我正在为Kubernets上的某些服务运行Ingress
,尽管服务正在重定向到那些集群IP(有些正确),但是我不确定如何仅在那些基本路径之后正确解析路径,例如,如果我在路径/
中有Tomcat,而在路径/nginx
中有Nginx,则/
之后的任何Tomcat路径都无法解析,甚至/
都没有Nginx路径解析。我的nginx.ingress.kubernetes.io/rewrite-target: /
中已经设置了ingress.yaml
:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tomcat-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
namespace: kube-system
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: tomcat-deployment-service
servicePort: 8080
- path: /nginx
backend:
serviceName: nginx-deployment-service
servicePort: 80
例如,如果Tomcat需要一个/main.css
文件,浏览器将尝试获取/main.css
,但这将返回default-backend
。
此外,如果我尝试访问Nginx服务器上的/nginx
(试图击中/
),则Nginx说(显然)找不到/nginx
。
2019/03/02 08:12:04 [error] 8#8: *343 open() "/usr/share/nginx/html/nginx" failed (2: No such file or directory), client: 10.128.0.7, server: localhost, request: "GET /nginx HTTP/1.1", host: "REDACTED_SERVER_IP"
10.128.0.7 - - [02/Mar/2019:08:12:04 +0000] "GET /nginx HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:65.0) Gecko/20100101 Firefox/65.0" "REDACTED_CLIENT_IP, REDACTED_SERVER_IP"
10.40.1.1 - - [02/Mar/2019:08:12:05 +0000] "GET /nginx HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:65.0) Gecko/20100101 Firefox/65.0" "REDACTED_CLIENT_IP, REDACTED_SERVER_IP"
2019/03/02 08:12:05 [error] 8#8: *344 open() "/usr/share/nginx/html/nginx" failed (2: No such file or directory), client: 10.40.1.1, server: localhost, request: "GET /nginx HTTP/1.1", host: "REDACTED_SERVER_IP"
如何考虑到从服务中查看的路径的开始部分,确定在path
中指定的ingress.yaml
之后的路径?
即
/tomcat
,如何使/tomcat/main.css
以/main.css
的形式出现在Tomcat服务器上(而不解析为默认备份)?/nginx
,如何使/nginx
在Nginx服务器上显示为/
(而不显示为/nginx
)?我认为/rewrite-target
应该这样做。
我是否需要使用通配符?
我的入口如下:
Name: tomcat-ingress
Namespace: kube-system
Address: REDACTED_SERVER_IP
Default backend: default-http-backend:80 (10.40.0.6:8080)
Rules:
Host Path Backends
---- ---- --------
*
/ tomcat-deployment-service:8080 (10.40.2.15:8080)
/nginx nginx-dep-ser:80 (10.40.0.26:80,10.40.1.46:80)
Annotations:
ingress.kubernetes.io/url-map: k8s-um-kube-system-tomcat-ingress--b0fc8aa23db1001d
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/"},"name":"tomcat-ingress","namespace":"kube-system"},"spec":{"rules":[{"http":{"paths":[{"backend":{"serviceName":"tomcat-deployment-service","servicePort":8080},"path":"/"},{"backend":{"serviceName":"nginx-dep-ser","servicePort":80},"path":"/nginx"}]}}]}}
nginx.ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/backends: {"k8s-be-30985--b0fc8aa23db1001d":"HEALTHY","k8s-be-31229--b0fc8aa23db1001d":"HEALTHY","k8s-be-32736--b0fc8aa23db1001d":"HEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s-fw-kube-system-tomcat-ingress--b0fc8aa23db1001d
ingress.kubernetes.io/target-proxy: k8s-tp-kube-system-tomcat-ingress--b0fc8aa23db1001d
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 33m nginx-ingress-controller Ingress kube-system/tomcat-ingress
Normal ADD 33m loadbalancer-controller kube-system/tomcat-ingress
Normal UPDATE 3m (x65 over 33m) nginx-ingress-controller Ingress kube-system/tomcat-ingress
Normal CREATE 3m (x31 over 33m) loadbalancer-controller ip: REDACTED_SERVER_IP
答案 0 :(得分:1)
我假设您使用的是Ingress Controller的最新版本,并且根据documentation:
从0.22.0版开始,使用注释
nginx.ingress.kubernetes.io/rewrite-target
的入口定义与以前的版本不向后兼容。在0.22.0及更高版本中,必须在捕获组中明确定义请求URI中需要传递到重写路径的所有子字符串。
例如:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
name: tomcat-ingress
namespace: default
spec:
rules:
- host: rewrite.bar.com
http:
paths:
- backend:
serviceName: tomcat-deployment-service
servicePort: 8080
path: /tomcat/?(.*)
- backend:
serviceName: nginx-deployment-service
servicePort: 80
path: /nginx/?(.*)
仅当使用最新版本的Ingress Controller时,您当前的配置才能在/
和/nginx
目的地下正常运行。
另一个重要的事情是,应该在与其引用的服务相同的名称空间中创建Ingress对象。否则,ingress-nginx通常会返回503 Service Temporarily Unavailable
错误。
并且不允许在serviceName
的不同名称空间中引用服务:
DNS-1035标签必须由小写字母数字字符或“-”组成,以字母字符开头,并以字母数字字符结尾(例如,“ my-name”或“ abc-123”,用于验证是“ az”吗?)