我有 2 个服务,一个提供 rest API,另一个通过 nginx Web 服务器提供静态内容。 我可以使用https通过入口控制器从运行nginx Web服务器的pod中检索静态内容,前提是我不在入口yaml中使用以下注释
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
但是,后端 API 服务不再工作。如果我重新添加该注释,后端服务 URLhttps://fqdn/restservices/engine-rest/v1/api工作,但前端https://fqdn/Web 服务器抛出 502。
入口
Ingress
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
- path: /
backend:
serviceName: b
servicePort: 8011
服务接口
kind: Service
apiVersion: v1
metadata:
name: a
namespace: namespace-abc
labels:
app: a
version: 1
spec:
ports:
- name: https
protocol: TCP
port: 80
targetPort: 8080
nodePort: 31019
selector:
app: a
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: ClientIP
externalTrafficPolicy: Cluster
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
服务界面
kind: Service
apiVersion: v1
metadata:
name: b
namespace: namespace-abc
labels:
app: b
version: 1
annotations:
spec:
ports:
- name: http
protocol: TCP
port: 8011
targetPort: 8011
nodePort: 32620
selector:
app: b
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: None
externalTrafficPolicy: Cluster
如果您的问题是添加nginx.ingress.kubernetes.io/backend-protocol: HTTPS会使服务 A 工作但使服务 B 失败,删除它会使服务 A 失败但对服务 B 有效,那么解决方案是创建两个不同的入口对象,以便可以独立批注它们
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-a
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-b
namespace: namespace-abc
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: b
servicePort: 8011