如何在入口 controller (Kube.netes) 中正确设置重写目标
[英]How to properly setup rewrite target in ingress controller (Kubernetes)
问题描述
I've ran into the issue of setting up ingress controller with rewrite-target within my environment.
我遇到了在我的环境中使用重写目标设置入口 controller 的问题。
So the setup is as below:所以设置如下:
Within one Blazor application, we have a front-end that faces the user, and one that is responsible for handling the admin panel.在一个 Blazor 应用程序中,我们有一个面向用户的前端,以及一个负责处理管理面板的前端。
We have two domains:我们有两个域:
- domain.com域.com
- admin.domain.com admin.domain.com
We have successfully set everything up when it comes to the user-facing front-end as below:当涉及到面向用户的前端时,我们已经成功地设置了一切,如下所示:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.label.name }}-service-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/client-max-body-size: "0"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/configuration-snippet: |
location ~* "^/auth/admin(/|$)(.*)" {
return 404;
}
spec:
tls:
- hosts:
- domain.com
secretName: wildcard-domain-com-ingress
rules:
- host: domain.com
http:
paths:
- path: /auth(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
That way, domain.com/auth will serve the UI for the users, where the requests directed towards domain.com/auth/admin will always return 404.这样,domain.com/auth 将为用户提供 UI,指向 domain.com/auth/admin 的请求将始终返回 404。
And now, the admin panel setup:现在,管理面板设置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.label.name }}-service-admin-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/client-max-body-size: "0"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /auth/admin/$1
spec:
tls:
- hosts:
- admin.domain.com
secretName: wildcard-domain-com-ingress
rules:
- host: admin.domain.com
http:
paths:
- path: /auth/(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
What we would like to achieve here, is that if an administrator will enter below url:我们在这里想要实现的是,如果管理员将在 url 下面输入:
the application behind will actually get called at:后面的应用程序实际上会在以下位置被调用:
- /auth/admin/userlist /auth/admin/用户列表
We've tried to set it up with the rewrite-target as specified in above specification, however it doesn't work.我们已尝试按照上述规范中指定的重写目标对其进行设置,但它不起作用。
Can someone direct us on what we are doing wrong in this case?在这种情况下,有人可以指导我们做错什么吗?
Below you can find full ingress specification, where last handles serving static files for the admin panel and Blazor server connectivity.您可以在下面找到完整的入口规范,其中 last 处理管理面板的 static 文件和 Blazor 服务器连接。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.label.name }}-service-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/client-max-body-size: "0"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/configuration-snippet: |
location ~* "^/auth/admin(/|$)(.*)" {
return 404;
}
spec:
tls:
- hosts:
- domain.com
secretName: wildcard-domain-com-ingress
rules:
- host: domain.com
http:
paths:
- path: /auth(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.label.name }}-service-admin-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/client-max-body-size: "0"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /auth/admin/$1
spec:
tls:
- hosts:
- admin.domain.com
secretName: wildcard-domain-com-ingress
rules:
- host: admin.domain.com
http:
paths:
- path: /auth/(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.label.name }}-service-admin-styles-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/client-max-body-size: "0"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
tls:
- hosts:
- admin.domain.com
secretName: wildcard-domain-com-ingress
rules:
- host: admin.domain.com
http:
paths:
- path: /auth/icons(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
- path: /auth/img(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
- path: /auth/js(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
- path: /auth/styles(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
- path: /auth/favicon.ico
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
- path: /auth/_framework(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
- path: /auth/_blazor(/|$)(.*)
pathType: Prefix
backend:
service:
name: {{ .Values.label.name }}-service
port:
number: {{ .Values.service.port }}
1 个解决方案
解决方案1
0 2023-01-11 21:55:19
Since you are trying to deploy two different views for the same application, you can use header annotations of nginx ingress controller to perform rewrite operations.由于您正在尝试为同一个应用程序部署两个不同的视图,因此您可以使用 header 注释 nginx ingress controller 来执行重写操作。 A detailed description of various examples are provided here . 此处提供了各种示例的详细描述。 Go through this for your reference and better understanding and in the code you are trying to access the same directory so can you try to mention a specific path to the admin console or create a separate path for the admin console and try again. Go 通过此供您参考和更好地理解,在您尝试访问同一目录的代码中,您可以尝试提及管理控制台的特定路径或为管理控制台创建单独的路径,然后重试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.