路径在Kubernetes NGINX入口控制器中不起作用

时间:2019-08-13 15:39:39

标签: ssl nginx kubernetes kubernetes-ingress docker-ingress

我有一个Spring Boot应用程序,负责获取公民,还有一个配置了ssl-passthrough的NGINX Ingress控制器,用于将我的集群暴露给外部。

当我这样做时: https://myhostname.com/citizens

它完美地工作。这是我正在使用的配置:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  rules:
    - host: myhostname.com
      http:
        paths:
          - path: /
            backend:
              serviceName: myservice
              servicePort: 443

但是我想要类似的东西:

https://myhostname.com/myservice/citizens

这将类似于kubernetes文档中描述的math简单扇出方法: https://kubernetes.io/docs/concepts/services-networking/ingress/#simple-fanout

因此,在我的Spring应用程序中,我已经配置了contextPath,因此在本地时,我可以这样做: https://localhost:8080/myservice/citizens

我得到了预期的结果

对于NGINX,我设置了以下内容:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - host: myhostname.com
      http:
        paths:
          - path: /myservice
            backend:
              serviceName: myservice
              servicePort: 443

我在做什么错了?

解决方案: 我已经进行了一些研究,但我意识到我尝试实现的方法无法通过ssl-passthrough来实现,因为代理是盲目的,并且它不知道将流量路由到何处的路径。

因此,解决方案将是使用子域而不是路径,因为有了SNI协议,NGINX控制器将知道客户端尝试连接到哪个主机名。

最终的解决方案将类似于this

1 个答案:

答案 0 :(得分:0)

如果您的后端期望整个路径rewrite-target,则可以使用它将其指向不带apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-ingress namespace: default annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: rules: - host: myhostname.com http: paths: - path: /myservice/citizens backend: serviceName: myservice servicePort: 443 指令的服务,因为它only dictates how URIs are going to be treated in the backend

8080

请注意,这是假设您的服务能够将请求重定向到import React from "react" import Popover from "react-bootstrap/Popover" import OverlayTrigger from "react-bootstrap/OverlayTrigger" import Button from "react-bootstrap/Button" class PopoverExample extends React.Component { render() { return ( const popover = () => ( <Popover id="popover-basic"> <Popover.Title as="h3">Popover right</Popover.Title> <Popover.Content> And here's some <strong>amazing</strong> content. It's very engaging. right? </Popover.Content> </Popover> ); const Example = () => ( <OverlayTrigger trigger="click" placement="right" overlay={popover}> <Button variant="success">Click me to see</Button> </OverlayTrigger> ); ) } } (这是您的后端侦听端口),因此它必须与之匹配。

相关问题
最新问题