如何加入 ALB 入口组而不是覆盖 EKS 中的现有入口组?
How can I join a ALB ingress group instead of overriding an existing one in EKS?
我正在将 K8S 部署到 AWS EKS 集群并使用 ALB 进行部署。我想将一个 ALB 用于多个服务,但我不知道如何共享同一个 ALB。每次我部署入口时,它都会覆盖现有入口。
我有两个配置 yaml 文件:
a.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '1'
spec:
rules:
- http:
paths:
- path: /sample-app/*
backend:
serviceName: sample-entrypoint
servicePort: 80
b.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '2'
spec:
rules:
- http:
paths:
- path: /sample-es/*
backend:
serviceName: sample-es-entrypoint
servicePort: 9200
我希望两者共享同一个 ALB,所以我将组名指定为相同的:
alb.ingress.kubernetes.io/group.name: sample-ingress
我还在两个文件中指定了不同的顺序。
但是当我 运行 kubectl apply -f a.yaml 时,它会使用我在配置文件中指定的规则创建一个 ALB:/sample-app/*。但是当我 运行 kubectl apply -f b.yaml 时,它会用 /sample-es/* 覆盖现有规则。那么如何让两者共享相同的 ALB 并允许它们提供不同的规则呢?
我想您可以创建单独的入口并将它们附加到相同的服务配置。使用 alb 指向服务配置,这应该可以工作。我有面向内部服务的配置,请查看是否适合您。
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
labels:
app.kubernetes.io/instance: goldendev-ingress-test
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: ingress-test
environment: DEV
helm.sh/chart: ingress-test
name: ingress-test
namespace: default
spec:
externalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: z1
app.kubernetes.io/name: gunicorn
sessionAffinity: None
type: LoadBalancer
Ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '1'
spec:
rules:
- http:
paths:
- path: /mappings/v1/hello/*
backend:
serviceName: ingress-test
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress-1
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '2'
spec:
rules:
- http:
paths:
- path: /mappings/v1/teams/*
backend:
serviceName: ingress-test-2
servicePort: 80
我在 AWS 控制台验证过,它只创建了 1 个带有服务配置的负载均衡器。
入口列表:
kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
sample-ingress * 80 19m
sample-ingress-1 * 80 19m
如果有帮助请告诉我。
我试过如下主机;
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: pub-uat-alb
namespace: "uat-env"
labels:
imaharah-k8s/environment: staging
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/tags: environment=staging
alb.ingress.kubernetes.io/success-codes: '200,301,401'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123435678977:certificate/hskrhjf93ih-y4325kjhdsf0-hsr98
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- host: test1.test.com
http:
paths:
- path: /*
backend:
serviceName: test1-service
servicePort: 80
- host: test2.test.com
http:
paths:
- path: /*
backend:
serviceName: test2-service
servicePort: 80
- host: test3.test.com
http:
paths:
- path: /*
backend:
serviceName: test3-service
servicePort: 80
验证--->
[centos@ip-10-0-68-81 pub]$ kubectl get ingress -n uat-env --kubeconfig=$dev
NAME CLASS HOSTS ADDRESS PORTS AGE
pub-uat-alb <none> test1.test.com,test2.test.com,test3.test.com test-uatenv-testtest-gfsadasd76-94238798.us-east-1.elb.amazonaws.com 80 3d6h
我正在将 K8S 部署到 AWS EKS 集群并使用 ALB 进行部署。我想将一个 ALB 用于多个服务,但我不知道如何共享同一个 ALB。每次我部署入口时,它都会覆盖现有入口。
我有两个配置 yaml 文件:
a.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '1'
spec:
rules:
- http:
paths:
- path: /sample-app/*
backend:
serviceName: sample-entrypoint
servicePort: 80
b.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '2'
spec:
rules:
- http:
paths:
- path: /sample-es/*
backend:
serviceName: sample-es-entrypoint
servicePort: 9200
我希望两者共享同一个 ALB,所以我将组名指定为相同的:
alb.ingress.kubernetes.io/group.name: sample-ingress
我还在两个文件中指定了不同的顺序。
但是当我 运行 kubectl apply -f a.yaml 时,它会使用我在配置文件中指定的规则创建一个 ALB:/sample-app/*。但是当我 运行 kubectl apply -f b.yaml 时,它会用 /sample-es/* 覆盖现有规则。那么如何让两者共享相同的 ALB 并允许它们提供不同的规则呢?
我想您可以创建单独的入口并将它们附加到相同的服务配置。使用 alb 指向服务配置,这应该可以工作。我有面向内部服务的配置,请查看是否适合您。
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
labels:
app.kubernetes.io/instance: goldendev-ingress-test
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: ingress-test
environment: DEV
helm.sh/chart: ingress-test
name: ingress-test
namespace: default
spec:
externalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: z1
app.kubernetes.io/name: gunicorn
sessionAffinity: None
type: LoadBalancer
Ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '1'
spec:
rules:
- http:
paths:
- path: /mappings/v1/hello/*
backend:
serviceName: ingress-test
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress-1
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '2'
spec:
rules:
- http:
paths:
- path: /mappings/v1/teams/*
backend:
serviceName: ingress-test-2
servicePort: 80
我在 AWS 控制台验证过,它只创建了 1 个带有服务配置的负载均衡器。 入口列表:
kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
sample-ingress * 80 19m
sample-ingress-1 * 80 19m
如果有帮助请告诉我。
我试过如下主机;
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: pub-uat-alb
namespace: "uat-env"
labels:
imaharah-k8s/environment: staging
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/tags: environment=staging
alb.ingress.kubernetes.io/success-codes: '200,301,401'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123435678977:certificate/hskrhjf93ih-y4325kjhdsf0-hsr98
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- host: test1.test.com
http:
paths:
- path: /*
backend:
serviceName: test1-service
servicePort: 80
- host: test2.test.com
http:
paths:
- path: /*
backend:
serviceName: test2-service
servicePort: 80
- host: test3.test.com
http:
paths:
- path: /*
backend:
serviceName: test3-service
servicePort: 80
验证--->
[centos@ip-10-0-68-81 pub]$ kubectl get ingress -n uat-env --kubeconfig=$dev
NAME CLASS HOSTS ADDRESS PORTS AGE
pub-uat-alb <none> test1.test.com,test2.test.com,test3.test.com test-uatenv-testtest-gfsadasd76-94238798.us-east-1.elb.amazonaws.com 80 3d6h