问题描述
我想设置一个k8s集群,但是我对nginx-ingress控制器和我需要设置的一些特殊设置感到绝望:尤其是proxy_pass.
I want to setup a k8s cluster, but I despair with the nginx-ingress controller and some special settings I need to set: especially proxy_pass.
我已经尝试使用服务器代码段"代码段来实现这一点,但是没有用.
I tried to achieve that already with the "server-snippet"-snippet, but it didn't work.
apiVersion: networking.k8s.io/v1beta1 # for versions before 1.14 use extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "route"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/hsts: "false"
nginx.ingress.kubernetes.io/server-snippet: |
location / {
internal;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_pass http://localhost:30022/site/;
proxy_redirect default;
proxy_cookie_path /site/ /;
}
spec:
rules:
- host: preview.test.de
http:
paths:
- path: /
backend:
serviceName: backend-service
servicePort: 8080
我要实现的是这个nginx配置:
What I want to achieve is this nginx config:
location / {
internal;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_pass http://localhost:30022/site/;
proxy_redirect default;
proxy_cookie_path /site/ /;
}
在一个理想的世界中,我希望实现proxy_pass指令中的主机和端口取决于我要连接的后端Pod,从而没有硬编码的端口.
In an optimal world I would like to achieve that the host and the port in the proxy_pass directive would be depend on the backend pod I want to connect to, so that there is no hard coded port.
有人可以帮我解决这个问题吗?
Can anyone help me out with this problem?
推荐答案
我相信您正在寻找的是:
I believe what you're looking for is:
nginx.ingress.kubernetes.io/rewrite-target: /site
但是,这实际上将意味着您只能将此特定入口实例用于一个或其他类似应用程序,因为此重写将适用于该入口实例的所有规则.
However this will effectively mean that you can only use this particular ingress instance for this one app, or others like it, since this rewrite would apply to all the rules for that ingress instance.
使用基于正则表达式的规则,您也许可以完成同样的事情,但是这种方法肯定更简单.
You might be able to accomplish the same thing using a regex based rule, but this approach is definitely simpler.
关于您如何处理需要重写的两个不同路径的问题,应该使用以下入口配置来实现:
Regarding your question about how to handle the two different paths which require rewrites, this should be possible with the following ingress config:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: true
spec:
rules:
- host: preview.test.de
http:
paths:
- path: /(site/.*)
backend:
serviceName: backend-service
servicePort: 8080
- path: /(cms/.*)
backend:
serviceName: cms-service
servicePort: 8080
但是,您可能会猜到,如果您以后遇到的路径很多且重写很多,这可能会变得更加困难.
However as you might be able to guess, this might become more difficult if you end up having many paths with lots of rewrites later on.
关于配置此类设置的最佳做法,我通常建议采用子域.为您要访问的每个站点/路径设置一个,并让它们拥有自己独特的nginx/ingress/etc来根据需要处理其重写.然后,如果您以后想将它们结合到其他顶级域/站点中,则很容易做到,而不必在一个位置上管理很多重写规则,这可能会很混乱.
As for best practices for configuring this type of set up, I would generally recommend to adopt sub-domains. Set up one for each site/path you want to be reachable, and let them have their own distinct nginx/ingress/etc to handle their rewrites as needed. Then if you want to tie these together later into some other top level domain/site, it's easily done and not having to manage many rewrite rules in the one location, which can get quite messy.
这篇关于如何与nginx-ingress一起使用proxy_pass?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!