如何仅在一项后端服务上对Nginx-ingress应用会话粘性?

时间:2019-10-31 01:07:25

标签: kubernetes nginx-ingress

我有一个具有多个后端的Ingress对象,如下所示:

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: my-app
  annotations:
    certmanager.k8s.io/issuer: letsencrypt-prod
    fabric8.io/generated-by: exposecontroller
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: 'true'
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/proxy-body-size: 500m
    nginx.ingress.kubernetes.io/session-cookie-expires: '172800'
    nginx.ingress.kubernetes.io/session-cookie-max-age: '172800'
spec:
  tls:
    - hosts:
        - my-app.<tld>
      secretName: tls-my-app
  rules:
    - host: my-app.<tld>
      http:
        paths:
          - path: /_ui/
            backend:
              serviceName: ui
              servicePort: 443
          - backend:
              serviceName: api
              servicePort: 443

我只需要在api服务上保持会话粘性。但是nginx.ingress.kubernetes.io/affinity: cookie注释适用于所有后端服务。有人知道我能完成我所需要的吗?

1 个答案:

答案 0 :(得分:3)

注释是在Ingress对象上定义的applied to every path(位置)。如果每个路径需要不同的注释,则可以为每个Ingress创建一个不同的path

  
      
  • 注释将应用于Ingress中的所有路径。
    •   
  • 多个Ingress可以定义不同的注释。这些定义在Ingress之间不共享。
    •   
  • 如果多个入口为同一主机定义了不同的路径,则入口控制器将合并这些定义。
    •   

Nginx Ingress Controller将监视并收集这些Ingress规则,并相应地应用它们。

例如:

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: my-app-ui
  annotations:
    certmanager.k8s.io/issuer: letsencrypt-prod
    fabric8.io/generated-by: exposecontroller
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: 'true'
    # No session affinity here
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/proxy-body-size: 500m
    nginx.ingress.kubernetes.io/session-cookie-expires: '172800'
    nginx.ingress.kubernetes.io/session-cookie-max-age: '172800'
spec:
  tls:
    - hosts:
        - my-app.<tld>
      secretName: tls-my-app
  rules:
    - host: my-app.<tld>
      http:
        paths:
          - path: /_ui/
            backend:
              serviceName: ui
              servicePort: 443
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: my-app-api
  annotations:
    certmanager.k8s.io/issuer: letsencrypt-prod
    fabric8.io/generated-by: exposecontroller
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: 'true'
    nginx.ingress.kubernetes.io/affinity: cookie  # <-- Session affiniy is here
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/proxy-body-size: 500m
    nginx.ingress.kubernetes.io/session-cookie-expires: '172800'
    nginx.ingress.kubernetes.io/session-cookie-max-age: '172800'
spec:
  tls:
    - hosts:
        - my-app.<tld>
      secretName: tls-my-app
  rules:
    - host: my-app.<tld>
      http:
        paths:
          - path: /_api/
            backend:
              serviceName: api
              servicePort: 443
---

注意:Kubernetes 1.16上的API extensions/v1beta1deprecated。考虑迁移到networking.k8s.io/v1beta1

相关问题
最新问题