nginx常用配置转换nginx-ingress配置方式
2021-05-11
nginx很多强大的功能,在ingress中可以通过注解的方式来配置,比如认证、跨域等
对同一域名不同 path
反向代理到不同服务时,需要通过注解的方式rewrite,否则 path
后面的参数不会传递
Nginx原始配置
server {
listen 80;
server_name spt-gw3.devopser.org;
location /crm/ {
proxy_pass http://spt-crm-service:8888/;
}
location /api/cbs/ {
proxy_pass http://spt-cbs-service:8888/;
}
}
使用nginx-ingress实现
方式一:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# 关键在这条注解,将(.*)匹配的参数传递
nginx.ingress.kubernetes.io/rewrite-target: /$1
name: spt-gw3
namespace: spt-dev
spec:
rules:
- host: spt-gw3.devopser.org
http:
paths:
- backend:
serviceName: spt-crm-service
servicePort: 8888
# 这里使用(.*)匹配后面参数
path: /crm/(.*)
- backend:
serviceName: spt-cbs-service
servicePort: 8888
path: /api/cbs/(.*)
方式二:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# 关键在这条注解,将(.*)匹配的参数传递
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /crm/(.*) /crm/$1 break;
rewrite /api/cbs/(.*) /$1 break;
name: spt-gw3
namespace: spt-dev
spec:
rules:
- host: spt-gw3.devopser.org
http:
paths:
- backend:
serviceName: spt-crm-service
servicePort: 8888
# 这里不再使用/(.*)
path: /crm
- backend:
serviceName: spt-cbs-service
servicePort: 8888
# 这里不再使用/(.*)
path: /api/cbs
跨域
nginx.ingress.kubernetes.io/cors-allow-headers: >-
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
nginx.ingress.kubernetes.io/cors-allow-methods: 'PUT, GET, POST, OPTIONS'
nginx.ingress.kubernetes.io/cors-allow-origin: '*'
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/service-weight: ''
获取真实ip
因为SLB转发之后源地址改变了,需要在ingress上添加注解解决,直接只在Ingress之后的nginx加这个配置没有用,因为在Ingress这一环节就没有转发x-forwarded-for的header
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
也可以修改nginx-ingress的configmap来配置
kubectl -n kube-system edit cm nginx-configuration
添加内容
compute-full-forwarded-for: "true"
forwarded-for-header: "X-Forwarded-For"
use-forwarded-headers: "true"
完整yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
compute-full-forwarded-for: "true"
forwarded-for-header: X-Forwarded-For
use-forwarded-headers: "true"
header参数支持下划线"_"
正常nginx是不支持下划线的,需要通过配置支持
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
enable-underscores-in-headers: "true"
更多用法参考文档
https://docs.giantswarm.io/guides/advanced-ingress-configuration/
git地址:https://github.com/kubernetes/Ingress-nginx
官方网站:https://kubernetes.github.io/ingress-nginx
标题:nginx常用配置转换nginx-ingress配置方式
作者:fish2018
地址:https://www.devopser.org/articles/2019/11/06/1573006159751.html