如何将 kubernetes nginx-ingress 路由到另一个命名空间中的仪表板
How to route kubernetes nginx-ingress to dashboard in another namespace
我正在试用 kubernetes,我已经在默认命名空间中部署了我的 Nginx,我正在尝试创建一个虚拟服务器来路由仪表板。
nginx:默认命名空间
仪表板:kubernetes-dashboard 命名空间
但是,当我尝试创建虚拟服务器时,它警告我虚拟服务器路由不存在或无效?据我了解,如果我想路由到不同的名称空间,我可以通过将名称空间放在服务前面来实现。
nginx-ingress-dashboard.yaml
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: kubernetes-dashboard
spec:
host: k8.test.com
tls:
secret: nginx-tls-secret
# basedOn: scheme
redirect:
enable: true
code: 301
upstreams:
- name: kubernetes-dashboard
service: kubernetes-dashboard
port: 8443
routes:
- path: /
route: kubernetes-dashboard/kubernetes-dashboard
kubernetes-仪表板
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
有什么提示我做错了什么吗?提前致谢。
192.168.254.9 - - [27/Apr/2021:07:14:43 +0000] "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0" 400 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36" "-"2021/04/27 07:14:43 [error] 137#137: *106 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.254.9, server: k8.test.com, request: "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0", upstream: "http://192.168.253.130:8443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/", host: "k8.test.com"
192.168.254.9 - - [27/Apr/2021:07:14:43 +0000] "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0" 400 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36" "-" 2021/04/27 07:14:43 [error] 137#137: *106 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.254.9, server: k8.test.com, request: "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0", upstream: "http://192.168.253.130:8443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/", host: "k8.test.com"
secret.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
您需要使用 action.pass 而不是定义路由,因为您希望将请求直接重定向到服务。
此外,我对 VirtualServer 资源没有太多经验,但 Ingress 资源通常应该位于您要提供的服务的同一名称空间中。 Ingress Controller 会拾取它们,即使它们位于不同的命名空间中。 (这意味着 tls 机密需要位于该命名空间中)
所以,我会把 action.pass 和 VirtualServer 放在你要服务的资源的同一个命名空间中,如下所示:
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
host: k8.test.com
tls:
secret: nginx-tls-secret
# basedOn: scheme
redirect:
enable: true
code: 301
upstreams:
- name: kubernetes-dashboard
service: kubernetes-dashboard
port: 443
routes:
- path: /
action:
pass: kubernetes-dashboard
如果您使用路由,则需要使用该名称定义一个 VirtualServerRoute,如文档中所述 (https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute-specification)
我正在试用 kubernetes,我已经在默认命名空间中部署了我的 Nginx,我正在尝试创建一个虚拟服务器来路由仪表板。
nginx:默认命名空间 仪表板:kubernetes-dashboard 命名空间
但是,当我尝试创建虚拟服务器时,它警告我虚拟服务器路由不存在或无效?据我了解,如果我想路由到不同的名称空间,我可以通过将名称空间放在服务前面来实现。
nginx-ingress-dashboard.yaml
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: kubernetes-dashboard
spec:
host: k8.test.com
tls:
secret: nginx-tls-secret
# basedOn: scheme
redirect:
enable: true
code: 301
upstreams:
- name: kubernetes-dashboard
service: kubernetes-dashboard
port: 8443
routes:
- path: /
route: kubernetes-dashboard/kubernetes-dashboard
kubernetes-仪表板
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
有什么提示我做错了什么吗?提前致谢。
192.168.254.9 - - [27/Apr/2021:07:14:43 +0000] "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0" 400 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36" "-"2021/04/27 07:14:43 [error] 137#137: *106 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.254.9, server: k8.test.com, request: "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0", upstream: "http://192.168.253.130:8443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/", host: "k8.test.com"
192.168.254.9 - - [27/Apr/2021:07:14:43 +0000] "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0" 400 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36" "-" 2021/04/27 07:14:43 [error] 137#137: *106 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.254.9, server: k8.test.com, request: "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0", upstream: "http://192.168.253.130:8443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/", host: "k8.test.com"
secret.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
您需要使用 action.pass 而不是定义路由,因为您希望将请求直接重定向到服务。
此外,我对 VirtualServer 资源没有太多经验,但 Ingress 资源通常应该位于您要提供的服务的同一名称空间中。 Ingress Controller 会拾取它们,即使它们位于不同的命名空间中。 (这意味着 tls 机密需要位于该命名空间中)
所以,我会把 action.pass 和 VirtualServer 放在你要服务的资源的同一个命名空间中,如下所示:
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
host: k8.test.com
tls:
secret: nginx-tls-secret
# basedOn: scheme
redirect:
enable: true
code: 301
upstreams:
- name: kubernetes-dashboard
service: kubernetes-dashboard
port: 443
routes:
- path: /
action:
pass: kubernetes-dashboard
如果您使用路由,则需要使用该名称定义一个 VirtualServerRoute,如文档中所述 (https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute-specification)