将NGINX路由到不同命名空间中的服务
我们有一个带有NGINX控制器的Kubernetes群集。 我们正在使用此NGINX控制器将不同的路径路由到不同的服务。尽管, 当服务在不同的名称空间上时,我无法弄清楚如何重定向到它。
这是上述片段的NGINX配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gateway-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "*"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/service-upstream: "true"
spec:
rules:
- host: MY_BACKEND.MY_DOMAIN.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: my-backend
port:
number: 3001
- host: MY_FRONTEND.MY_DOMAIN.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: my-frontend
port:
number: 3000
...
完美工作,但是值得一提的是,这两个服务my-backend and my-frontend在上运行 def>默认代码>名称空间。 然后,我们在命名空间Jenkins上部署了Jenkins实例。我的第一个尝试是
- host: MY_JENKINS.MY_DOMAIN.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: jenkins-service
port:
number: 8080
在浏览my_jenkins.my_domain.com时简单地添加,我获得了503服务临时不可用。可能是因为它在另一个名称空间上运行?即詹金斯?
通常,为了在不同的命名空间上连接,我只使用标准service.namespace。虽然在这里尝试时,我会得到标准控制台错误/警告
入口“ Gateway-Ingress”无效:Spec.Rules [16] .http.paths [0] .backend.service.name:nather value:“ whyate_value_written “:DNS-1035标签必须由较低的字母数字字符或' - '组成,从字母字符开始,并以字母数字字符(例如'my-name'或'abc-123',用于验证的REGEX,是'[az]([ - a-Z0-9]*[A-Z0-9])?')
我尝试过:service.namespace,namespace.service.service,namespace/namespace/service,service/namespace。所有尝试并在同一错误消息上进行。
如何指示Nginx-controller连接到特定名称空间中的服务?
We have a Kubernetes cluster with an nginx controller.
We are using this nginx controller to route different paths to different services. Though,
when a service is on a different namespace, I cannot figure out how to redirect to it.
This is the nginx configuration
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gateway-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "*"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/service-upstream: "true"
spec:
rules:
- host: MY_BACKEND.MY_DOMAIN.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: my-backend
port:
number: 3001
- host: MY_FRONTEND.MY_DOMAIN.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: my-frontend
port:
number: 3000
...
The above snippet works perfectly, but it is worth to mention that both services my-backend and my-frontend are running on default namespace.
We have then deployed a Jenkins instance on namespace jenkins. My first attempty was to simply add
- host: MY_JENKINS.MY_DOMAIN.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: jenkins-service
port:
number: 8080
Though when browsing on MY_JENKINS.MY_DOMAIN.com I get a 503 Service Temporary Unavailable. Could it be because it is running on a different namespace? Namely jenkins?
Normally in order to connect on different namespaces I just use the standard service.namespace. Though here when trying I get a standard console error/warning
The Ingress "gateway-ingress" is invalid: spec.rules[16].http.paths[0].backend.service.name: Invalid value: "WHATEVER_VALUE_WRITTEN": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')
I tried: service.namespace, namespace.service, namespace/service, service/namespace. All the attempts and up on the same error message.
How can I instruct nginx-controller to connect to a service that is in a specific namespace?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以从另一个命名空间中获得服务:
< service>。namespace>;通过绕过服务,您还可以通过其IP地址(即使在另一个名称空间)到达其他POD。但 afaik每个默认值所有入口控制器(也是nginx)不允许出于安全原因而允许多名空间进入。
对于NGINX,您可以使用主/奴才方法在多个命名空间上配置入口。您必须将
nginx.org/mergable-ingress-type-Annotation添加到入口资源中。主机和小兵上的主处理配置提供了入口资源。
在此处查找更多信息: https:// docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/
和这里:
https://github.com/nginxinc/ kubernetes-ingress/tree/v2.2.1/示例/合并 - ingress-types
You can reach a service from another namespace with:
<service>.<namespace>; by bypassing the service you can also reach other pods by their ip address (even in another namespace).But afaik all ingress controllers (also nginx) per default do not allow multi-namespace ingress out of security reasons.
For nginx you can configure ingress across multiple namespaces with a master/minion approach. You have to add the
nginx.org/mergeable-ingress-type-annotation to your Ingress resources.A master processes configuration on the host and minions provide the ingress resources.
Find more info here: https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/
And here:
https://github.com/nginxinc/kubernetes-ingress/tree/v2.2.1/examples/mergeable-ingress-types