automation-suite
2023.4
false
重要 :
请注意此内容已使用机器翻译进行了部分本地化。
UiPath logo, featuring letters U and I in white
不在支持范围内
EKS/AKS 上的 Automation Suite 安装指南
Last updated 2024年11月21日

配置 NGINX 入口控制器

在标准配置中,Automation Suite 会将配置有 Istio 网关的负载均衡器 Kubernetes 服务类型配置为来自网络负载均衡器的请求的入口控制器。

如果您的集群中已有 NGINX 入口控制器 并希望继续使用它,则必须将 Kubernetes service_type 配置为 cluster_IP ,而不是负载均衡器。 本文档提供该配置所需的必要更改。
重要提示:
要管理大型标头,请按如下所示调整 Ingress 注释中的 proxy-buffer-size
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"

NGINX 通过 HTTP 连接到 Istio

更新 NGINX 入口配置

您必须使用 istio-ingressgateway 更新 NGINX 规范作为后端服务,并指定端口号 80。此外,如果您有自己的网络策略,请确保已正确配置它们以允许 NGINX 和 Istio 路由。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: istio-system
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - "<FQDN>"
        - "*.<FQDN>"
      secretName: nginx-tls
  rules:
    - host: "<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                number: 80
    - host: "*.<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                number: 80apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: istio-system
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - "<FQDN>"
        - "*.<FQDN>"
      secretName: nginx-tls
  rules:
    - host: "<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                number: 80
    - host: "*.<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                number: 80

input.json 参数

您必须在 input.json 中提供以下参数才能更改 service_typeHTTPS
...
"ingress": {
  "service_type": "ClusterIP",
  "HTTPS": false
}
......
"ingress": {
  "service_type": "ClusterIP",
  "HTTPS": false
}
...

通过 HTTPS 连接到 Istio 的 NGINX

更新 NGINX 入口配置

您必须使用 istio-ingressgateway 作为后端服务来更新 NGINX 规范,并将 https 指定为端口名称。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: istio-system
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "https"
    nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
    nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
    nginx.ingress.kubernetes.io/proxy-ssl-secret: "istio-system/istio-ingressgateway-certs"
    nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - "<FQDN>"
        - "*.<FQDN>"
      secretName: nginx-tls
  rules:
    - host: "<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                name: https
    - host: "*.<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                name: httpsapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: istio-system
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "https"
    nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
    nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
    nginx.ingress.kubernetes.io/proxy-ssl-secret: "istio-system/istio-ingressgateway-certs"
    nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - "<FQDN>"
        - "*.<FQDN>"
      secretName: nginx-tls
  rules:
    - host: "<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                name: https
    - host: "*.<FQDN>"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: istio-ingressgateway
              port:
                name: https

input.json 参数

您必须在 input.json 中提供以下参数才能更改 service_typeHTTPS
...
"ingress": {
  "service_type": "ClusterIP",
  "HTTPS": true
}
......
"ingress": {
  "service_type": "ClusterIP",
  "HTTPS": true
}
...

此页面有帮助吗?

获取您需要的帮助
了解 RPA - 自动化课程
UiPath Community 论坛
Uipath Logo White
信任与安全
© 2005-2024 UiPath。保留所有权利。