路径在Kubernetes NGINX Ingress Controller中不起作用
[英]Paths are not working in Kubernetes NGINX Ingress Controller
问题描述
I have a Spring Boot application responsible for getting citizens and a NGINX Ingress controller configured with ssl-passthrough to expose my cluster to outside. 
我有一个负责启动公民的Spring Boot应用程序,以及一个配置了ssl-passthrough的NGINX Ingress控制器,将我的集群暴露在外面。
When I do: https://myhostname.com/citizens 当我这样做时: https : //myhostname.com/citizens
It perfectly works. 它完美地工作。 This is the configuration I am using: 这是我正在使用的配置:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: myhostname.com
http:
paths:
- path: /
backend:
serviceName: myservice
servicePort: 443
But I would like to have something like: 但我想有这样的东西:
https://myhostname.com/myservice/citizens https://myhostname.com/myservice/citizens
It would be something similar to math Simple fanout approach that is described in the kubernetes docs: https://kubernetes.io/docs/concepts/services-networking/ingress/#simple-fanout 这将类似于kubernetes文档中描述的math简单扇出方法: https ://kubernetes.io/docs/concepts/services-networking/ingress/#simple-fanout
Therefore, in my Spring application I have configured a contextPath so when locally I do: https://localhost:8080/myservice/citizens 因此,在我的Spring应用程序中,我已经配置了contextPath,因此在本地时,我可以这样做: https:// localhost:8080 / myservice / citizens
I get the desired result 我得到理想的结果
For NGINX I have set up the following: 对于NGINX,我设置了以下内容:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myhostname.com
http:
paths:
- path: /myservice
backend:
serviceName: myservice
servicePort: 443
What am I doing wrong? 我究竟做错了什么?
Solution: I've been researching a little and I've realized that the approach that I was trying to achieve is not possible with ssl-passthrough as the proxy is blind and it doesn't know the path to where route the traffic. 解决方案:我已经进行了一些研究,并且我意识到我尝试实现的方法对于ssl-passthrough是不可能的,因为代理是盲目的,并且它不知道将流量路由到何处的路径。
Therefore, the solution would be to use subdomains and not paths, because thanks to the SNI protocol, the NGINX controller will know to which hostname the client is trying to connect. 因此,解决方案将是使用子域而不是路径,因为有了SNI协议,NGINX控制器将知道客户端尝试连接到哪个主机名。
The final solution would be something similar to this 最终解决方案将与此类似
1 个解决方案
解决方案1
0 2019-08-14 11:44:45
If your backend is expecting the whole path /myservice/citizens you can just use it to point it to the service without the rewrite-target directive, since it only dictates how URIs are going to be treated in the backend : 如果您的后端期望整个路径/myservice/citizens ,则可以使用它将其指向服务而无需使用rewrite-target指令,因为它仅指示后端将如何对待URI :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: myhostname.com
http:
paths:
- path: /myservice/citizens
backend:
serviceName: myservice
servicePort: 443
Be aware that this assumes that your service is able to redirect requests to 8080 , which is your backend listening port, so it has to match it. 请注意,这假设您的服务能够将请求重定向到8080 ,这是您的后端侦听端口,因此它必须与之匹配。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.