Ingress wildcard domain 泛域名设置
<p>目标:完成Ingress的泛域名配置,通过lua脚本转发到后端service</p><p>Service, Deployment配置</p>
<div class="cnblogs_Highlighter">
<pre class="brush:bash;gutter:true;">kind: Service
apiVersion: v1
metadata:
name: aimaster-nginx-service-wildcard
spec:
selector:
aimaster.lenovo.com/service.pod: nginx-service-wildcard
ports:
- protocol: TCP
port: 8080
targetPort: http
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: aimaster-nginx-service-wildcard
spec:
selector:
matchLabels:
aimaster.lenovo.com/service.pod: "nginx-service-wildcard"
replicas: 1
template:
metadata:
labels:
aimaster.lenovo.com/service.pod: "nginx-service-wildcard"
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: aimaster.lenovo.com/service.pod
operator: In
values:
- nginx-service-wildcard
topologyKey: "kubernetes.io/hostname"
containers:
- name: service
image: "openresty/openresty:1.17.8.2-5-centos"
ports:
- name: http
containerPort: 80
volumeMounts:
- mountPath: /usr/local/openresty/nginx/conf/nginx.conf
name: config-volume
subPath: nginx.conf
volumes:
- name: config-volume
hostPath:
path: /home/nginx_wildcard/
type: Directory
</pre>
</div>
<p> </p>
<p>ingress 配置</p>
<p> </p>
<div class="cnblogs_Highlighter">
<pre class="brush:bash;gutter:true;">apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: aimaster-nginx-ingress-wildcard
namespace: default
spec:
rules:
- host: "*.sub.test.com"
http:
paths:
- path: /
backend:
serviceName: aimaster-nginx-service-wildcard
servicePort: http
</pre>
</div>
<p> </p>
<p>nginx.conf</p>
<div class="cnblogs_Highlighter">
<pre class="brush:bash;gutter:true;">worker_processes1;
error_log/error.log debug;
pid /nginx.pid;
events {
worker_connections1024;
}
http {
include mime.types;
default_typeapplication/octet-stream;
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log/access.logmain;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
sendfile on;
#tcp_nopush on;
keepalive_timeout65;
#gzipon;
resolver local=on ipv6=off;
server {
listen 80;
location / {
set $service'';
rewrite_by_lua_block {
local host = ngx.var.host
local regex = "(+).(+).sub.test.com"
local m = ngx.re.match(host, regex)
if m then
ngx.log(ngx.STDERR, "service: " .. m .. " ns: " .. m)
ngx.var.service = m .. "." .. m.. ".svc.cluster.local:8099"
ngx.log(ngx.STDERR, "service: " .. ngx.var.service)
end
}
proxy_pass http://$service;
}
}
}
</pre>
</div>
<p> </p>
<p>nginx.conf配置注意事项</p>
<p>1. resolver local=on ipv6=off; 这个配置使用local=on是openresty中带有的一个参数,会使用/etc/resolve.conf文件进行解析域名</p>
<p>2. 由于使用了kube-dns,端口号可以自己设置,8099替换成servivce的端口。</p>
<p> </p>
<p>使用:</p>
<p>先把/etc/hosts文件修改指向对应的nginx-controller地址,</p>
<p>xxx.xxx.xxx.xxx <service name>.sub.test.com</p>
<p>然后使用curl <service name>.sub.test.com 来查看访问结果</p><br><br>
来源:https://www.cnblogs.com/xuchenCN/p/13856890.html
頁:
[1]