AWS Ingress Controller 似乎忽略了主机名规则
AWS Ingress Controller seems to be ignoring host name rules
我正在尝试将前端应用程序部署到 Amazon EKS。这个概念是将有两个部署以及两个服务(frontend-service 和 stg-frontend-service),一个用于生产,一个用于暂存。
最重要的是,将有一个入口 ALB,它将根据主机名重定向流量。即,如果主机名是 www.project.io,流量将被路由到 frontend-service,如果主机名是 stg-project.io,流量将被路由到 stg-frontend-service.
这是我的部署和入口配置
stg-frontend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: stg-frontend-deployment
namespace: project
spec:
replicas: 3
selector:
matchLabels:
app: stg-frontend
template:
metadata:
labels:
app: stg-frontend
spec:
containers:
- name: stg-frontend
image: STAGING_IMAGE
imagePullPolicy: Always
ports:
- name: web
containerPort: 3000
imagePullSecrets:
- name: project-ecr
---
apiVersion: v1
kind: Service
metadata:
name: stg-frontend-service
namespace: project
spec:
selector:
app: stg-frontend
ports:
- protocol: TCP
port: 80
targetPort: 3000
stg-prod-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-deployment
namespace: project
spec:
replicas: 3
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: PRODUCTION_IMAGE
imagePullPolicy: Always
ports:
- name: web
containerPort: 3000
imagePullSecrets:
- name: project-ecr
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: project
spec:
selector:
app: frontend
ports:
- protocol: TCP
port: 80
targetPort: 3000
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: project-ingress
namespace: project
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- host: www.project.io
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
- host: stg.project.io
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: stg-frontend-service
port:
number: 80
后来,我使用 Route 53 将流量从两个域路由到 ALB。
+----------------+------+---------+-----------------------------------------------------+
| Record Name | Type | Routing | Value/Route traffic to |
+----------------+------+---------+-----------------------------------------------------+
| www.project.io | A | Simple | dualstack.k8s-********.us-west-1.elb.amazonaws.com. |
| stg.project.io | A | Simple | dualstack.k8s-********.us-west-1.elb.amazonaws.com. |
+----------------+------+---------+-----------------------------------------------------+
问题是,ALB 入口始终将流量路由到第一个规范规则。在上面的配置中,第一个规则是主机 www.project.io,它引用 frontend-service。每当我尝试访问 www.project.io 或 stg.project.io 时,它都会向我显示来自 frontend-service.
的响应
后来,我切换了规则,把暂存规则放在第一位,然后它在两个域上都显示了暂存服务。
我什至创建了一个像 junk.project.io 这样的虚拟记录并指向负载均衡器,它仍然有效并向我显示相同的响应,即使 junk.project.io 不包含在我的入口配置中。
在我看来,Ingress Config 完全忽略了主机名,总是从第一条规则返回响应。
您的主机和 http 值在列表中定义为单独的项目,请尝试删除 http 节点前面的 -(连字符):
- host: www.project.io
http: # I removed the hyphen here
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
- host: stg.project.io
http: # I removed the hyphen here
paths:
- path: /
pathType: Prefix
backend:
service:
name: stg-frontend-service
port:
number: 80
我正在尝试将前端应用程序部署到 Amazon EKS。这个概念是将有两个部署以及两个服务(frontend-service 和 stg-frontend-service),一个用于生产,一个用于暂存。
最重要的是,将有一个入口 ALB,它将根据主机名重定向流量。即,如果主机名是 www.project.io,流量将被路由到 frontend-service,如果主机名是 stg-project.io,流量将被路由到 stg-frontend-service.
这是我的部署和入口配置
stg-frontend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: stg-frontend-deployment
namespace: project
spec:
replicas: 3
selector:
matchLabels:
app: stg-frontend
template:
metadata:
labels:
app: stg-frontend
spec:
containers:
- name: stg-frontend
image: STAGING_IMAGE
imagePullPolicy: Always
ports:
- name: web
containerPort: 3000
imagePullSecrets:
- name: project-ecr
---
apiVersion: v1
kind: Service
metadata:
name: stg-frontend-service
namespace: project
spec:
selector:
app: stg-frontend
ports:
- protocol: TCP
port: 80
targetPort: 3000
stg-prod-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-deployment
namespace: project
spec:
replicas: 3
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: PRODUCTION_IMAGE
imagePullPolicy: Always
ports:
- name: web
containerPort: 3000
imagePullSecrets:
- name: project-ecr
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: project
spec:
selector:
app: frontend
ports:
- protocol: TCP
port: 80
targetPort: 3000
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: project-ingress
namespace: project
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- host: www.project.io
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
- host: stg.project.io
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: stg-frontend-service
port:
number: 80
后来,我使用 Route 53 将流量从两个域路由到 ALB。
+----------------+------+---------+-----------------------------------------------------+
| Record Name | Type | Routing | Value/Route traffic to |
+----------------+------+---------+-----------------------------------------------------+
| www.project.io | A | Simple | dualstack.k8s-********.us-west-1.elb.amazonaws.com. |
| stg.project.io | A | Simple | dualstack.k8s-********.us-west-1.elb.amazonaws.com. |
+----------------+------+---------+-----------------------------------------------------+
问题是,ALB 入口始终将流量路由到第一个规范规则。在上面的配置中,第一个规则是主机 www.project.io,它引用 frontend-service。每当我尝试访问 www.project.io 或 stg.project.io 时,它都会向我显示来自 frontend-service.
后来,我切换了规则,把暂存规则放在第一位,然后它在两个域上都显示了暂存服务。
我什至创建了一个像 junk.project.io 这样的虚拟记录并指向负载均衡器,它仍然有效并向我显示相同的响应,即使 junk.project.io 不包含在我的入口配置中。
在我看来,Ingress Config 完全忽略了主机名,总是从第一条规则返回响应。
您的主机和 http 值在列表中定义为单独的项目,请尝试删除 http 节点前面的 -(连字符):
- host: www.project.io
http: # I removed the hyphen here
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
- host: stg.project.io
http: # I removed the hyphen here
paths:
- path: /
pathType: Prefix
backend:
service:
name: stg-frontend-service
port:
number: 80