Azure Kubernetes Nginx Ingress:如何使用 HTTPS 正确路由到 API 服务和 Nginx Web 服务器并避免 502?
Azure Kubernetes Nginx Ingress: How do I properly route to an API service and an Nginx web server with HTTPS and avoid 502?
我有 2 个服务,一个提供休息 API,另一个通过 nginx 网络服务器提供静态内容。
我可以使用 https 通过入口控制器从 pod 运行 nginx 网络服务器检索静态内容,前提是我 不 在入口 yaml
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
但是,后端 API 服务不再有效。如果我重新添加该注释,后端服务 URL https://fqdn/restservices/engine-rest/v1/api 工作但前端 https://fqdn/ Web 服务器抛出 502.
入口
Ingress
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
- path: /
backend:
serviceName: b
servicePort: 8011
服务API
kind: Service
apiVersion: v1
metadata:
name: a
namespace: namespace-abc
labels:
app: a
version: 1
spec:
ports:
- name: https
protocol: TCP
port: 80
targetPort: 8080
nodePort: 31019
selector:
app: a
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: ClientIP
externalTrafficPolicy: Cluster
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
服务UI
kind: Service
apiVersion: v1
metadata:
name: b
namespace: namespace-abc
labels:
app: b
version: 1
annotations:
spec:
ports:
- name: http
protocol: TCP
port: 8011
targetPort: 8011
nodePort: 32620
selector:
app: b
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: None
externalTrafficPolicy: Cluster
如果您的问题是添加 nginx.ingress.kubernetes.io/backend-protocol: HTTPS 使服务 A 工作但服务 B 失败,删除它使服务 A 失败但对服务 B 工作,那么解决方案是创建两个不同的入口对象,以便它们可以独立注释
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-a
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-b
namespace: namespace-abc
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: b
servicePort: 8011
我有 2 个服务,一个提供休息 API,另一个通过 nginx 网络服务器提供静态内容。 我可以使用 https 通过入口控制器从 pod 运行 nginx 网络服务器检索静态内容,前提是我 不 在入口 yaml
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
但是,后端 API 服务不再有效。如果我重新添加该注释,后端服务 URL https://fqdn/restservices/engine-rest/v1/api 工作但前端 https://fqdn/ Web 服务器抛出 502.
入口
Ingress
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
- path: /
backend:
serviceName: b
servicePort: 8011
服务API
kind: Service
apiVersion: v1
metadata:
name: a
namespace: namespace-abc
labels:
app: a
version: 1
spec:
ports:
- name: https
protocol: TCP
port: 80
targetPort: 8080
nodePort: 31019
selector:
app: a
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: ClientIP
externalTrafficPolicy: Cluster
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
服务UI
kind: Service
apiVersion: v1
metadata:
name: b
namespace: namespace-abc
labels:
app: b
version: 1
annotations:
spec:
ports:
- name: http
protocol: TCP
port: 8011
targetPort: 8011
nodePort: 32620
selector:
app: b
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: None
externalTrafficPolicy: Cluster
如果您的问题是添加 nginx.ingress.kubernetes.io/backend-protocol: HTTPS 使服务 A 工作但服务 B 失败,删除它使服务 A 失败但对服务 B 工作,那么解决方案是创建两个不同的入口对象,以便它们可以独立注释
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-a
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-b
namespace: namespace-abc
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: b
servicePort: 8011