一些Ingress-Nginx yaml样例

V.V.

标签

站点统计

文章

40

分类

3

标签

37

总字数

24,887

运行时长

0 天

最后活动

0 天前

804 字

4 分钟

一些Ingress-Nginx yaml样例

2024-09-10

开发

k8s

/

开发

基础使用#

ingress-basic.yaml

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
  name: example
5
  namespace: default
6
spec:
7
  ingressClassName: nginx
8
  rules:
9
    - host: example.com
10
      http:
11
        paths:
12
        # / -> nginx:80/
13
        - path: /
14
          pathType: Prefix
15
          backend:
16
            service:
17
              name: nginx
18
              port:
19
                number: 80
20
        # /hello/xxx -> springboot:8080/hello/xxx 注: 转发时会保留/hello前缀
21
        - path: /hello
22
          pathType: Prefix
23
          backend:
24
            service:
25
              name: springboot
26
              port:
27
                number: 8080

重写路径#

ingress-rewrite.yaml

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
# https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
5
  annotations:
6
  # https://kubernetes.github.io/ingress-nginx/examples/rewrite/
7
    nginx.ingress.kubernetes.io/use-regex: "true"
8
  # /hello(/|$)(.*) 中的.*的内容会被赋值给$2
9
    nginx.ingress.kubernetes.io/rewrite-target: /$2
10
  name: ingress-demo
11
spec:
12
  ingressClassName: nginx
13
  rules:
14
  - host: example.com
15
    http:
16
      paths:
17
      # / -> nginx:80/
18
      - path: /
19
        pathType: Prefix
20
        backend:
21
          service:
22
            name: nginx
23
            port:
24
              number: 80
25
      # /hello/login -> springboot:8080/login   注: 转发时自动去掉/hello前缀
26
      - path: /hello(/|$)(.*)
27
        pathType: Prefix
28
        backend:
29
          service:
30
            name: springboot
31
            port:
32
              number: 8080

获取客户端真实IP#

ingress-real-ip.yaml

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
  name: ingress-example
5
  namespace: default
6
 # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
7
  annotations:
8
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
9
    nginx.ingress.kubernetes.io/proxy-real-ip-cidr: "0.0.0.0/0"
10
    nginx.ingress.kubernetes.io/enable-real-ip: "true"
11
    # 启用完整转发头计算（对应 compute-full-forwarded-for）
12
    nginx.ingress.kubernetes.io/compute-full-forwarded-for: "true"
13
    # 请求体大小限制
14
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
15
spec:
16
  ingressClassName: nginx
17
  rules:
18
  - host: example.com
19
    http:
20
      paths:
21
      - path: /
22
        pathType: Prefix
23
        backend:
24
          service:
25
            name: springboot
26
            port:
27
              number: 8080

配置HTTPS#

ingress-https.yaml

1
# SSL证书Secret（需要先创建）
2
apiVersion: v1
3
kind: Secret
4
metadata:
5
  name: www-example-com-tls-secret
6
  namespace: default
7
type: kubernetes.io/tls
8
data:
9
  tls.crt: |
10
       <crt contents here>
11
  tls.key: |
12
       <private key contents here>
13
---
14

15
apiVersion: networking.k8s.io/v1
16
kind: Ingress
17
metadata:
18
  name: example
19
  namespace: default
20
  annotations:
21
    # SSL重定向,默认就是true
22
    #nginx.ingress.kubernetes.io/ssl-redirect: "true"
23
    # 强制SSL重定向
24
    # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
25
    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # 以SSL方式转发流量到后端应用,后端应用需要配置SSL
26
spec:
27
  ingressClassName: nginx
28
  tls:
29
  - hosts:
30
    - www.example.com
31
    - "*.example.com" # hosts：如果是泛域名*，则需要添加该泛域名的定义
32
    secretName: www-example-com-tls-secret  # SSL证书Secret
33
  rules:
34
  - host: www.example.com
35
    http:
36
      paths:
37
      - pathType: Prefix
38
        path: /
39
        backend:
40
          service:
41
            name: springboot
42
            port:
43
              number: 8080

金丝雀注解#

设置满足特定规则的客户端才能访问新版本服务。以下示例仅请求头中满足foo=bar的客户端请求才能路由到新版本服务。
ingress-canary1.yaml

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
  name: gray-release-canary
5
  annotations:
6
    # 开启Canary。
7
    nginx.ingress.kubernetes.io/canary: "true"
8
    # 请求头为foo。
9
    nginx.ingress.kubernetes.io/canary-by-header: "foo"
10
    # 请求头foo的值为bar时，请求才会被路由到新版本服务new-nginx中。
11
    nginx.ingress.kubernetes.io/canary-by-header-value: "bar"
12

13
spec:
14
  ingressClassName: nginx
15
  rules:
16
  - host: www.example.com
17
    http:
18
      paths:
19
      # 新版本服务。
20
      - path: /
21
        backend:
22
          service:
23
            name: new-nginx
24
            port:
25
              number: 80
26
        pathType: ImplementationSpecific

在特定规则未被满足时，再按照一定比例将请求路由到新版本服务中。以下示例要求请求头中满足foo=bar的客户端请求，若不包含该请求头，会将50%的流量路由到新版本服务中

ingress-canary2.yaml

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
  name: gray-release-canary
5
  annotations:
6
    # 开启Canary。
7
    nginx.ingress.kubernetes.io/canary: "true"
8
    # 请求头为foo。
9
    nginx.ingress.kubernetes.io/canary-by-header: "foo"
10
    # 请求头foo的值为bar时，请求才会被路由到新版本服务new-nginx中。
11
    nginx.ingress.kubernetes.io/canary-by-header-value: "bar"
12
    # 在未满足上述匹配规则的基础上仅允许50%的流量会被路由到新版本服务new-nginx中。
13
    nginx.ingress.kubernetes.io/canary-weight: "50"
14
spec:
15
  ingressClassName: nginx
16
  rules:
17
  - host: www.example.com
18
    http:
19
      paths:
20
      # 新版本服务。
21
      - path: /
22
        backend:
23
          service:
24
            name: new-nginx
25
            port:
26
              number: 80
27
        pathType: ImplementationSpecific

设置一定比例的请求被路由到新版本服务中，以下示例中仅50%的流量被路由到新版本服务中。基于服务权重的流量切分，适用于蓝绿发布场景。

ingress-canary3.yaml

1
apiVersion: networking.k8s.io/v1
2
kind: Ingress
3
metadata:
4
  name: gray-release-canary
5
  annotations:
6
    # 开启Canary。
7
    nginx.ingress.kubernetes.io/canary: "true"
8
    # 仅允许50%的流量会被路由到新版本服务new-nginx中。
9
    # 默认总值为100。
10
    nginx.ingress.kubernetes.io/canary-weight: "50"
11
spec:
12
  ingressClassName: nginx
13
  rules:
14
  - host: www.example.com
15
    http:
16
      paths:
17
      # 新版本服务。
18
      - path: /
19
        backend:
20
          service:
21
            name: new-nginx
22
            port:
23
              number: 80
24
        pathType: ImplementationSpecific