目录
1 ingress-nginx 介绍
2 Ingress-nginx 的工作原理
3 使用 Ingress-nginx 的步骤
4 部署 ingress :
4.1 开启ipvs 模式
4.2 下载部署文件
4.3 上传镜像到harbor
4.4 修改文件中镜像地址,与harbor仓库路径保持一致
4.5 检查是否running
4.6 将ingress的命名空间微服务类型改为LoadBalancer
4.7 查询分配的IP
5 ingress-nginx功能使用案例
5.1 创建基础的ingress架构:基于路径访问
5.1.1 创建deployment控制器验证MmetalLB是否可用
5.1.2 创建ingress资源类型和服务
5.1.3 创建 ingress 资源类型作为与内部service的一个链接
5.2 基于域名的访问
5.3 建立tls加密
5.4 建立auth认证
5.5 rewrite重定向
1 ingress-nginx 介绍
Ingress-nginx 是一个广泛使用的 Kubernetes Ingress 控制器,它基于 Nginx 反向代理和负载均衡器来处理进入 Kubernetes 集群的 HTTP 和 HTTPS 流量。Ingress-nginx 提供了一个强大的工具来管理 Kubernetes 集群的入口流量,允许用户通过 Ingress 资源来定义如何将外部请求路由到集群内部的服务。
官网:
Installation Guide - Ingress-Nginx Controller (kubernetes.github.io)
https://kubernetes.github.io/ingress-nginx/deploy/
2 Ingress-nginx 的工作原理
Ingress 资源:
- 用户在 Kubernetes 集群中创建 Ingress 资源,定义了如何将外部流量路由到集群内的服务。
- Ingress 资源可以包含多个规则,每个规则可以指定一个或多个路径,以及这些路径应路由到的后端服务。
Ingress 控制器:
- Ingress-nginx 控制器是一个部署在 Kubernetes 集群中的 Pod,它监视 Ingress 资源的变化。
- 当 Ingress 资源发生变化时,Ingress-nginx 控制器会更新 Nginx 的配置文件,以反映新的路由规则。
Nginx 配置:
- Ingress-nginx 控制器使用 Nginx 的模板和配置文件来生成 Nginx 的配置。
- 这些配置文件定义了如何将外部请求路由到集群内的服务,包括负载均衡、SSL 终止、重写规则等。
Nginx 服务:
- Nginx 服务是一个运行在 Kubernetes 集群中的 Pod,它使用 Ingress-nginx 控制器生成的配置文件来处理外部流量。
- Nginx 服务通常使用 NodePort 或 LoadBalancer 类型的 Service 来暴露到外部网络。
3 使用 Ingress-nginx 的步骤
部署 Ingress-nginx 控制器:
- 使用 Helm Chart 或者 Kubernetes 部署文件在集群中部署 Ingress-nginx 控制器。
创建 Ingress 资源:
- 根据需要创建 Ingress 资源,定义如何将外部流量路由到集群内的服务。
配置 Nginx 服务:
- 配置 Nginx 服务的 Service,使其能够暴露到外部网络。
测试 Ingress:
- 使用外部工具(如
curl)测试 Ingress 资源,确保流量能够正确路由到集群内的服务。
搭建云平台功能metalLB:
- MetalLB 是一个专注于解决 Kubernetes 集群内部负载均衡问题的工具,特别是在没有云提供商负载均衡器支持的环境下。它提供了类似云提供商负载均衡器的功能。
4 部署 ingress :
ps :
由于是裸金属状态部署ingress,是需要云平台的,而在虚拟机上并没有提供与平台负载均衡器。
所以需要使用MetalLB 使得k8s集群支持云平台功能。本章就不做介绍了,需要搭建的可以去上一章节查看
4.1 开启ipvs 模式
设置ipvs模式
[root@k8s-master yaml]# kubectl -n kube-system get configmaps
NAME DATA AGE
coredns 1 4d22h
extension-apiserver-authentication 6 4d22h
kube-apiserver-legacy-service-account-token-tracking 1 4d22h
kube-proxy 2 4d22h
kube-root-ca.crt 1 4d22h
kubeadm-config 1 4d22h
kubelet-config 1 4d22h[root@k8s-master yaml]# kubectl -n kube-system edit configmaps kube-proxy
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
ipvs:strictARP: true[root@k8s-master ~]# kubectl -n kube-system get pods | awk '/kube-proxy/{system("kubectl -n kube-system delete pods "$1)}'4.2 下载部署文件
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/baremetal/deploy.yaml4.3 上传镜像到harbor
# 本地镜像导入 并打标签
[root@k8s-master ingress]# docker tag \
a80c8fd6e522 reg.shuyan.com/ingress-nginx/controller:v1.11.2[root@k8s-master ingress]# docker tag \
ce263a8653f9 reg.shuyan.com/ingress-nginx/kube-webhook-certgen:v1.4.3[root@k8s-master ingress]# docker push reg.shuyan.com/ingress-nginx/controller:v1.11.2
[root@k8s-master ingress]# docker push reg.shuyan.com/ingress-nginx/kube-webhook-certgen:v1.4.3[root@k8s-master ingress]# docker rmi \
a80c8fd6e522 \
ce263a8653f9 \
reg.shuyan.com/ingress-nginx/controller:v1.11.2 \
reg.shuyan.com/ingress-nginx/kube-webhook-certgen:v1.4.3
4.4 修改文件中镜像地址,与harbor仓库路径保持一致
[root@k8s-master ~]# vim deploy.yaml
445 image: ingress-nginx/controller:v1.11.2
546 image: ingress-nginx/kube-webhook-certgen:v1.4.3
599 image: ingress-nginx/kube-webhook-certgen:v1.4.3[root@k8s-master ingress]# kubectl apply -f deploy.yaml4.5 检查是否running
[root@k8s-master ingress]# kubectl -n ingress-nginx get pods
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-nfjbh 0/1 Completed 0 10h
ingress-nginx-admission-patch-wp7zd 0/1 Completed 1 10h
ingress-nginx-controller-bb7d8f97c-r6z69 1/1 Running 0 10h4.6 将ingress的命名空间微服务类型改为LoadBalancer
[root@k8s-master ingress]# kubectl -n ingress-nginx \
edit service ingress-nginx-controller51 type: LoadBalancer4.7 查询分配的IP
[root@k8s-master ingress]# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.97.25.16 192.168.239.201 80:30467/TCP,443:31166/TCP 10h
ingress-nginx-controller-admission ClusterIP 10.99.91.236 <none> 443/TCP 10h# 创建 Ingress 的命令:
kubectl create ingress NAME --rule=host/path=service:port[,tls[=secretname]] [options]# 常用选项
host/path # 服务对应的 FQDN 和 URL
--annotation=[] # 注解信息,格式为 "annotation=value"
--rule=[] # 代理规则,格式为 "host/path=service:port[,tls=secretname]"
--class='' # 此 Ingress 适配的 Ingress Class# 基于 URI 方式代理不同应用的请求时,后端应用的 URI 若与代理时使用的 URI 不同,则需要启用 URL Rewrite 完成 URI 的重写
# Ingress-Nginx 支持使用 "annotation nginx.ingress.kubernetes.io/rewrite-target" 注解进行5 ingress-nginx功能使用案例
5.1 创建基础的ingress架构:基于路径访问
5.1.1 创建deployment控制器验证MmetalLB是否可用
创建两个deployment资源类型命名为myapp-v1 与 v2
[root@k8s-master ingress]# kubectl create deployment myapp-v1 \
--image myapp:v1 --dry-run=client -o yaml > myapp-v1.yml[root@k8s-master ingress]# kubectl create deployment myapp-v2 \
--image myapp:v2 --dry-run=client -o yaml > myapp-v2.yml[root@k8s-master ingress]# vim myapp-v1.ymlapiVersion: apps/v1
kind: Deployment
metadata:labels:app: myapp-v1name: myapp-v1
spec:replicas: 1selector:matchLabels:app: myapp-v1template:metadata:labels:app: myapp-v1spec:containers:- image: myapp:v1name: myapp[root@k8s-master ingress]# vim myapp-v2.yml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: myapp-v2name: myapp-v2
spec:replicas: 1selector:matchLabels:app: myapp-v2template:metadata:labels:app: myapp-v2spec:containers:- image: myapp:v2name: myapp# 声明资源类型
[root@k8s-master ingress]# kubectl apply -f myapp-v1.yml
[root@k8s-master ingress]# kubectl apply -f myapp-v1.yml# 查看是否创建成功[root@k8s-master ingress]# kubectl get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
myapp-v1 1/1 1 1 85m
myapp-v2 1/1 1 1 85m# 查看集群IP
[root@k8s-master ingress]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-v1-7479d6c54d-x2zvr 1/1 Running 0 86m 10.244.2.51 k8s-node2 <none> <none>
myapp-v2-7cd6d597d-gmgt6 1/1 Running 0 86m 10.244.1.43 k8s-node1 <none> <none># 测试集群内是否可访问
[root@k8s-master ingress]# curl 10.244.2.51
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@k8s-master ingress]# curl 10.244.1.43
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>5.1.2 创建ingress资源类型和服务
使用ingress进行七层与外界通讯
由于ingress 类型是由外界传到ingress再由ingress传给内部的service 所以需要暴露端口需要创建service 进行连通
myapp-v1添加微服务
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: myapp-v1name: myapp-v1
spec:replicas: 1selector:matchLabels:app: myapp-v1template:metadata:labels:app: myapp-v1spec:containers:- image: myapp:v1name: myapp
---
apiVersion: v1
kind: Service
metadata:labels:app: myapp-v1name: myapp-v1
spec:ports:- port: 80protocol: TCPtargetPort: 80selector:app: myapp-v1myapp-v2添加微服务
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: myapp-v2name: myapp-v2
spec:replicas: 1selector:matchLabels:app: myapp-v2template:metadata:labels:app: myapp-v2spec:containers:- image: myapp:v2name: myapp
---
apiVersion: v1
kind: Service
metadata:labels:app: myapp-v2name: myapp-v2
spec:ports:- port: 80protocol: TCPtargetPort: 80selector:app: myapp-v2重新声明更新
[root@k8s-master ingress]# kubectl apply -f myapp-v1.yml
[root@k8s-master ingress]# kubectl apply -f myapp-v2.yml[root@k8s-master ingress]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d11h
myapp-v1 ClusterIP 10.108.70.49 <none> 80/TCP 91m
myapp-v2 ClusterIP 10.101.121.115 <none> 80/TCP 86m5.1.3 创建 ingress 资源类型作为与内部service的一个链接
[root@k8s-master ingress]# kubectl create ingress webcluster \
--rule '*/=shuyan-svc:80' --dry-run=client -o yamlapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: webcluster
spec:rules:- host: '*'http:paths:- backend:service:name: shuyan-svcport:number: 80path: /pathType: Exact
status:loadBalancer: {}[root@k8s-master ingress]# kubectl create ingress webcluster \
--rule '*/=shuyan-svc:80' --dry-run=client -o yaml > shuyan-inccress.yml[root@k8s-master ingress]# vim shuyan-inccress.yml
## 以下是修改之后 的
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: webclusterannotations:nginx.ingress.kubernetes.io/rewrite-target: / # 访问路径后加任何内容都被定向到/
spec:ingressClassName: nginxrules:- http:paths:- backend:service:name: myapp-v1port:number: 80path: /v1 # 定义访问路径为v1pathType: Prefix- backend:service:name: myapp-v2port:number: 80path: /v2 # 定义访问路径为v2pathType: Prefix声明ingress类型
[root@k8s-master ingress]# kubectl apply -f shuyan-inccress.yml查看ingress分配的地址
[root@k8s-master ingress]# kubectl -n ingress-nginx get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.97.25.16 192.168.239.201 80:30467/TCP,443:31166/TCP 11h
ingress-nginx-controller-admission ClusterIP 10.99.91.236 <none> 443/TCP 11h访问分配的地址
[root@complete ~]# curl 192.168.239.201/v1
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl 192.168.239.201/v2
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>5.2 基于域名的访问
[root@k8s-master ingress]# vim shuyan-inccress.ymlapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: webclusterannotations:nginx.ingress.kubernetes.io/rewrite-target: /
spec:ingressClassName: nginxrules:- host: myapp-v1.shuyan.com # v1 域名http:paths:- backend:service:name: myapp-v1port:number: 80path: /pathType: Prefix- host: myapp-v2.shuyan.com # v2 域名http:paths:- backend:service:name: myapp-v2port:number: 80path: /pathType: Prefix声明修改后代码
[root@k8s-master ingress]# kubectl apply -f shuyan-inccress.yml查看是否创建成功
[root@k8s-master ingress]# kubectl describe ingress webcluster 
在集群之外的主机做域名解析
[root@complete ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.239.20 complete reg.shuyan.com
192.168.239.110 k8s-node1
192.168.239.120 k8s-node2
192.168.239.100 k8s-master
192.168.239.201 myapp-v1.shuyan.com myapp-v2.shuyan.com # 添加解析[root@complete ~]# curl myapp-v1.shuyan.com
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl myapp-v2.shuyan.com
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>5.3 建立tls加密
建立证书
这条命令创建了一个名为 web-tls-secret 的 Secret,其中包含了你之前生成的 TLS 证书 (tls.crt) 和私钥 (tls.key)。Secret 是 Kubernetes 中用于存储敏感信息的对象,如密码、密钥等。
创建证书
[root@k8s-master ingress]# openssl req -newkey rsa:2048 \
-nodes -keyout tls.key -x509 -days 365 \
-subj "/CN=nginxsvc/O=nginxsvc" -out tls.crt[root@k8s-master ingress]# kubectl describe secrets web-tls-secret
Name: web-tls-secret
Namespace: default
Labels: <none>
Annotations: <none>Type: kubernetes.io/tlsData
====
tls.crt: 1164 bytes
tls.key: 1704 bytes[root@k8s-master ingress]# kubectl get secrets web-tls-secret -o yaml
[root@k8s-master ingress]# vim myapp-v1.yml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: myapp-v1name: myapp-v1
spec:replicas: 1selector:matchLabels:app: myapp-v1template:metadata:labels:app: myapp-v1spec:containers:- image: myapp:v1name: myapp
---
apiVersion: v1
kind: Service
metadata:labels:app: myapp-v1name: myapp-v1
spec:ports:- port: 80protocol: TCPtargetPort: 80selector:app: myapp-v1
[root@k8s-master ingress]# vim ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: webclusterannotations:nginx.ingress.kubernetes.io/rewrite-target: /
spec:tls: # 使用tls- hosts:- myapp-v1.shuyan.comsecretName: web-tls-secret # 指定secret资源类型的名称ingressClassName: nginxrules:- http:paths:- backend:service:name: myapp-v1port:number: 80path: /pathType: Prefix删除原有的,声明新的
[root@k8s-master ingress]# kubectl delete -f shuyan-inccress.yml [root@k8s-master ingress]# kubectl apply -f ingress.yml 查看是否成功
[root@k8s-master ingress]# kubectl describe ingress webcluster
Name: webcluster
Labels: <none>
Namespace: default
Address: 192.168.239.110
Ingress Class: nginx
Default backend: <default>
TLS:web-tls-secret terminates myapp-v1.shuyan.com
Rules:Host Path Backends---- ---- --------* / myapp-v1:80 (10.244.2.51:80)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 3m46s (x2 over 4m17s) nginx-ingress-controller Scheduled for sync网页输入认证
5.4 建立auth认证
[root@k8s-master ingress]# yum install httpd-tools# 创建本地文件为auth 用户名为shuyan
[root@k8s-master ingress]# htpasswd -cm auth shuyan
New password:
Re-type new password:
Adding password for user shuyan[root@k8s-master ingress]# ls | grep auth
auth[root@k8s-master ingress]# cat auth
shuyan:$apr1$Zqqr6uJj$a0Kb0nUK2CiqXYP7OugYj1[root@k8s-master ingress]# kubectl create secret generic auth-web \
--from-file /root/ingress/auth 查看本地导入的资源类型
[root@k8s-master ingress]# kubectl describe secrets auth-web
Name: auth-web
Namespace: default
Labels: <none>
Annotations: <none>Type: OpaqueData
====
auth: 45 bytes
[root@k8s-master ingress]# kubectl get secrets auth-web -o yaml
apiVersion: v1
data:auth: c2h1eWFuOiRhcHIxJFpxcXI2dUpqJGEwS2IwblVLMkNpcVhZUDdPdWdZajEK
kind: Secret
metadata:creationTimestamp: "2024-09-08T11:42:25Z"name: auth-webnamespace: defaultresourceVersion: "733478"uid: 84cc365b-de63-40f3-b134-75ed984a1692
type: Opaque建立ingress2基于用户认证的yaml文件
[root@k8s-master ingress]# vim ingress2.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-authannotations:nginx.ingress.kubernetes.io/auth-type: basic # 定义认证类型nginx.ingress.kubernetes.io/auth-secret: auth-web # 选定导入的本地加密文件名称nginx.ingress.kubernetes.io/auth-realm: "Please input username and password" # 打印一条语句nginx.ingress.kubernetes.io/rewrite-target: /
spec:tls:- hosts:- myapp-v1.shuyan.comsecretName: web-tls-secretingressClassName: nginxrules:- http:paths:- backend:service:name: myapp-v1port:number: 80path: /pathType: Prefix删除旧的并创建新的
[root@k8s-master ingress]# kubectl delete -f ingress.yml
[root@k8s-master ingress]# kubectl apply -f ingress2.yml 查看认证文件资源类型
[root@k8s-master ingress]# kubectl describe ingress ingress-auth
Name: ingress-auth
Labels: <none>
Namespace: default
Address:
Ingress Class: nginx
Default backend: <default>
TLS:web-tls-secret terminates myapp-v1.shuyan.com
Rules:Host Path Backends---- ---- --------* / myapp-v1:80 (10.244.2.51:80)
Annotations: nginx.ingress.kubernetes.io/auth-realm: Please input username and passwordnginx.ingress.kubernetes.io/auth-secret: auth-webnginx.ingress.kubernetes.io/auth-type: basicnginx.ingress.kubernetes.io/rewrite-target: /
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 27s nginx-ingress-controller Scheduled for 实现效果
5.5 rewrite重定向
基于正则表达式的重定向
[root@k8s-master ingress]# vim ingress3.yml apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-rewiteannotations:nginx.ingress.kubernetes.io/rewrite-target: /$2nginx.ingress.kubernetes.io/use-regex: "true"
spec:ingressClassName: nginxrules:- http:paths:- backend:service:name: myapp-v1port:number: 80path: /pathType: Prefix- backend:service:name: myapp-v2port:number: 80path: /shuyan(/|$)(.*)pathType: ImplementationSpecifichost: myapp-v1.shuyan.comnginx.ingress.kubernetes.io/rewrite-target: /$2:
这个注解告诉 Nginx Ingress 控制器,对于匹配 /shuyan/(/|$)(.*) 的路径,
将路径重写为 / 后面加上 $2。$2 是正则表达式中捕获的第二个分组,即 / 或空字符串后面的所有内容。
例如,请求 https://myapp-v1.shuyan.com/shuyan/some/path 将被重写为 /some/path。根路径请求:
客户端请求 https://myapp-v1.shuyan.com/,直接转发到 myapp-v1 服务。带 /shuyan 的路径请求:
客户端请求 https://myapp-v1.shuyan.com/shuyan/some/path,
匹配 /shuyan/(/|$)(.*),路径重写为 /some/path,然后转发到 myapp-v2 服务。声明并查看状态
[root@k8s-master ingress]# kubectl delete -f ingress2.yml
[root@k8s-master ingress]# kubectl apply -f ingress3.yml[root@k8s-master ingress]# kubectl describe ingress ingress-rewite
Name: ingress-rewite
Labels: <none>
Namespace: default
Address: 192.168.239.110
Ingress Class: nginx
Default backend: <default>
Rules:Host Path Backends---- ---- --------myapp-v1.shuyan.com / myapp-v1:80 (10.244.2.51:80)/shuyan(/|$)(.*) myapp-v2:80 (10.244.1.43:80)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2nginx.ingress.kubernetes.io/use-regex: true
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 5m50s (x5 over 18m) nginx-ingress-controller Scheduled for sync
[root@complete ~]# curl myapp-v1.shuyan.com
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl myapp-v1.shuyan.com/shuyan/index.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
[root@complete ~]# curl myapp-v1.shuyan.com/shuyan/hostname.html
myapp-v2-7cd6d597d-gmgt6基于根目录的重定向
[root@k8s-master ingress]# vim ingress4.yml apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-rewiteannotations:nginx.ingress.kubernetes.io/app-root: /hostname.html
spec:ingressClassName: nginxrules:- http:paths:- backend:service:name: myapp-v1port:number: 80path: /pathType: Prefixhost: myapp-v1.shuyan.com声明并查看
[root@k8s-master ingress]# kubectl delete -f ingress3.yml[root@k8s-master ingress]# kubectl apply -f ingress4.yml [root@k8s-master ingress]# kubectl describe ingress ingress-rewite
Name: ingress-rewite
Labels: <none>
Namespace: default
Address: 192.168.239.110
Ingress Class: nginx
Default backend: <default>
Rules:Host Path Backends---- ---- --------myapp-v1.shuyan.com / myapp-v1:80 (10.244.2.51:80)
Annotations: nginx.ingress.kubernetes.io/app-root: /hostname.html
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Sync 9s (x2 over 16s) nginx-ingress-controller Scheduled for sync
[root@complete ~]# curl -L myapp-v1.shuyan.com/
myapp-v1-7479d6c54d-x2zvr[root@complete ~]# curl myapp-v1.shuyan.com/123/3123/ -L
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>能不能写什么都会被重定向到指定目录呢?
当然可以
使用 nginx.ingress.kubernetes.io/rewrite-target 注解来重写所有请求到 /hostname.html 的 Ingress 规则:
[root@k8s-master ingress]# vim ingress5.yml apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: ingress-rewiteannotations:nginx.ingress.kubernetes.io/rewrite-target: /hostname.html
spec:ingressClassName: nginxrules:- host: myapp-v1.shuyan.comhttp:paths:- backend:service:name: myapp-v1port:number: 80path: /pathType: Prefix[root@k8s-master ingress]# kubectl delete -f ingress4.yml
ingress.networking.k8s.io "ingress-rewite" deleted
[root@k8s-master ingress]# kubectl apply -f ingress5.yml
ingress.networking.k8s.io/ingress-rewite created
[root@complete ~]# curl myapp-v1.shuyan.com/123/3123/ -L
myapp-v1-7479d6c54d-x2zvr
[root@complete ~]# curl myapp-v1.shuyan.com/123/3123/
myapp-v1-7479d6c54d-x2zvr
[root@complete ~]# curl myapp-v1.shuyan.com/123/31233123/
myapp-v1-7479d6c54d-x2zvr
[root@complete ~]# curl myapp-v1.shuyan.com/123/31233123/3213
myapp-v1-7479d6c54d-x2zvr根据新的 Ingress 规则,所有请求都将被重写到 /hostname.html。这意味着:请求 https://myapp-v1.shuyan.com/ 将被重写到 /hostname.html。
请求 https://myapp-v1.shuyan.com/123 也将被重写到 /hostname.html。
请求 https://myapp-v1.shuyan.com/some/path 也将被重写到 /hostname.html。
