automation-suite
2023.4
false
- 概述
- 要求
- 安装
- 安装后
- 迁移和升级
- 监控和警示
- 集群管理
- 特定于产品的配置
- 故障排除
配置 NGINX 入口控制器
重要 :
请注意此内容已使用机器翻译进行了部分本地化。
不在支持范围内
EKS/AKS 上的 Automation Suite 安装指南
Last updated 2024年11月21日
配置 NGINX 入口控制器
在标准配置中,Automation Suite 会将配置有 Istio 网关的负载均衡器 Kubernetes 服务类型配置为来自网络负载均衡器的请求的入口控制器。
如果您的集群中已有 NGINX 入口控制器 并希望继续使用它,则必须将 Kubernetes
service_type
配置为 cluster_IP
,而不是负载均衡器。 本文档提供该配置所需的必要更改。
重要提示:
要管理大型标头,请按如下所示调整 Ingress 注释中的
proxy-buffer-size
:
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
您必须使用
istio-ingressgateway
更新 NGINX 规范作为后端服务,并指定端口号 80。此外,如果您有自己的网络策略,请确保已正确配置它们以允许 NGINX 和 Istio 路由。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
您必须使用
istio-ingressgateway
作为后端服务来更新 NGINX 规范,并将 https
指定为端口名称。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-secret: "istio-system/istio-ingressgateway-certs"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: istio-system
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-secret: "istio-system/istio-ingressgateway-certs"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https