nginx常用配置转换nginx-ingress配置方式

2021-05-11

nginx很多强大的功能,在ingress中可以通过注解的方式来配置,比如认证、跨域等

对同一域名不同 path反向代理到不同服务时,需要通过注解的方式rewrite,否则 path后面的参数不会传递

Nginx原始配置

server {
    listen 80;
    server_name spt-gw3.devopser.org;

    location /crm/ {
        proxy_pass http://spt-crm-service:8888/;
    }
    location /api/cbs/ {
        proxy_pass http://spt-cbs-service:8888/;
    }

}

使用nginx-ingress实现

方式一:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    # 关键在这条注解,将(.*)匹配的参数传递
    nginx.ingress.kubernetes.io/rewrite-target: /$1

  name: spt-gw3
  namespace: spt-dev
spec:
  rules:
  - host: spt-gw3.devopser.org
    http:
      paths:
      - backend:
          serviceName: spt-crm-service
          servicePort: 8888
        # 这里使用(.*)匹配后面参数
        path: /crm/(.*)
      - backend:
          serviceName: spt-cbs-service
          servicePort: 8888
        path: /api/cbs/(.*)

方式二:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    # 关键在这条注解,将(.*)匹配的参数传递
    nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite /crm/(.*)  /crm/$1 break;
      rewrite /api/cbs/(.*)  /$1 break;

  name: spt-gw3
  namespace: spt-dev
spec:
  rules:
  - host: spt-gw3.devopser.org
    http:
      paths:
      - backend:
          serviceName: spt-crm-service
          servicePort: 8888
        # 这里不再使用/(.*)
        path: /crm
      - backend:
          serviceName: spt-cbs-service
          servicePort: 8888
        # 这里不再使用/(.*)
        path: /api/cbs

跨域

nginx.ingress.kubernetes.io/cors-allow-headers: >-
      DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
    nginx.ingress.kubernetes.io/cors-allow-methods: 'PUT, GET, POST, OPTIONS'
    nginx.ingress.kubernetes.io/cors-allow-origin: '*'
    nginx.ingress.kubernetes.io/enable-cors: 'true'
    nginx.ingress.kubernetes.io/service-weight: ''

获取真实ip

因为SLB转发之后源地址改变了,需要在ingress上添加注解解决,直接只在Ingress之后的nginx加这个配置没有用,因为在Ingress这一环节就没有转发x-forwarded-for的header

nginx.ingress.kubernetes.io/configuration-snippet: |
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  set_real_ip_from 0.0.0.0/0;
  real_ip_header X-Forwarded-For;

也可以修改nginx-ingress的configmap来配置

kubectl -n kube-system edit cm nginx-configuration

添加内容

compute-full-forwarded-for: "true"
forwarded-for-header: "X-Forwarded-For"
use-forwarded-headers: "true"

完整yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
data:
  compute-full-forwarded-for: "true"
  forwarded-for-header: X-Forwarded-For
  use-forwarded-headers: "true"

header参数支持下划线"_"

正常nginx是不支持下划线的,需要通过配置支持

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
data:
  enable-underscores-in-headers: "true"

更多用法参考文档

https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md

https://docs.giantswarm.io/guides/advanced-ingress-configuration/

git地址:https://github.com/kubernetes/Ingress-nginx

官方网站:https://kubernetes.github.io/ingress-nginx


标题:nginx常用配置转换nginx-ingress配置方式
作者:fish2018
地址:http://devopser.org/articles/2019/11/06/1573006159751.html