一些Ingress-Nginx yaml样例

发表于 2024-09-10 分类于开发

本文提供了多个Ingress-Nginx的YAML配置样例，包括基础使用、路径重写、获取客户端真实IP、配置HTTPS以及金丝雀发布等常见场景的配置示例。

基础使用

ingress-basic.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
  namespace: default
spec:
  ingressClassName: nginx
  rules:
    - host: example.com
      http:
        paths:
        # / -> nginx:80/
        - path: /
          pathType: Prefix  
          backend:
            service:
              name: nginx
              port:
                number: 80
        # /hello/xxx -> springboot:8080/hello/xxx 注: 转发时会保留/hello前缀
        - path: /hello
          pathType: Prefix
          backend:
            service:
              name: springboot
              port:
                number: 8080

重写路径

ingress-rewrite.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
# https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
  annotations:
  # https://kubernetes.github.io/ingress-nginx/examples/rewrite/
    nginx.ingress.kubernetes.io/use-regex: "true"
  # /hello(/|$)(.*) 中的.*的内容会被赋值给$2
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  name: ingress-demo
spec:
  ingressClassName: nginx
  rules:
  - host: example.com
    http:
      paths:
      # / -> nginx:80/
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx
            port:
              number: 80
      # /hello/login -> springboot:8080/login   注: 转发时自动去掉/hello前缀
      - path: /hello(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: springboot
            port:
              number: 8080

获取客户端真实IP

ingress-real-ip.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-example
  namespace: default
 # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
  annotations:
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
    nginx.ingress.kubernetes.io/proxy-real-ip-cidr: "0.0.0.0/0"
    nginx.ingress.kubernetes.io/enable-real-ip: "true"
    # 启用完整转发头计算（对应 compute-full-forwarded-for）
    nginx.ingress.kubernetes.io/compute-full-forwarded-for: "true"
    # 请求体大小限制
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
spec:
  ingressClassName: nginx
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix  
        backend:
          service:
            name: springboot
            port:
              number: 8080

配置HTTPS

ingress-https.yaml

# SSL证书Secret（需要先创建）
apiVersion: v1
kind: Secret
metadata:
  name: www-example-com-tls-secret
  namespace: default
type: kubernetes.io/tls
data:
  tls.crt: |
       <crt contents here>
  tls.key: |
       <private key contents here>
---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example
  namespace: default
  annotations:
    # SSL重定向,默认就是true
    #nginx.ingress.kubernetes.io/ssl-redirect: "true"
    # 强制SSL重定向
    # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # 以SSL方式转发流量到后端应用,后端应用需要配置SSL
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - www.example.com
    - "*.example.com" # hosts：如果是泛域名*，则需要添加该泛域名的定义
    secretName: www-example-com-tls-secret  # SSL证书Secret
  rules:
  - host: www.example.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: springboot
            port:
              number: 8080

金丝雀注解

设置满足特定规则的客户端才能访问新版本服务。以下示例仅请求头中满足foo=bar的客户端请求才能路由到新版本服务。
ingress-canary1.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gray-release-canary
  annotations:
    # 开启Canary。
    nginx.ingress.kubernetes.io/canary: "true"
    # 请求头为foo。
    nginx.ingress.kubernetes.io/canary-by-header: "foo"
    # 请求头foo的值为bar时，请求才会被路由到新版本服务new-nginx中。
    nginx.ingress.kubernetes.io/canary-by-header-value: "bar"
    
spec:
  ingressClassName: nginx
  rules:
  - host: www.example.com
    http:
      paths:
      # 新版本服务。
      - path: /
        backend:
          service: 
            name: new-nginx
            port:
              number: 80
        pathType: ImplementationSpecific

在特定规则未被满足时，再按照一定比例将请求路由到新版本服务中。以下示例要求请求头中满足foo=bar的客户端请求，若不包含该请求头，会将50%的流量路由到新版本服务中

ingress-canary2.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gray-release-canary
  annotations:
    # 开启Canary。
    nginx.ingress.kubernetes.io/canary: "true"
    # 请求头为foo。
    nginx.ingress.kubernetes.io/canary-by-header: "foo"
    # 请求头foo的值为bar时，请求才会被路由到新版本服务new-nginx中。
    nginx.ingress.kubernetes.io/canary-by-header-value: "bar"
    # 在未满足上述匹配规则的基础上仅允许50%的流量会被路由到新版本服务new-nginx中。
    nginx.ingress.kubernetes.io/canary-weight: "50"
spec:
  ingressClassName: nginx
  rules:
  - host: www.example.com
    http:
      paths:
      # 新版本服务。
      - path: /
        backend:
          service: 
            name: new-nginx
            port:
              number: 80
        pathType: ImplementationSpecific

设置一定比例的请求被路由到新版本服务中，以下示例中仅50%的流量被路由到新版本服务中。基于服务权重的流量切分，适用于蓝绿发布场景。

ingress-canary3.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gray-release-canary
  annotations:
    # 开启Canary。
    nginx.ingress.kubernetes.io/canary: "true"
    # 仅允许50%的流量会被路由到新版本服务new-nginx中。
    # 默认总值为100。
    nginx.ingress.kubernetes.io/canary-weight: "50"
spec:
  ingressClassName: nginx
  rules:
  - host: www.example.com
    http:
      paths:
      # 新版本服务。
      - path: /
        backend:
          service: 
            name: new-nginx
            port:
              number: 80
        pathType: ImplementationSpecific