国产成人精品无码青草_亚洲国产美女精品久久久久∴_欧美人与鲁交大毛片免费_国产果冻豆传媒麻婆精东

18143453325 在線咨詢 在線咨詢
18143453325 在線咨詢
所在位置: 首頁 > 營銷資訊 > 建站知識 > Kubernetes 泛域名動態(tài) Service 轉(zhuǎn)發(fā)解決方案

Kubernetes 泛域名動態(tài) Service 轉(zhuǎn)發(fā)解決方案

時間:2023-02-21 13:57:01 | 來源:建站知識

時間:2023-02-21 13:57:01 來源:建站知識

Kubernetes 泛域名動態(tài) Service 轉(zhuǎn)發(fā)解決方案:

需求

集群對外暴露了一個公網(wǎng)IP作為流量入口(可以是 Ingress 或 Service),DNS 解析配置了一個泛域名指向該IP(比如 *.test.imroc.io),現(xiàn)希望根據(jù)請求中不同 Host 轉(zhuǎn)發(fā)到不同的后端 Service。比如 a.test.imroc.io 的請求被轉(zhuǎn)發(fā)到 my-svc-ab.test.imroc.io 的請求轉(zhuǎn)發(fā)到 my-svc-b

簡單做法

先說一種簡單的方法,這也是大多數(shù)人的第一反應(yīng):配置 Ingress 規(guī)則

假如泛域名有兩個不同 Host 分別轉(zhuǎn)發(fā)到不同 Service,Ingress 類似這樣寫:

apiVersion: extensions/v1beta1kind: Ingressmetadata: name: my-ingressspec: rules: - host: a.test.imroc.io http: paths: - backend: serviceName: my-svc-a servicePort: 80 path: / - host: b.test.imroc.io http: paths: - backend: serviceName: my-svc-b servicePort: 80 path: /但是!如果 Host 非常多會怎樣?(比如200+)

正確姿勢

我們可以約定請求中泛域名 Host 通配符的 * 號匹配到的字符跟 Service 的名字相關(guān)聯(lián)(可以是相等,或者 Service 統(tǒng)一在前面加個前綴,比如 a.test.imroc.io 轉(zhuǎn)發(fā)到 my-svc-a 這個 Service),集群內(nèi)起一個反向代理服務(wù),匹配泛域名的請求全部轉(zhuǎn)發(fā)到這個代理服務(wù)上,這個代理服務(wù)只做一件簡單的事,解析 Host,正則匹配抓取泛域名中 * 號這部分,把它轉(zhuǎn)換為 Service 名字,然后在集群里轉(zhuǎn)發(fā)(集群 DNS 解析)

這個反向代理服務(wù)可以是 Nginx+Lua腳本 來實(shí)現(xiàn),或者自己寫個簡單程序來做反向代理,這里我用 OpenResty 來實(shí)現(xiàn),它可以看成是 Nginx 的發(fā)行版,自帶 lua 支持。

有幾點(diǎn)需要說明下:

nginx.conf 里關(guān)鍵的配置如下圖所示:

下面給出完整的 yaml 示例

proxy.yaml:

apiVersion: apps/v1beta1kind: Deploymentmetadata: labels: component: nginx name: proxyspec: replicas: 1 selector: matchLabels: component: nginx template: metadata: labels: component: nginx spec: containers: - name: nginx image: "openresty/openresty:centos" ports: - name: http containerPort: 80 protocol: TCP volumeMounts: - mountPath: /usr/local/openresty/nginx/conf/nginx.conf name: config subPath: nginx.conf - name: dnsmasq image: "janeczku/go-dnsmasq:release-1.0.7" args: - --listen - "127.0.0.1:53" - --default-resolver - --append-search-domains - --hostsfile=/etc/hosts - --verbose volumes: - name: config configMap: name: configmap-nginx---apiVersion: v1kind: ConfigMapmetadata: labels: component: nginx name: configmap-nginxdata: nginx.conf: |- worker_processes 1; error_log /error.log; events { accept_mutex on; multi_accept on; use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$time_local $remote_user $remote_addr $host $request_uri $request_method $http_cookie ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '$request_time $upstream_response_time "$upstream_cache_status"'; log_format browser '$time_iso8601 $cookie_km_uid $remote_addr $host $request_uri $request_method ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '$request_time $upstream_response_time "$upstream_cache_status" $http_x_requested_with $http_x_real_ip $upstream_addr $request_body'; log_format client '{"@timestamp":"$time_iso8601",' '"time_local":"$time_local",' '"remote_user":"$remote_user",' '"http_x_forwarded_for":"$http_x_forwarded_for",' '"host":"$server_addr",' '"remote_addr":"$remote_addr",' '"http_x_real_ip":"$http_x_real_ip",' '"body_bytes_sent":$body_bytes_sent,' '"request_time":$request_time,' '"status":$status,' '"upstream_response_time":"$upstream_response_time",' '"upstream_response_status":"$upstream_status",' '"request":"$request",' '"http_referer":"$http_referer",' '"http_user_agent":"$http_user_agent"}'; access_log /access.log main; sendfile on; keepalive_timeout 120s 100s; keepalive_requests 500; send_timeout 60000s; client_header_buffer_size 4k; proxy_ignore_client_abort on; proxy_buffers 16 32k; proxy_buffer_size 64k; proxy_busy_buffers_size 64k; proxy_send_timeout 60000; proxy_read_timeout 60000; proxy_connect_timeout 60000; proxy_cache_valid 200 304 2h; proxy_cache_valid 500 404 2s; proxy_cache_key $host$request_uri$cookie_user; proxy_cache_methods GET HEAD POST; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; server_tokens off; client_max_body_size 50G; add_header X-Cache $upstream_cache_status; autoindex off; resolver 127.0.0.1:53 ipv6=off; server { listen 80; location / { set $service ''; rewrite_by_lua ' local host = ngx.var.host local m = ngx.re.match(host, "(.+).test.imroc.io") if m then ngx.var.service = "my-svc-" .. m[1] end '; proxy_pass http://$service; } } }讓該代理服務(wù)暴露公網(wǎng)訪問可以用 Service 或 Ingress

用 Service 的示例 (service.yaml):

apiVersion: v1kind: Servicemetadata: labels: component: nginx name: service-nginxspec: type: LoadBalancer ports: - name: http port: 80 targetPort: http selector: component: nginx用 Ingress 的示例 (ingress.yaml):

apiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-nginxspec: rules: - host: "*.test.imroc.io" http: paths: - backend: serviceName: service-nginx servicePort: 80 path: /

關(guān)鍵詞:解決,方案,動態(tài)

74
73
25
news

版權(quán)所有? 億企邦 1997-2025 保留一切法律許可權(quán)利。

為了最佳展示效果,本站不支持IE9及以下版本的瀏覽器,建議您使用谷歌Chrome瀏覽器。 點(diǎn)擊下載Chrome瀏覽器
關(guān)閉