K8的新手,面临实施困境。我需要为多个NGINX-PHP网站部署一个K8s集群,每个网站都有自己的域。托管的网站数量可以定期增加/减少,在任何给定时间都可以部署成百上千的网站。为了使问题更简单,我已经排除了PHP部分。
方案1-入口处虚拟主机和SSL终止
优点:
可能是骗局?
方案2-虚拟主机和SSL在Pod级别终止
优点:
缺点:
以上哪种情况最适合?给定问题还有其他可能的情况吗?
答案 0 :(得分:2)
If you'd like to just avoid having hundreds of services you can set up a single nginx ingress controller (with a single ingress class in your cluster) and then create multiple Ingresses using the single ingress controller. (It can also be a single Ingress if you'd like, with hostname-based routing)
This controller basically runs in a deployment with multiple pods and can scale up and down (for example using an HPA or/and the cluster autoscaler or/and the VPA).
The nginx controller takes care of reloading nginx with the new configs everytime you changed them (with no downtime). You can also have an SSL termination per Kubernetes Ingress, so if you have multiple domains that can also be handled.
Hope it helps!
答案 1 :(得分:2)
使用nginx入口控制器进入场景1。
我们使用它将外部用户路由到在k8s集群中运行的多个应用程序