Automation Suite
2023.10
False
- 概述
- 要求
- 安装
- 先决条件检查
- 下载安装包
- uipathctl cluster
- uipathctl 集群维护
- uipathctl cluster maintenance disable
- uipathctl cluster maintenance enable
- uipathctl cluster maintenance is-enabled
- uipathctl cluster migration
- uipathctl cluster migration export
- uipathctl cluster migration import
- uipathctl cluster migration run
- uipathctl 集群升级
- uipathctl 配置
- uipathctl config add-host-admin
- uipathctl config additional-ca-certificates
- uipathctl config additional-ca-certificates get
- uipathctl config additional-ca-certificates update
- uipathctl 配置警示
- uipathctl configalerts add-email
- uipathctl config alerts remove-email
- uipathctl config alerts update-email
- uipathctl config argocd
- uipathctl config argocd ca-certificates
- uipathctl config argocd ca-certificates get
- uipathctl config argocd ca-certificates update
- uipathctl config argocd generate-dex-config
- uipathctl config argocd generate-rbac
- uipathctl config argocd registry
- uipathctl config argocd registry get
- uipathctl config argocd registry update
- uipathctl config enable-basic-auth
- uipathctl config Orchestrator
- uipathctl config Orchestrator get-config
- uipathctl config orchestrator update-config
- uipathctl config saml-certificates get
- uipathctl config saml-certificates rotate
- uipathctl config saml-certificates update
- uipathctl config tls-certificates
- uipathctl config tls-certificates get
- uipathctl config tls-certificates update
- uipathctl config token-signing-certificates
- uipathctl config token-signing-certificates get
- uipathctl config token-signing-certificates rotate
- uipathctl config token-signing-certificates update
- uipathctl 运行状况
- uipathctl 运行状况捆绑包
- uipathctl 运行状况检查
- uipathctl health diagnose
- uipathctl health test
- uipathctl 清单
- uipathctl manifest apply
- uipathctl manifest diff
- uipathctl manifest get
- uipathctl manifest get-revision
- uipathctl manifest list-applications
- uipathctl manifest list-revisions
- uipathctl manifest render
- uipathctl 先决条件
- uipathctl prereq create
- uipathctl prereq run
- uipathctl 资源
- uipathctl 资源报告
- uipathctl 快照
- uipathctl 快照备份
- uipathctl snapshot backup create
- uipathctl snapshot backup disable
- uipathctl snapshot backup enable
- uipathctl snapshot delete
- uipathctl snapshot list
- uipathctl snapshot restore
- uipathctl snapshot restore create
- uipathctl snapshot restore delete
- uipathctl snapshot restore history
- uipathctl snapshot restore logs
- uipathctl 版本
- 安装后
- 迁移和升级
- 监控和警示
- 集群管理
- 特定于产品的配置
- 故障排除
配置 NGINX 入口控制器
EKS/AKS 上的 Automation Suite 安装指南
上次更新日期 2024年4月19日
配置 NGINX 入口控制器
在标准配置中,Automation Suite 会将配置有 Istio 网关的负载均衡器 Kubernetes 服务类型配置为来自网络负载均衡器的请求的入口控制器。
重要提示:
要管理大型标头,请按如下所示调整 Ingress 注释中的
proxy-buffer-size
:
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
您必须使用
istio-ingressgateway
更新 NGINX 规范作为后端服务,并指定端口号 80。此外,如果您有自己的网络策略,请确保已正确配置它们以允许 NGINX 和 Istio 路由。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
您必须使用
istio-ingressgateway
作为后端服务来更新 NGINX 规范,并将 https
指定为端口名称。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-secret: "istio-system/istio-ingressgateway-certs"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-secret: "istio-system/istio-ingressgateway-certs"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https