我在Kubernetes AKS上安装了HA代理入口。我安装它使用:
helm install ingress haproxy-ingress/haproxy-ingress
我的入口是:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
然而,当我把浏览器指向https://a.raven.aedas-prev.inercya.com时,我得到默认的后端。HA代理不反向代理请求到ravendb-0服务。
我做错了什么?我该怎么做才能成功进入?
pod正在运行:
haproxy-ingress-8548ff5ff4-9wmxv 1/1 Running 0 137m
ingress-default-backend-b6f678779-9d88r 1/1 Running 0 137m
ravendb-0 1/1 Running 0 137m
ravendb-1 1/1 Running 0 139m
ravendb-2 1/1 Running 0 141m
业务配置:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-ingress LoadBalancer 10.0.166.252 xx.xx.xx.xx 443:30526/TCP,1936:32388/TCP 139m
ingress-default-backend ClusterIP 10.0.102.165 <none> 8080/TCP 139m
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 412d
ravendb ClusterIP None <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-0 ClusterIP 10.0.193.14 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-1 ClusterIP 10.0.156.73 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-2 ClusterIP 10.0.53.227 <none> 443/TCP,38888/TCP,161/TCP 411d
我终于明白我错过了什么。我添加了kubernetes.io/ingress.class: haproxy注释,问题解决了:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
kubernetes.io/ingress.class: haproxy
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
现在HAproxy入口按预期工作,将外部流量反向代理到内部服务。