kubernetes===》ingress nginx基于域名的网络转发资源
一、Ingress nginx(基于域名的网络转发资源)Ingress为Kubernetes集群中的服务提供了入口,可以提供负载均衡、SSL终止和基于名称的虚拟主机,在生产环境中常用的Ingress有Treafik(原生支持k8s)、Nginx(性能强)、HAProxy、Istio(服务网络,服务流量的治理)等。在Kubernetesv 1.1版中添加的Ingress用于从集群外部到集群内部Ser
一、Ingress nginx(基于域名的网络转发资源)
Ingress为Kubernetes集群中的服务提供了入口,可以提供负载均衡、SSL终止和基于名称的虚拟主机,在生产环境中常用的Ingress有Treafik(原生支持k8s)、Nginx(性能强)、HAProxy、Istio(服务网络,服务流量的治理)等。在Kubernetesv 1.1版中添加的Ingress用于从集群外部到集群内部Service的HTTP和HTTPS路由,流量从Internet到Ingress再到Services最后到Pod上,通常情况下,Ingress部署在所有的Node节点上。Ingress可以配置提供服务外部访问的URL、负载均衡、终止SSL,并提供基于域名的虚拟主机。但Ingress不会暴露任意端口或协议。
1.部署ingress访问nginx(使用一个域名)
#1.下载ingress nginx(属于外部网络资源,不是集群内部资源,所以需要安装)
[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml
#2.修改镜像
[root@k8s-master1 ~]# sed -i 's#k8s.gcr.io/ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a#registry.cn-hangzhou.aliyuncs.com/k8sos/ingress-controller:v0.44.0#g' deploy.yaml
#3.部署
[root@k8s-master1 ~]# kubectl apply -f deploy.yaml
#4.开始编辑ingress配置清单并部署
[root@k8s-master1 ~]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx" #使用nginx反向代理ingress,可更换成Treafik或Istio
spec:
rules:
- host: www.test.com
http:
paths:
- path: /
backend:
serviceName: service
servicePort: 80
[root@k8s-master1 ~]# kubectl apply -f ingress.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/ingress-ingress created
#5.查看ingress
[root@k8s-master1 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test.com 192.168.12.12 80 49s
#6.修改主机host文件解析
192.168.12.11 www.test.com
#7.浏览器测试使用域名访问www.test.com:32708
[root@k8s-master1 ~]# kubectl get svc -n ingress-nginx #查看端口号32708
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 17m
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 17m
#扩展:查看是否部署ingress nginx成功
[root@k8s-master1 ~]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-tfgck 0/1 Completed 0 91m #状态为完成是正常的,因为是定时任务
ingress-nginx-admission-patch-v5xjd 0/1 Completed 0 91m
ingress-nginx-controller-57dc855f79-p9nx9 1/1 Running 0 91m #显示正在运行就证明部署成功
2.部署ingress访问nginx(使用两个不同域名相同的端口号)
使用两个域名指向同一个服务nginx
#1.编辑test.yaml文件
[root@k8s-master1 ~]# vim test.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: test
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
---
apiVersion: v1
kind: service
metadata:
name: test-svc
spec:
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
#2.部署test
[root@k8s-master1 ~]# kubectl apply -f test.yaml
deployment.apps/test unchanged
service/test-svc created
#3.查看test-svc的集群IP 10.111.116.174
[root@k8s-master1 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
baidu ExternalName <none> www.aliyun.com <none> 28h
headless-svc ClusterIP None <none> 80/TCP 10h
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d14h
service ClusterIP 10.109.114.72 <none> 80/TCP 8h
test-svc ClusterIP 10.111.116.174 <none> 80/TCP 42s
#4.通过集群IP内网访问
[root@k8s-master1 ~]# curl 10.111.116.174
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
#5.修改ingress添加域名
[root@k8s-master1 ~]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.test.com
http:
paths:
- path: /
backend:
serviceName: service
servicePort: 80
- host: www.abc.com #添加以下内容
http:
paths:
- path: /
backend:
serviceName: test-svc
servicePort: 80
#6.部署ingress
[root@k8s-master1 ~]# kubectl apply -f ingress.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/ingress-ingress configured
#7.查看ingress(此时已有两个域名)
[root@k8s-master1 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test.com,www.abc.com 192.168.12.12 80 44m
#8.修改主机host文件,浏览器通过域名访问(实现不同域名通过相同的端口号访问nginx)
192.168.12.11 www.test.com www.abc.com
3.ingress nginx工作原理
#1.部署完ingress配置清单,会实时生成nginx配置
进入nginx容器
[root@k8s-master1 ~]# kubectl exec -it -n ingress-nginx ingress-nginx-controller-57dc855f79-p9nx9 -- bash
bash-5.1$ cd /etc/nginx/ #切换到配置文件
bash-5.1$ ls -l
-rw-r--r-- 1 www-data www-data 21420 Apr 2 11:47 nginx.conf
bash-5.1$ vi nginx.conf #查看配置文件内容
## start server www.test.com
server {
server_name www.test.com ; #ingress自动实时生成nginx配置文件
listen 80 ;
listen 443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location / {
set $namespace "default"; #以下都是通过变量定义
set $ingress_name "ingress-ingress";
set $service_name "service";
set $service_port "80";
set $location_path "/";
set $global_rate_limit_exceeding n;
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = true,
#2.nginx ingress通过headless service(因为不需要提供集群内部IP,所以选择无头service)对外提供端口服务连接到后端的pod
#3.相当于通过nginx反向代理到后端pod,因为nginx ingress也是部署在集群内部的,只需要给nginx开一个端口,其他集群服务就不需要端口,让nginx对外提供端口,内部反向代理到后端pod即可
二、基于TLS的Ingress(测试访问nginx)
#1.创建HTTPS 证书
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.test.com
#2.部署证书
kubectl -n default create secret tls ingress-tls --cert=tls.crt --key=tls.key
#3.编辑ingress.yaml文件并部署
[root@k8s-master1 ~]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress
namespace: default #与部署证书-n default指定相同
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- secretName: ingress-tls #添加证书
rules:
- host: www.test.com
http:
paths:
- path: /
backend:
serviceName: test-svc
servicePort: 80
[root@k8s-master1 ~]# kubectl apply -f ingress.yaml #部署ingress
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/ingress-ingress created
#4.查看端口号443:32731
[root@k8s-master1 ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 9h
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 9h
#5.查看部署状态(只要HOSTS和ADDRESS有值证明部署成功可以测试访问了)
[root@k8s-master1 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test.com 192.168.12.12 80, 443 53s
#6.配置主机host文件并浏览器域名访问
192.168.12.11 www.test.com
三、ingress加密部署word press案例
#1.创建HTTPS 证书
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.test.com #这里的域名要与ingress配置清单里的主机名相同
#2.编辑word press的配置清单及部署
[root@k8s-master1 ~]# vim wp-gdx.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mysql
---
kind: Service
apiVersion: v1
metadata:
name: mysql
namespace: mysql
spec:
ports:
- name: http
port: 3306
targetPort: 3306
selector:
app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: name-mysql
namespace: mysql
spec:
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: 18954354671/lnmp-mysql-wp:v2
---
apiVersion: v1
kind: Namespace
metadata:
name: wordpress
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: wordpress
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
nodePort: 30080
- name: https
port: 443
targetPort: 443
selector:
app: wordpress
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: wordpress
namespace: wordpress
spec:
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: php
image: 18954354671/lnmp-php-wp:v2
- name: nginx
image: 18954354671/lnmp-nginx-wp:v2
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: wordpress
namespace: wordpress #部署证书时 -n 指定的命名空间名称
spec:
tls:
- secretName: ingress-tls #添加证书
rules:
- host: www.wp.local #与创建证书结尾域名相同
http:
paths:
- path: /
backend:
serviceName: wordpress
servicePort: 80
#3.部署证书
kubectl -n wordpress create secret tls ingress-tls --cert=tls.crt --key=tls.key #此处-n后边接的是ingress命名空间
#4.查看端口号(443:32731)
[root@k8s-master1 ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 11h
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 11h
#5.查看ingress部署状态
[root@k8s-master1 ~]# kubectl get ingress -n wordpress
NAME CLASS HOSTS ADDRESS PORTS AGE
wordpress <none> www.wp.local 192.168.12.12 80, 443 44m
#6.配置主机host文件并访问
192.168.12.11 www.wp.local
#注:可直接使用https://www.wp.local:32731/wp-admin/install.php 访问
四、ingress常用用法
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#service-upstream
有两种方式:
1、注解 : 当前ingress生效
2、configMap : 全局ingress生效
1.域名重定向(不能重定向到 /)
#1.修改配置清单(以nginx为例)
[root@k8s-master1 ~]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=nginx #指定重定向的域名(百度网址)
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: test-svc
servicePort: 80
#2.部署ingress
[root@k8s-master1 ~]# kubectl apply -f ingress.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/ingress-ingress created
#3.查看端口(32708)
[root@k8s-master1 ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 16h
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 16h
#4.查看域名
[root@k8s-master1 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test-nginx.com 80 14s
#5.配置主机host文件并访问
192.168.12.11 www.test-nginx.com
访问:www.test-nginx.com:32708 自动重定向到百度
2.限速设置
定义连接和传输速率的限制用于减轻DDoS攻击 (在配置清单里 kubernetes.io/ingress.class: "nginx"下边一行齐头写入)
#1.nginx.ingress.kubernetes.io/limit-connections:允许从单个IP地址进行并发连接的数量。超过此限制时返回 503 错误。
#2.nginx.ingress.kubernetes.io/limit-rps:每秒接受来自给定 IP 的请求数量。爆破限制设置为此限制乘以爆破乘数,默认乘数为 5。当客户超过此限制时,将返回限制-重新q-状态代码:503。
#3.nginx.ingress.kubernetes.io/limit-rpm:每分钟接受来自给定 IP 的请求数量。爆破限制设置为此限制乘以爆破乘数,默认乘数为 5。当客户超过此限制时,将返回限制-重新q-状态代码:503。
#4.nginx.ingress.kubernetes.io/limit-burst-multiplier:爆裂大小限制速率的乘数。默认爆破乘数为 5,此注释覆盖默认乘数。当客户超过此限制时,将返回限制-重新q-状态代码:503。
#5.nginx.ingress.kubernetes.io/limit-rate-after:初始千字节数,之后对给定连接的进一步响应传输将受到率限制。此功能必须与启用代理缓冲一起使用。
#6.nginx.ingress.kubernetes.io/limit-rate:允许发送到给定连接的每秒千字节数。零值禁用率限制。此功能必须与启用代理缓冲一起使用。
#7.nginx.ingress.kubernetes.io/limit-whitelist:客户端 IP 源范围将排除在费率限制之外。该值是CIDR的逗号分离列表。
如果您在单个入口规则中指定多个注释,则在顺序中应用限制,limit-connectionslimit-rpmlimit-rps
3.设置ingress白名单
通过注释指定允许的客户端 IP 源范围 (多个IP用逗号隔开)
#1.修改配置清单
[root@k8s-master1 ~]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
#nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=nginx
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.12.11,192.168.12.12 #白名单内没有指定192.168.11.13允许访问
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: test-svc
servicePort: 80
#2.部署ingress
[root@k8s-master1 ~]# kubectl apply -f ingress.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/ingress-ingress created
#3.查看端口(32708)
[root@k8s-master1 ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 16h
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 16h
#4.查看域名
[root@k8s-master1 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test-nginx.com 80 14s
#5.配置主机host文件并访问
192.168.12.13 www.test-nginx.com
访问:www.test-nginx.com:32708 被拒绝===》因为被ingress白名单拦截
在主机的是可以ping通的
4.永久重定向
允许返回永久重定向(返回代码 301),而不是向上游发送数据。
例如,将所有内容重定向到 Google。nginx.ingress.kubernetes.io/permanent-redirect: https://www.google.com
#1.修改配置清单
[root@k8s-master1 ~]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/permanent-redirect: https://www.baidu.com #可以直接跟重定向的域名
#nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=nginx
#nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.12.11,192.168.12.12
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: test-svc
servicePort: 80
#2.部署ingress
[root@k8s-master1 ~]# kubectl apply -f ingress.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/ingress-ingress created
#3.查看端口(32708)
[root@k8s-master1 ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 16h
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 16h
#4.查看域名
[root@k8s-master1 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test-nginx.com 80 14s
#5.配置主机host文件并访问
192.168.12.11 www.test-nginx.com
访问:www.test-nginx.com:32708 重定向到百度
5.永久重定向码
允许您修改用于永久重定向的状态代码。例如,将返回您的永久重定向与308。nginx.ingress.kubernetes.io/permanent-redirect-code: '308'
#1.修改配置清单
[root@k8s-master1 ~]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/permanent-redirect: https://www.baidu.com
nginx.ingress.kubernetes.io/permanent-redirect-code: '308' #将308状态码重定向到百度
#nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=nginx
#nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.12.11,192.168.12.12
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: test-svc
servicePort: 80
#2.部署ingress
[root@k8s-master1 ~]# kubectl apply -f ingress.yaml
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/ingress-ingress created
#3.查看端口(32708)
[root@k8s-master1 ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 16h
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 16h
#4.查看域名
[root@k8s-master1 ~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test-nginx.com 80 14s
#5.配置主机host文件并访问
192.168.12.11 www.test-nginx.com
访问:www.test-nginx.com:32708
6.代理HTTP版本
设置 Nginx 反向代理用于与后端通信的proxy_http_version。
默认情况下,此设置为"1.1"。
nginx.ingress.kubernetes.io/proxy-http-version: "1.0"
7.启用访问日志
默认情况下启用了访问日志,但在某些情况下,可能需要禁用给定入口的访问日志。
#1. 默认情况下启用了访问日志,但在某些情况下,可能需要禁用给定入口的访问日志。
nginx.ingress.kubernetes.io/enable-access-log: "true" #启用访问日志
#2.默认情况下未启用重写日志。在某些情况下,可能需要启用 NGINX 重写日志。请注意,重写日志将发送到通知级别的error_log文件。
nginx.ingress.kubernetes.io/enable-rewrite-log: "true" #启用重写日志
#3.开启跟踪可以通过 ConfigMap 在全球范围内启用或禁用,但有时需要将其覆盖才能启用或禁用特定入口(例如关闭外部健康检查端点的跟踪)
nginx.ingress.kubernetes.io/enable-opentracing: "true" #启用开放跟踪
#4.要将非标准标题添加到具有字符串值的上游请求中,可以使用以下注释:X-Forwarded-Prefix
nginx.ingress.kubernetes.io/x-forwarded-prefix: "/path" #X转发前缀标题
8.SSL密码
#1.使用此注释将在服务器级别设置指令。此配置对主机中的所有路径都是活跃的。ssl_ciphers
nginx.ingress.kubernetes.io/ssl-ciphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" #启用ssl密码
#2.以下注释将在服务器级别设置指令。此配置指定在使用 SSLv3 和 TLS 协议时,服务器密码应优先于客户端密码。ssl_prefer_server_ciphers
nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: "true" #启用ssl密码
9.使用正则的方式匹配(支持的正则比较少)
#1.修改配置清单
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-ingress-nginx-tls
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: https://www.baidu.com/s?wd=$1 #增加变量
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /search/(.+) #匹配所有
backend:
serviceName: wordpress-nginx
servicePort: 80
#2.部署步骤与上文同步此处省略
#3.配置主机host测试访问
192.168.12.11 www.test-nginx.com
访问:www.test-nginx.com:32708/search/kubernetes
#1.定义以下入口
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test-ingress-3
annotations:
nginx.ingress.kubernetes.io/use-regex: "true" #开启正则
spec:
rules:
- host: test.com
http:
paths:
- path: /foo/bar/bar
backend:
serviceName: test
servicePort: 80
- path: /foo/bar/[A-Z0-9]{3}
backend:
serviceName: test
servicePort: 80
#2.入口控制器将在服务器的 NGINX 模板中定义以下位置块(按此顺序):test.com
location ~* "^/foo/bar/[A-Z0-9]{3}" {
...
}
location ~* "^/foo/bar/bar" {
...
}
10.nginx登录
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-ingress-nginx-tls
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
rules:
- host: www.test-nginx.com
http:
paths:
- path: /
backend:
serviceName: wordpress-nginx
servicePort: 80
更多推荐
所有评论(0)