}html body h1,html body h2,html body h3,html body h4,html body h5,html body h6{color:#000;page-break-after:avoid}html body blockquote{color:#5c5c5c}html body pre{page-break-inside:avoid}html body table{display:table}html body img{display:block;max-width:100%;max-height:100%}html body pre,html body code{word-wrap:break-word;white-space:pre}}.markdown-preview{width:100%;height:100%;box-sizing:border-box}.markdown-preview .pagebreak,.markdown-preview .newpage{page-bre
|
||
|
/* Please visit the URL below for more information: */
|
||
|
/* https://shd101wyy.github.io/markdown-preview-enhanced/#/customize-css */
|
||
|
|
||
|
</style>
|
||
|
</head>
|
||
|
<body for="html-export">
|
||
|
<div class="mume markdown-preview ">
|
||
|
<ul>
|
||
|
<li><a href="#before">Before</a>
|
||
|
<ul>
|
||
|
<li><a href="#terminology">Terminology</a></li>
|
||
|
<li><a href="#%E5%87%86%E5%A4%87">准备</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a href="#%E7%AE%80%E4%BB%8B">简介</a>
|
||
|
<ul>
|
||
|
<li><a href="#%E5%9F%BA%E6%9C%AC%E7%94%A8%E6%B3%95">基本用法</a>
|
||
|
<ul>
|
||
|
<li><a href="#%E9%85%8D%E7%BD%AE%E8%AF%B4%E6%98%8E">配置说明</a></li>
|
||
|
<li><a href="#defaultbackend">DefaultBackend</a></li>
|
||
|
<li><a href="#pathtype">PathType</a></li>
|
||
|
<li><a href="#%E4%B8%BB%E6%9C%BA%E5%90%8D%E5%8C%B9%E9%85%8D">主机名匹配</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a href="#%E9%85%8D%E7%BD%AE">配置</a>
|
||
|
<ul>
|
||
|
<li><a href="#%E5%85%A8%E5%B1%80%E8%AE%BE%E7%BD%AE">全局设置</a></li>
|
||
|
<li><a href="#%E6%B3%A8%E8%A7%A3">注解</a>
|
||
|
<ul>
|
||
|
<li><a href="#%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81">身份验证</a></li>
|
||
|
<li><a href="#%E9%87%91%E4%B8%9D%E9%9B%80">金丝雀</a></li>
|
||
|
<li><a href="#rewrite">Rewrite</a></li>
|
||
|
<li><a href="#configuration-snippet">Configuration snippet</a></li>
|
||
|
<li><a href="#server-snippet">Server snippet</a></li>
|
||
|
<li><a href="#client-body-buffer-size">Client Body Buffer Size</a></li>
|
||
|
<li><a href="#redirect-fromto-www">Redirect from/to www¶</a></li>
|
||
|
<li><a href="#custom-timeouts">Custom timeouts</a></li>
|
||
|
<li><a href="#custom-max-body-size">Custom max body size</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a href="#%E6%9A%B4%E9%9C%B2tcpudp-%E6%9C%8D%E5%8A%A1">暴露TCP/UDP 服务</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a href="#%E4%B8%BE%E4%B8%AA%E6%A0%97%E5%AD%90">举个栗子</a>
|
||
|
<ul>
|
||
|
<li><a href="#%E4%B8%80%E4%B8%AA%E7%AE%80%E5%8D%95%E7%9A%84%E6%A0%97%E5%AD%90">一个简单的栗子</a></li>
|
||
|
<li><a href="#%E5%8A%A0%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81">加身份验证</a>
|
||
|
<ul>
|
||
|
<li><a href="#%E5%88%9B%E5%BB%BA%E7%94%A8%E6%88%B7%E5%90%8D%E5%92%8C%E5%AF%86%E7%A0%81">创建用户名和密码</a></li>
|
||
|
<li><a href="#%E5%88%9B%E5%BB%BA-k8s-secret-%E6%9D%A5%E5%AD%98%E5%82%A8-%E7%94%A8%E6%88%B7%E5%AF%86%E7%A0%81">创建 k8s secret 来存储 用户/密码</a></li>
|
||
|
<li><a href="#%E5%88%9B%E5%BB%BA-ingress">创建 ingress</a></li>
|
||
|
<li><a href="#%E9%AA%8C%E8%AF%81">验证</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ul>
|
||
|
<h1 class="mume-header" id="before">Before</h1>
|
||
|
|
||
|
<h2 class="mume-header" id="terminology">Terminology</h2>
|
||
|
|
||
|
<ul>
|
||
|
<li>
|
||
|
<p><code>节点(Node)</code>: Kubernetes 集群中其中一台工作机器,是集群的一部分。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>集群(Cluster)</code>: 一组运行由 Kubernetes 管理的容器化应用程序的节点。 在此示例和在大多数常见的 Kubernetes 部署环境中,集群中的节点都不在公共网络中。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>边缘路由器(Edge router)</code>: 在集群中强制执行防火墙策略的路由器(router)。 可以是由云提供商管理的网关,也可以是物理硬件。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>集群网络(Cluster network)</code>: 一组逻辑的或物理的连接,根据 Kubernetes 网络模型 在集群内实现通信。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>服务(Service)</code>:Kubernetes 服务使用 标签选择算符(selectors)标识的一组 Pod。 除非另有说明,否则假定服务只具有在集群网络中可路由的虚拟 IP。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>k8s</code>: 指kubernetes, k根s之间正好是8个字母</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>k8s集群外部主机</code>: 没有加入k8s集群的主机,不管是不是根k8s集群主机在同一个网段内,都叫k8s集群外部主机</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>Load Balancer</code> : 负载均衡器</p>
|
||
|
</li>
|
||
|
</ul>
|
||
|
<h2 class="mume-header" id="%E5%87%86%E5%A4%87">准备</h2>
|
||
|
|
||
|
<ul>
|
||
|
<li><code>k8s</code> : 1.18+</li>
|
||
|
</ul>
|
||
|
<h1 class="mume-header" id="%E7%AE%80%E4%BB%8B">简介</h1>
|
||
|
|
||
|
<p>Kubernetes 提供的发布服务的方式:</p>
|
||
|
<ul>
|
||
|
<li>
|
||
|
<p><code>ClusterIP</code>:通过集群的内部 IP 暴露服务,选择该值时服务只能够在集群内部访问。 这也是默认的 ServiceType。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>NodePort</code>:通过每个节点上的 IP 和静态端口(NodePort)暴露服务。 NodePort 服务会路由到自动创建的 ClusterIP 服务。 通过请求 <节点 IP>:<节点端口 30000-32767>,你可以从集群的外部访问一个 NodePort 服务。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>LoadBalancer</code>:使用云提供商的负载均衡器向外部暴露服务。 外部负载均衡器可以将流量路由到自动创建的 NodePort 服务和 ClusterIP 服务上。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>ExternalName</code>:通过返回 CNAME 和对应值,可以将服务映射到 externalName 字段的内容(例如,<a href="http://foo.bar.example.com">foo.bar.example.com</a>)。 无需创建任何类型代理。</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>externalIPs</code> : 如果外部的 IP 路由到集群中一个或多个 Node 上,Kubernetes Service 会被暴露给这些 externalIPs, <code>externalIPs</code> 不会被 Kubernetes 管理</p>
|
||
|
</li>
|
||
|
</ul>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Service
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> my<span class="token punctuation">-</span>service
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">type</span><span class="token punctuation">:</span> NodePort
|
||
|
<span class="token key atrule">selector</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">app</span><span class="token punctuation">:</span> MyApp
|
||
|
<span class="token key atrule">ports</span><span class="token punctuation">:</span>
|
||
|
<span class="token comment"># 默认情况下,`targetPort` 被设置为与 `port` 字段相同的值。</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">port</span><span class="token punctuation">:</span> <span class="token number">80</span>
|
||
|
<span class="token key atrule">targetPort</span><span class="token punctuation">:</span> <span class="token number">80</span>
|
||
|
<span class="token comment"># 可选字段</span>
|
||
|
<span class="token comment"># 默认情况下,Kubernetes 会从30000-32767范围内分配一个端口号</span>
|
||
|
<span class="token key atrule">nodePort</span><span class="token punctuation">:</span> <span class="token number">30007</span>
|
||
|
</pre><p>上面可以暴露给外面用的:<code>NodePort</code> 、<code>LoadBalancer</code> 、<code>externalIPs</code></p>
|
||
|
<p><code>Ingress</code> 是 k8s 为服务提供外部可访问的另一种方式。Ingress 不是一种服务类型,但它充当集群的入口点。 它可以将路由规则整合到一个资源中,因为它可以在同一IP地址下公开多个服务。</p>
|
||
|
<h2 class="mume-header" id="%E5%9F%BA%E6%9C%AC%E7%94%A8%E6%B3%95">基本用法</h2>
|
||
|
|
||
|
<p>下面通过一个最简单的示例来对配置做个简单的说明:</p>
|
||
|
<p><code>test-ingress.yaml</code></p>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> minimal<span class="token punctuation">-</span>ingress
|
||
|
<span class="token key atrule">annotations</span><span class="token punctuation">:</span>
|
||
|
<span class="token comment"># k8s 1.18 版本以后用 `ingressClassName` 替代</span>
|
||
|
<span class="token comment"># kubernetes.io/ingress.class: nginx</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/rewrite-target</span><span class="token punctuation">:</span> /
|
||
|
<span class="token comment"># 最多只能有一个 IngressClass 被标记为默认</span>
|
||
|
<span class="token key atrule">ingressclass.kubernetes.io/is-default-class</span><span class="token punctuation">:</span> <span class="token boolean important">true</span>
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">ingressClassName</span><span class="token punctuation">:</span> nginx
|
||
|
<span class="token key atrule">rules</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">http</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">paths</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /testpath
|
||
|
<span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
|
||
|
<span class="token key atrule">backend</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">service</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> test
|
||
|
<span class="token key atrule">port</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">80</span>
|
||
|
</pre><pre data-role="codeBlock" data-info="bash" class="language-bash">kubectl apply -f test-ingress.yaml
|
||
|
</pre><p>与其他 k8s 资源一样,<code>ingress</code> 也是具备 <code>apiVersion</code> <code>kind</code> 和 <code>metadata</code> 等字段。</p>
|
||
|
<h3 class="mume-header" id="%E9%85%8D%E7%BD%AE%E8%AF%B4%E6%98%8E">配置说明</h3>
|
||
|
|
||
|
<ul>
|
||
|
<li><code>host</code>: 上面示例没有指定host,因此上述配置是适用于通过指定IP地址来访问服务的。</li>
|
||
|
<li><code>paths</code>: 每个 <code>path</code> 都是由一个 service 来关联指定的服务的。</li>
|
||
|
<li><code>backend</code> : 是由 service 组成的。用来绑定 service</li>
|
||
|
</ul>
|
||
|
<h3 class="mume-header" id="defaultbackend">DefaultBackend</h3>
|
||
|
|
||
|
<p>通常没有 <code>rules</code> 或 配置的 <code>hosts</code> 、<code>paths</code> 没有与 <code>ingress</code> 中的 http 请求匹配的,则会把流量发送到 <code>defaultBackend</code>。</p>
|
||
|
<h3 class="mume-header" id="pathtype">PathType</h3>
|
||
|
|
||
|
<p>Ingress 中的每个<code>path</code> 都要配置相应的<code>Path Type</code> 。<br>
|
||
|
目前支持的类型有三种:</p>
|
||
|
<ul>
|
||
|
<li>
|
||
|
<p><code>ImplementationSpecific</code><br>
|
||
|
这个类型匹配方式取决于 <code>IngressClass</code></p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>Exact</code><br>
|
||
|
精确匹配 <code>URL</code> ,且区分大小写</p>
|
||
|
</li>
|
||
|
<li>
|
||
|
<p><code>Prefix</code><br>
|
||
|
基于以 <code>/</code> 分隔的 URL 路径前缀匹配。区分大小写。<br>
|
||
|
<code>/foo/bar</code> 匹配 <code>/foo/bar/baz</code>, 但不匹配 <code>/foo/barbaz</code></p>
|
||
|
</li>
|
||
|
</ul>
|
||
|
<p>配置示例参考:</p>
|
||
|
<table>
|
||
|
<thead>
|
||
|
<tr>
|
||
|
<th>类型</th>
|
||
|
<th>路径</th>
|
||
|
<th>请求路径</th>
|
||
|
<th>匹配与否?</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/</code></td>
|
||
|
<td>(所有路径)</td>
|
||
|
<td>✔</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Exact</td>
|
||
|
<td><code>/foo</code></td>
|
||
|
<td><code>/foo</code></td>
|
||
|
<td>✔</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Exact</td>
|
||
|
<td><code>/foo</code></td>
|
||
|
<td><code>/bar</code></td>
|
||
|
<td>❌</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Exact</td>
|
||
|
<td><code>/foo</code></td>
|
||
|
<td><code>/foo/</code></td>
|
||
|
<td>❌</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Exact</td>
|
||
|
<td><code>/foo/</code></td>
|
||
|
<td><code>/foo</code></td>
|
||
|
<td>❌</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/foo</code></td>
|
||
|
<td><code>/foo</code>, <code>/foo/</code></td>
|
||
|
<td>✔</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/foo/</code></td>
|
||
|
<td><code>/foo</code>, <code>/foo/</code></td>
|
||
|
<td>✔</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/aaa/bb</code></td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td>❌</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td>✔</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/aaa/bbb/</code></td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td>✔,忽略尾部斜线</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td><code>/aaa/bbb/</code></td>
|
||
|
<td>✔,匹配尾部斜线</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td><code>/aaa/bbb/ccc</code></td>
|
||
|
<td>✔,匹配子路径</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td><code>/aaa/bbbxyz</code></td>
|
||
|
<td>❌,字符串前缀不匹配</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/</code>, <code>/aaa</code></td>
|
||
|
<td><code>/aaa/ccc</code></td>
|
||
|
<td>✔,匹配 <code>/aaa</code> 前缀</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/</code>, <code>/aaa</code>, <code>/aaa/bbb</code></td>
|
||
|
<td><code>/aaa/bbb</code></td>
|
||
|
<td>✔,匹配 <code>/aaa/bbb</code> 前缀</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/</code>, <code>/aaa</code>, <code>/aaa/bbb</code></td>
|
||
|
<td><code>/ccc</code></td>
|
||
|
<td>✔,匹配 <code>/</code> 前缀</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>Prefix</td>
|
||
|
<td><code>/aaa</code></td>
|
||
|
<td><code>/ccc</code></td>
|
||
|
<td>❌,使用默认后端</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td>混合</td>
|
||
|
<td><code>/foo</code> (Prefix), <code>/foo</code> (Exact)</td>
|
||
|
<td><code>/foo</code></td>
|
||
|
<td>✔,优选 Exact 类型</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
<h3 class="mume-header" id="%E4%B8%BB%E6%9C%BA%E5%90%8D%E5%8C%B9%E9%85%8D">主机名匹配</h3>
|
||
|
|
||
|
<table>
|
||
|
<thead>
|
||
|
<tr>
|
||
|
<th>主机</th>
|
||
|
<th>host 头部</th>
|
||
|
<th>匹配与否?</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody>
|
||
|
<tr>
|
||
|
<td><code>*.foo.com</code></td>
|
||
|
<td><code>bar.foo.com</code></td>
|
||
|
<td>基于相同的后缀匹配</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td><code>*.foo.com</code></td>
|
||
|
<td><code>baz.bar.foo.com</code></td>
|
||
|
<td>不匹配,通配符仅覆盖了一个 DNS 标签</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td><code>*.foo.com</code></td>
|
||
|
<td><code>foo.com</code></td>
|
||
|
<td>不匹配,通配符仅覆盖了一个 DNS 标签</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
<h1 class="mume-header" id="%E9%85%8D%E7%BD%AE">配置</h1>
|
||
|
|
||
|
<p>在 <code>ingress</code> 中配置分为了三部分:</p>
|
||
|
<ul>
|
||
|
<li><code>configmap</code> : 设置 ingress-nginx 的全局设置</li>
|
||
|
<li><code>annotations</code> :ingress 特定的设置</li>
|
||
|
<li><code>custom template</code> :</li>
|
||
|
</ul>
|
||
|
<h2 class="mume-header" id="%E5%85%A8%E5%B1%80%E8%AE%BE%E7%BD%AE">全局设置</h2>
|
||
|
|
||
|
<p>全局配置一般是使用 configmap 。<br>
|
||
|
下面是一个 ingress-controller 的配置</p>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">kind</span><span class="token punctuation">:</span> ConfigMap
|
||
|
<span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx<span class="token punctuation">-</span>controller
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx
|
||
|
<span class="token key atrule">labels</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">app.kubernetes.io/component</span><span class="token punctuation">:</span> controller
|
||
|
<span class="token key atrule">app.kubernetes.io/instance</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx
|
||
|
<span class="token key atrule">app.kubernetes.io/managed-by</span><span class="token punctuation">:</span> Helm
|
||
|
<span class="token key atrule">app.kubernetes.io/name</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx
|
||
|
<span class="token key atrule">app.kubernetes.io/version</span><span class="token punctuation">:</span> 0.40.2
|
||
|
<span class="token key atrule">helm.sh/chart</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx<span class="token punctuation">-</span>3.6.0
|
||
|
<span class="token key atrule">annotations</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">data</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">allow-backend-server-header</span><span class="token punctuation">:</span> <span class="token string">'true'</span>
|
||
|
<span class="token key atrule">client-body-buffer-size</span><span class="token punctuation">:</span> 20m
|
||
|
<span class="token key atrule">enable-underscores-in-headers</span><span class="token punctuation">:</span> <span class="token string">'true'</span>
|
||
|
<span class="token key atrule">generate-request-id</span><span class="token punctuation">:</span> <span class="token string">'true'</span>
|
||
|
<span class="token key atrule">gzip-level</span><span class="token punctuation">:</span> <span class="token string">'6'</span>
|
||
|
<span class="token key atrule">gzip-types</span><span class="token punctuation">:</span> <span class="token punctuation">></span><span class="token punctuation">-</span>
|
||
|
application/atom+xml application/javascript application/x<span class="token punctuation">-</span>javascript
|
||
|
application/json application/rss+xml application/vnd.ms<span class="token punctuation">-</span>fontobject
|
||
|
application/x<span class="token punctuation">-</span>font<span class="token punctuation">-</span>ttf application/x<span class="token punctuation">-</span>web<span class="token punctuation">-</span>app<span class="token punctuation">-</span>manifest+json
|
||
|
application/xhtml+xml application/xml font/opentype image/svg+xml
|
||
|
image/x<span class="token punctuation">-</span>icon text/css text/javascript text/plain text/x<span class="token punctuation">-</span>component
|
||
|
<span class="token key atrule">ignore-invalid-headers</span><span class="token punctuation">:</span> <span class="token string">'true'</span>
|
||
|
<span class="token key atrule">keep-alive</span><span class="token punctuation">:</span> <span class="token string">'75'</span>
|
||
|
<span class="token key atrule">large-client-header-buffers</span><span class="token punctuation">:</span> 4 128k
|
||
|
<span class="token key atrule">log-format-upstream</span><span class="token punctuation">:</span> <span class="token punctuation">></span><span class="token punctuation">-</span>
|
||
|
$remote_addr <span class="token punctuation">-</span> <span class="token punctuation">[</span>$remote_addr<span class="token punctuation">]</span> <span class="token punctuation">-</span> $remote_user <span class="token punctuation">[</span>$time_local<span class="token punctuation">]</span> "$request"
|
||
|
$status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length
|
||
|
"$http_x_forwarded_for" $remote_addr $request_time <span class="token punctuation">[</span>$proxy_upstream_name<span class="token punctuation">]</span>
|
||
|
$upstream_addr $upstream_response_length $upstream_response_time
|
||
|
$upstream_status $req_id $host
|
||
|
<span class="token key atrule">max-worker-connections</span><span class="token punctuation">:</span> <span class="token string">'65536'</span>
|
||
|
<span class="token key atrule">proxy-body-size</span><span class="token punctuation">:</span> 20m
|
||
|
<span class="token key atrule">proxy-buffer-size</span><span class="token punctuation">:</span> 64k
|
||
|
<span class="token key atrule">proxy-connect-timeout</span><span class="token punctuation">:</span> <span class="token string">'300'</span>
|
||
|
<span class="token key atrule">proxy-next-upstream-timeout</span><span class="token punctuation">:</span> <span class="token string">'10'</span>
|
||
|
<span class="token key atrule">proxy-read-timeout</span><span class="token punctuation">:</span> <span class="token string">'300'</span>
|
||
|
<span class="token key atrule">proxy-send-timeout</span><span class="token punctuation">:</span> <span class="token string">'300'</span>
|
||
|
<span class="token key atrule">reuse-port</span><span class="token punctuation">:</span> <span class="token string">'true'</span>
|
||
|
<span class="token key atrule">server-tokens</span><span class="token punctuation">:</span> <span class="token string">'false'</span>
|
||
|
<span class="token key atrule">upstream-keepalive-connections</span><span class="token punctuation">:</span> <span class="token string">'20000'</span>
|
||
|
<span class="token key atrule">upstream-keepalive-requests</span><span class="token punctuation">:</span> <span class="token string">'100000'</span>
|
||
|
<span class="token key atrule">upstream-keepalive-timeout</span><span class="token punctuation">:</span> <span class="token string">'3000'</span>
|
||
|
<span class="token key atrule">use-forwarded-headers</span><span class="token punctuation">:</span> <span class="token string">'true'</span>
|
||
|
<span class="token key atrule">use-gzip</span><span class="token punctuation">:</span> <span class="token string">'true'</span>
|
||
|
<span class="token key atrule">worker-cpu-affinity</span><span class="token punctuation">:</span> auto
|
||
|
|
||
|
</pre><p>这个就相当于 <code>nginx</code> 的 <code>nginx.conf</code> 配置文件</p>
|
||
|
<pre data-role="codeBlock" data-info class="language-"><code>user www-data;
|
||
|
worker_processes auto;
|
||
|
pid /run/nginx.pid;
|
||
|
include /etc/nginx/modules-enabled/*.conf;
|
||
|
|
||
|
events {
|
||
|
worker_connections 768;
|
||
|
multi_accept on;
|
||
|
}
|
||
|
|
||
|
http {
|
||
|
|
||
|
##
|
||
|
# Basic Settings
|
||
|
##
|
||
|
|
||
|
sendfile on;
|
||
|
tcp_nopush on;
|
||
|
tcp_nodelay on;
|
||
|
keepalive_timeout 65;
|
||
|
types_hash_max_size 2048;
|
||
|
server_tokens off;
|
||
|
|
||
|
# server_names_hash_bucket_size 64;
|
||
|
# server_name_in_redirect off;
|
||
|
|
||
|
include /etc/nginx/mime.types;
|
||
|
default_type application/octet-stream;
|
||
|
|
||
|
##
|
||
|
# SSL Settings
|
||
|
##
|
||
|
|
||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||
|
ssl_prefer_server_ciphers on;
|
||
|
|
||
|
##
|
||
|
# Logging Settings
|
||
|
##
|
||
|
|
||
|
access_log /var/log/nginx/access.log;
|
||
|
error_log /var/log/nginx/error.log;
|
||
|
|
||
|
##
|
||
|
# body size
|
||
|
##
|
||
|
client_max_body_size 10m;
|
||
|
proxy_read_timeout 300;
|
||
|
|
||
|
##
|
||
|
# Gzip Settings
|
||
|
##
|
||
|
|
||
|
gzip on;
|
||
|
gzip_vary on;
|
||
|
gzip_proxied any;
|
||
|
gzip_comp_level 6;
|
||
|
gzip_buffers 16 8k;
|
||
|
gzip_http_version 1.1;
|
||
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||
|
|
||
|
##
|
||
|
# Virtual Host Configs
|
||
|
##
|
||
|
|
||
|
include /etc/nginx/conf.d/*.conf;
|
||
|
include /etc/nginx/sites-enabled/*;
|
||
|
}
|
||
|
|
||
|
</code></pre><p>常用配置对照表:</p>
|
||
|
<table>
|
||
|
<thead>
|
||
|
<tr>
|
||
|
<th style="text-align:left">名称</th>
|
||
|
<th style="text-align:left">nginx 名称</th>
|
||
|
<th>说明</th>
|
||
|
<th>类型</th>
|
||
|
<th>默认值</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>worker-processes</code></td>
|
||
|
<td style="text-align:left"><code>worker_processes</code></td>
|
||
|
<td>设置 <code>worker processes</code> 数量, 默认值"auto"表示可用的CPU内核数</td>
|
||
|
<td>string</td>
|
||
|
<td><code>auto</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>max-worker-connections</code></td>
|
||
|
<td style="text-align:left"><code>worker_connections</code></td>
|
||
|
<td>设置 单个 <code>worker</code> 打开的最大同时连接数</td>
|
||
|
<td>int</td>
|
||
|
<td><code>16384</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>enable-multi-accept</code></td>
|
||
|
<td style="text-align:left"><code>multi_accept</code></td>
|
||
|
<td>如果禁用,worker进程将一次接受一个新连接。 否则,工作进程将一次接受所有新连接</td>
|
||
|
<td>bool</td>
|
||
|
<td><code>true</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>keep-alive</code></td>
|
||
|
<td style="text-align:left"><code>keepalive_timeout</code></td>
|
||
|
<td>设置保持活动的客户端连接在服务器端保持打开状态的时间。 零值将禁用保持活动状态的客户端连接。</td>
|
||
|
<td>int</td>
|
||
|
<td><code>75</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>upstream-keepalive-timeout</code></td>
|
||
|
<td style="text-align:left"><code>keepalive_timeout</code></td>
|
||
|
<td>设置一个超时,在此超时期间,与上游服务器的空闲<code>keepalive</code>连接将保持打开状态</td>
|
||
|
<td>int</td>
|
||
|
<td><code>60</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>server-tokens</code></td>
|
||
|
<td style="text-align:left"><code>server_tokens</code></td>
|
||
|
<td>在响应中发送nginx Server标头,并在错误页面中显示NGINX版本</td>
|
||
|
<td>bool</td>
|
||
|
<td><code>true</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>server-name-hash-bucket-size</code></td>
|
||
|
<td style="text-align:left"><code>server_names_hash_bucket_size</code></td>
|
||
|
<td>int</td>
|
||
|
<td>``</td>
|
||
|
<td></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>proxy-body-size</code></td>
|
||
|
<td style="text-align:left"><code>client_max_body_size</code></td>
|
||
|
<td>设置客户端请求正文的最大允许大小</td>
|
||
|
<td>string</td>
|
||
|
<td><code>1m</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>proxy-read-timeout</code></td>
|
||
|
<td style="text-align:left"><code>proxy-read-timeout</code></td>
|
||
|
<td>以秒为单位为从代理服务器读取相应设置超时</td>
|
||
|
<td>int</td>
|
||
|
<td><code>60</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>use-gzip</code></td>
|
||
|
<td style="text-align:left"><code>gzip</code></td>
|
||
|
<td>启用或禁用HTTP响应的压缩</td>
|
||
|
<td>bool</td>
|
||
|
<td><code>true</code></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>gzip-types</code></td>
|
||
|
<td style="text-align:left"><code>gzip_types</code></td>
|
||
|
<td>设置除"text/html"之外的MIME类型以进行压缩。 特殊值"*"与任何MIME类型匹配</td>
|
||
|
<td>string</td>
|
||
|
<td>"application/atom+xml application/javascript <br>application/x-javascript application/json <br>application/rss+xml <br>application/vnd.ms-fontobject <br>application/x-font-ttf <br>application/x-web-app-manifest+json <br>application/xhtml+xml application/xml <br>font/opentype image/svg+xml <br>image/x-icon text/css <br>text/javascript text/plain <br>text/x-component"</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td style="text-align:left"><code>gzip-level</code></td>
|
||
|
<td style="text-align:left"><code>gzip_comp_level</code></td>
|
||
|
<td>设置将使用的gzip压缩级别</td>
|
||
|
<td>int</td>
|
||
|
<td><code>1</code></td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
<h2 class="mume-header" id="%E6%B3%A8%E8%A7%A3">注解</h2>
|
||
|
|
||
|
<p>注解都是以 <code>nginx.ingress.kubernetes.io</code> 作为前缀的,添加到特定的ingress实例上的。</p>
|
||
|
<h3 class="mume-header" id="%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81">身份验证</h3>
|
||
|
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token comment"># http 身份验证的类型</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-type</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>basic<span class="token punctuation">|</span>digest<span class="token punctuation">]</span>
|
||
|
|
||
|
<span class="token comment"># Secret的名称,其中包含用户名和密码</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-secret</span><span class="token punctuation">:</span> secretName
|
||
|
|
||
|
<span class="token comment"># auth-secret 有两种格式:</span>
|
||
|
<span class="token comment"># auth-file 默认情况下,密钥'auth'中的htpasswd文件在密钥内</span>
|
||
|
<span class="token comment"># auth-map 密钥的密钥是用户名,值是哈希密码</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-secret-type</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>auth<span class="token punctuation">-</span>file<span class="token punctuation">|</span>auth<span class="token punctuation">-</span>map<span class="token punctuation">]</span>
|
||
|
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-realm</span><span class="token punctuation">:</span> <span class="token string">"realm string"</span>
|
||
|
</pre><h3 class="mume-header" id="%E9%87%91%E4%B8%9D%E9%9B%80">金丝雀</h3>
|
||
|
|
||
|
<p>这个之前有专门的介绍,这里就不废话了</p>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml">nginx.ingress.kubernetes.io/canary<span class="token punctuation">-</span>by<span class="token punctuation">-</span>header
|
||
|
|
||
|
nginx.ingress.kubernetes.io/canary<span class="token punctuation">-</span>by<span class="token punctuation">-</span>header<span class="token punctuation">-</span>value
|
||
|
|
||
|
nginx.ingress.kubernetes.io/canary<span class="token punctuation">-</span>by<span class="token punctuation">-</span>cookie
|
||
|
|
||
|
nginx.ingress.kubernetes.io/canary<span class="token punctuation">-</span>by<span class="token punctuation">-</span>cookie
|
||
|
</pre><h3 class="mume-header" id="rewrite">Rewrite</h3>
|
||
|
|
||
|
<p>在某些情况下,后端服务中公开的URL与Ingress规则中指定的路径不同.<br>
|
||
|
没有重写,任何请求都将返回404.<br>
|
||
|
设置 <code>nginx.ingress.kubernetes.io/rewrite-target</code> 注解到服务期望的路径.</p>
|
||
|
<p>如果应用程序根目录暴露在其他路径中,并且需要重定向,请设置注释<br>
|
||
|
<code>nginx.ingress.kubernetes.io/app-root</code> 重定向请求到 <code>/</code>.</p>
|
||
|
<h3 class="mume-header" id="configuration-snippet">Configuration snippet</h3>
|
||
|
|
||
|
<p>使用此注释,您可以将其他配置添加到NGINX位置。 例如:</p>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">nginx.ingress.kubernetes.io/configuration-snippet</span><span class="token punctuation">:</span> <span class="token punctuation">|</span><span class="token scalar string">
|
||
|
more_set_headers "Request-Id: $req_id";</span>
|
||
|
</pre><h3 class="mume-header" id="server-snippet">Server snippet</h3>
|
||
|
|
||
|
<p>使用注解 <code>nginx.ingress.kubernetes.io/server-snippet</code> 可以在服务器配置块中添加自定义配置.</p>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> extensions/v1beta1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">annotations</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/server-snippet</span><span class="token punctuation">:</span> <span class="token punctuation">|</span><span class="token scalar string">
|
||
|
set $agentflag 0;</span>
|
||
|
|
||
|
if ($http_user_agent ~* "(Mobile)" )<span class="token punctuation">{</span>
|
||
|
set $agentflag 1;
|
||
|
<span class="token punctuation">}</span>
|
||
|
|
||
|
if ( $agentflag = 1 ) <span class="token punctuation">{</span>
|
||
|
return 301 https<span class="token punctuation">:</span>//m.example.com;
|
||
|
<span class="token punctuation">}</span>
|
||
|
</pre><h3 class="mume-header" id="client-body-buffer-size">Client Body Buffer Size</h3>
|
||
|
|
||
|
<p>设置缓冲区大小,以读取每个位置的客户端请求正文。 如果请求主体大于缓冲区, 整个身体或只将其一部分写入一个临时文件。 默认情况下,缓冲区大小等于两个内存页。 在x86,其他32位平台和x86-64上为8K。 在其他64位平台上,通常为16K。 该注解是 应用于入口规则中提供的每个位置</p>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">nginx.ingress.kubernetes.io/client-body-buffer-size</span><span class="token punctuation">:</span> <span class="token string">"1000"</span> <span class="token comment"># 1000 bytes</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/client-body-buffer-size</span><span class="token punctuation">:</span> 1k <span class="token comment"># 1 kilobyte</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/client-body-buffer-size</span><span class="token punctuation">:</span> 1K <span class="token comment"># 1 kilobyte</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/client-body-buffer-size</span><span class="token punctuation">:</span> 1m <span class="token comment"># 1 megabyte</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/client-body-buffer-size</span><span class="token punctuation">:</span> 1M <span class="token comment"># 1 megabyte</span>
|
||
|
</pre><h3 class="mume-header" id="redirect-fromto-www">Redirect from/to www¶</h3>
|
||
|
|
||
|
<p>在某些情况下,<a href="http://xn--www-8p9dk79xj6q.domain.com">需要从www.domain.com</a> 重定向到 <a href="http://domain.com">domain.com</a> ,反之亦然. 使用 <code>nginx.ingress.kubernetes.io/from-to-www-redirect</code>: "true"注解开启此功能</p>
|
||
|
<h3 class="mume-header" id="custom-timeouts">Custom timeouts</h3>
|
||
|
|
||
|
<p>使用配置configmap可以为<code>ingress-nginx</code> 设置默认的全局超时。 在某些情况下,要求具有不同的值。 为此,我们提供了允许进行此自定义的注释:</p>
|
||
|
<pre data-role="codeBlock" data-info class="language-"><code>nginx.ingress.kubernetes.io/proxy-connect-timeout
|
||
|
nginx.ingress.kubernetes.io/proxy-send-timeout
|
||
|
nginx.ingress.kubernetes.io/proxy-read-timeout
|
||
|
nginx.ingress.kubernetes.io/proxy-next-upstream
|
||
|
nginx.ingress.kubernetes.io/proxy-next-upstream-timeout
|
||
|
nginx.ingress.kubernetes.io/proxy-next-upstream-tries
|
||
|
nginx.ingress.kubernetes.io/proxy-request-buffering
|
||
|
</code></pre><h3 class="mume-header" id="custom-max-body-size">Custom max body size</h3>
|
||
|
|
||
|
<p>当请求中的大小超过客户端请求正文的最大允许大小时,将向客户端返回413错误. 大小可以通过 <code>client_max_body_size</code>参数配置.<br>
|
||
|
与上面类似,想要对所有ingress规则进行全局设置, proxy-body-size 可以在 nginx ConfigMap中设置. 要在Ingress规则中使用自定义值,请定义以下注解:</p>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">nginx.ingress.kubernetes.io/proxy-body-size</span><span class="token punctuation">:</span> 8m
|
||
|
</pre><h2 class="mume-header" id="%E6%9A%B4%E9%9C%B2tcpudp-%E6%9C%8D%E5%8A%A1">暴露TCP/UDP 服务</h2>
|
||
|
|
||
|
<p>ingress不支持TCP或UDP服务。<br>
|
||
|
因此,需要在 Ingress Controller 使用标志 --tcp-services-configmap and --udp-services-configmap 指向现有的配置映射,其中的键是要使用的外部端口,并且该值指示使用以下格式公开的服务:</p>
|
||
|
<pre data-role="codeBlock" data-info class="language-"><code><namespace/service name>:<service port>:[PROXY]:[PROXY]
|
||
|
</code></pre><pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> ConfigMap
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> tcp<span class="token punctuation">-</span>services
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx
|
||
|
<span class="token key atrule">data</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">9000</span><span class="token punctuation">:</span> <span class="token string">"default/example-go:8080"</span>
|
||
|
|
||
|
<span class="token punctuation">---</span>
|
||
|
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> ConfigMap
|
||
|
<span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> tcp<span class="token punctuation">-</span>services
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx
|
||
|
<span class="token key atrule">labels</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">app.kubernetes.io/component</span><span class="token punctuation">:</span> controller
|
||
|
<span class="token key atrule">app.kubernetes.io/instance</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx
|
||
|
<span class="token key atrule">app.kubernetes.io/managed-by</span><span class="token punctuation">:</span> Helm
|
||
|
<span class="token key atrule">app.kubernetes.io/name</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx
|
||
|
<span class="token key atrule">app.kubernetes.io/version</span><span class="token punctuation">:</span> 0.33.0
|
||
|
<span class="token key atrule">helm.sh/chart</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>nginx<span class="token punctuation">-</span>2.10.0
|
||
|
<span class="token key atrule">data</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">'5200'</span><span class="token punctuation">:</span> <span class="token string">'anxincloud/et-upload:15200'</span>
|
||
|
<span class="token key atrule">'8888'</span><span class="token punctuation">:</span> <span class="token string">'smart-xxx/comfortablehome-datapush:18081'</span>
|
||
|
<span class="token key atrule">'19005'</span><span class="token punctuation">:</span> <span class="token string">'free-sun/broadcast-server:19003'</span>
|
||
|
</pre><h1 class="mume-header" id="%E4%B8%BE%E4%B8%AA%E6%A0%97%E5%AD%90">举个栗子</h1>
|
||
|
|
||
|
<h2 class="mume-header" id="%E4%B8%80%E4%B8%AA%E7%AE%80%E5%8D%95%E7%9A%84%E6%A0%97%E5%AD%90">一个简单的栗子</h2>
|
||
|
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token comment"># deploy.yaml</span>
|
||
|
<span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> apps/v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Deployment
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> dragon
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">replicas</span><span class="token punctuation">:</span> <span class="token number">1</span>
|
||
|
<span class="token key atrule">selector</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">matchLabels</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">app</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">template</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">labels</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">app</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">volumes</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> myvolume
|
||
|
<span class="token key atrule">persistentVolumeClaim</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">claimName</span><span class="token punctuation">:</span> myclaim
|
||
|
<span class="token key atrule">containers</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">image</span><span class="token punctuation">:</span> repository.anxinyun.cn/devops/nginx<span class="token punctuation">-</span>test<span class="token punctuation">:</span><span class="token number">0.01</span>
|
||
|
<span class="token key atrule">ports</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">containerPort</span><span class="token punctuation">:</span> <span class="token number">80</span>
|
||
|
<span class="token punctuation">---</span>
|
||
|
<span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Service
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> dragon
|
||
|
<span class="token key atrule">labels</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">app</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">ports</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">port</span><span class="token punctuation">:</span> <span class="token number">8080</span>
|
||
|
<span class="token key atrule">targetPort</span><span class="token punctuation">:</span> <span class="token number">80</span>
|
||
|
<span class="token key atrule">protocol</span><span class="token punctuation">:</span> TCP
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> http
|
||
|
<span class="token key atrule">nodePort</span><span class="token punctuation">:</span> <span class="token number">30000</span>
|
||
|
<span class="token key atrule">type</span><span class="token punctuation">:</span> NodePort
|
||
|
<span class="token key atrule">selector</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">app</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
|
||
|
</pre><pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token comment"># ingress-demo.yaml</span>
|
||
|
<span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>demo
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> dragon
|
||
|
<span class="token key atrule">annotations</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/rewrite-target</span><span class="token punctuation">:</span> /
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">rules</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">http</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">paths</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /
|
||
|
<span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
|
||
|
<span class="token key atrule">backend</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">service</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">port</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">8080</span>
|
||
|
|
||
|
</pre><pre data-role="codeBlock" data-info="bash" class="language-bash">kubectl apply -f deploy.yaml
|
||
|
</pre><pre data-role="codeBlock" data-info class="language-"><code>$ kubectl get po -n dragon
|
||
|
NAME READY STATUS RESTARTS AGE
|
||
|
http-svc-7f994b6445-ff59j 1/1 Running 0 26h
|
||
|
</code></pre><pre data-role="codeBlock" data-info="bash" class="language-bash">kubectl apply -f ingress-demo.yaml
|
||
|
</pre><pre data-role="codeBlock" data-info class="language-"><code>$ kubectl get ingress -n dragon
|
||
|
NAME CLASS HOSTS ADDRESS PORTS AGE
|
||
|
ingress-demo public * 80 3d6h
|
||
|
</code></pre><p><img src="http://resources.lingwenlong.com/note-img/20211119085922.png" alt></p>
|
||
|
<p><img src="http://resources.lingwenlong.com/note-img/20211119085958.png" alt></p>
|
||
|
<h2 class="mume-header" id="%E5%8A%A0%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81">加身份验证</h2>
|
||
|
|
||
|
<h3 class="mume-header" id="%E5%88%9B%E5%BB%BA%E7%94%A8%E6%88%B7%E5%90%8D%E5%92%8C%E5%AF%86%E7%A0%81">创建用户名和密码</h3>
|
||
|
|
||
|
<p>需要通过 htpasswd 来生成一个auth 文件用来存取我们创建的用户和加密后的密码。<br>
|
||
|
先要安装 htpasswd</p>
|
||
|
<pre data-role="codeBlock" data-info="bash" class="language-bash">$ <span class="token function">sudo</span> <span class="token function">apt</span> -y <span class="token function">install</span> apache2-utils
|
||
|
</pre><p>下面生成<code>auth</code>文件</p>
|
||
|
<pre data-role="codeBlock" data-info="bash" class="language-bash">$ htpasswd -c auth admin
|
||
|
New password:
|
||
|
Re-type new password:
|
||
|
Adding password <span class="token keyword keyword-for">for</span> user admin
|
||
|
$ htpasswd auth <span class="token builtin class-name">test</span>
|
||
|
New password:
|
||
|
Re-type new password:
|
||
|
Adding password <span class="token keyword keyword-for">for</span> user <span class="token builtin class-name">test</span>
|
||
|
</pre><h3 class="mume-header" id="%E5%88%9B%E5%BB%BA-k8s-secret-%E6%9D%A5%E5%AD%98%E5%82%A8-%E7%94%A8%E6%88%B7%E5%AF%86%E7%A0%81">创建 k8s secret 来存储 用户/密码</h3>
|
||
|
|
||
|
<pre data-role="codeBlock" data-info="bash" class="language-bash">$ kubectl -n dragon create secret generic basic-auth --from-file<span class="token operator">=</span>auth
|
||
|
secret/basic-auth created
|
||
|
|
||
|
$ kubectl get secret basic-auth -n dragon -o yaml
|
||
|
apiVersion: v1
|
||
|
data:
|
||
|
auth: YWRtaW46JGFwcjEkMmlzL21oMkskbXlNb0VmSzJoQVRsUmV2RDNGSmdLLgp0ZXN0OiRhcHIxJC9yYUllQjVYJGJROHcxOVhFMkU2ZTlFSTZLb1JScC8K
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
creationTimestamp: <span class="token string">"2021-11-18T09:34:13Z"</span>
|
||
|
name: basic-auth
|
||
|
namespace: dragon
|
||
|
resourceVersion: <span class="token string">"826578"</span>
|
||
|
selfLink: /api/v1/namespaces/dragon/secrets/basic-auth
|
||
|
uid: 05b06023-6cab-428f-819e-1bc152db5bbb
|
||
|
type: Opaque
|
||
|
|
||
|
</pre><h3 class="mume-header" id="%E5%88%9B%E5%BB%BA-ingress">创建 ingress</h3>
|
||
|
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token comment"># ingress-demo.yaml</span>
|
||
|
<span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>demo
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> dragon
|
||
|
<span class="token key atrule">annotations</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/rewrite-target</span><span class="token punctuation">:</span> /
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-type</span><span class="token punctuation">:</span> basic
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-secret</span><span class="token punctuation">:</span> basic<span class="token punctuation">-</span>auth
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-realm</span><span class="token punctuation">:</span> <span class="token string">"Authentication Required - admin"</span>
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">rules</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">http</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">paths</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /
|
||
|
<span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
|
||
|
<span class="token key atrule">backend</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">service</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">port</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">8080</span>
|
||
|
</pre><pre data-role="codeBlock" data-info="bash" class="language-bash">$ kubectl apply -f ingress-demo.yaml
|
||
|
ingress.networking.k8s.io/ingress-demo configured
|
||
|
|
||
|
</pre><h3 class="mume-header" id="%E9%AA%8C%E8%AF%81">验证</h3>
|
||
|
|
||
|
<p><img src="http://resources.lingwenlong.com/note-img/20211119085833.png" alt></p>
|
||
|
<h2>定制配置</h2>
|
||
|
<pre data-role="codeBlock" data-info="yaml" class="language-yaml"><span class="token comment"># ingress-demo.yaml</span>
|
||
|
<span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
|
||
|
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
|
||
|
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>demo
|
||
|
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> dragon
|
||
|
<span class="token key atrule">annotations</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/rewrite-target</span><span class="token punctuation">:</span> /
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-type</span><span class="token punctuation">:</span> basic
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-secret</span><span class="token punctuation">:</span> basic<span class="token punctuation">-</span>auth
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/auth-realm</span><span class="token punctuation">:</span> <span class="token string">"Authentication Required - admin"</span>
|
||
|
<span class="token key atrule">nginx.ingress.kubernetes.io/proxy-body-size</span><span class="token punctuation">:</span> 8m
|
||
|
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">rules</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">http</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">paths</span><span class="token punctuation">:</span>
|
||
|
<span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /
|
||
|
<span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
|
||
|
<span class="token key atrule">backend</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">service</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">name</span><span class="token punctuation">:</span> http<span class="token punctuation">-</span>svc
|
||
|
<span class="token key atrule">port</span><span class="token punctuation">:</span>
|
||
|
<span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">8080</span>
|
||
|
</pre>
|
||
|
</div>
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
</body></html>
|