GKE Nginx入口-分配静态IP

时间:2020-10-18 14:20:54

标签: kubernetes google-cloud-platform google-kubernetes-engine kubernetes-ingress nginx-ingress

我在ingress.class的GKE集群中有一个入口控制器:

kubernetes.io/ingress.class: "nginx"

我希望为此入口控制器分配一个静态IP。我按照本教程创建和分配了静态IP:

https://cloud.google.com/kubernetes-engine/docs/tutorials/configuring-domain-name-static-ip

基本上,我保留了一个静态IP,并尝试使用以下方式将其分配给入口:

kubernetes.io/ingress.global-static-ip-name: "my-ingress-static-ip"

问题

ip地址入口未更改为新分配的静态ip。

我应该如何将此静态IP分配给入口?

我的配置

使用以下方式部署控制器:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.40.2/deploy/static/provider/cloud/deploy.yaml

我的入口Yaml:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: api-ingress
  namespace: development
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    kubernetes.io/ingress.class: "nginx"
    # Disallow http - Allowed only with gce controller
    # kubernetes.io/ingress.allow-http: "false"
    # Enable client certificate authentication
    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
    # Create the secret containing the trusted ca certificates
    nginx.ingress.kubernetes.io/auth-tls-secret: "development/api-ingress-ca-secret"
    # Specify the verification depth in the client certificates chain
    nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
    # Automatically redirect http to https
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    # Use regex in paths
    nginx.ingress.kubernetes.io/use-regex: "true"
    # For notifications we add the proxy headers
    nginx.ingress.kubernetes.io/configuration-snippet: |  
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    # Set a static ip for the ingress
    kubernetes.io/ingress.global-static-ip-name: "my-ingress-static-ip"
spec:
  tls:
    - hosts:
      - my-host.com
      secretName: api-tls-certificate
  rules:
  - host: my-host.com
    http:
      paths:
      - path: /(v[0-9]/.*)
        backend:
          serviceName: my-service
          servicePort: 443

删除入口或控制器并不能解决问题。

1 个答案:

答案 0 :(得分:2)

该教程仅适用于GCE入口控制器。

注意:本教程不适用于NGINX入口控制器。

要设置IP地址,您需要在LoadBalancer服务的spec: section中指定实际的IP地址。

spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  loadBalancerIP: ACTUAL.IP.ADRESS.HERE
  ports:

请注意,请确保您的IP地址是区域静态IP,而不是全局IP。这花了我一段时间才弄清楚。

相关问题
最新问题