时间戳

首页 > 解决方案 > 如何为非 ssl 和 ssl 端口设置 AWS ALB 入口默认操作

kubernetes-ingress - 如何为非 ssl 和 ssl 端口设置 AWS ALB 入口默认操作

问题描述

我正在使用 alb 入口控制器,入口 yaml 文件粘贴在下面。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: default
  name: alb-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123456789123:certificate/xxxxxxx-yyyy-zzzz-abce-ffffffffffff
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/security-groups: sg-xxxxxxxxxxxxxx
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
  rules:
    - http:
        paths:
         - path: /*
           backend:
             serviceName: ssl-redirect
             servicePort: use-annotation
    - host: domain.com
      http:
       paths:
       - backend:
          serviceName: greensvc
          servicePort: 80
         path: /green
       - backend:
          serviceName: redsvc
          servicePort: 80
         path: /red
    - host: mongo.domain.com
      http:
       paths:
       - backend:
          serviceName: mongo-express-service
          servicePort: 8081

ALB 中的相应规则是

在此处输入图像描述

在此处输入图像描述

ALB 部署成功,但是来自入口“alb-ingress”的日志报告了两个错误

/*   ssl-redirect:use-annotation (<error: endpoints "ssl-redirect" not found>)

Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)

我想要实现的是在端口 80 上创建一个默认操作(不需要任何其他规则),这会强制 https 流量。转发到服务的 https 端口中的默认操作,以及根据屏幕截图的其他基于主机或路径的路由。目前,这两个默认操作都设置为返回固定响应 404。

如何修改当前的 yaml 文件,以便根据我的兴趣更新 ALB 规则。还有为什么入口会记录 ssl-redirect 的注释错误。

标签: kubernetes-ingressamazon-eksaws-application-load-balancer

解决方案

我自己没有测试过,所以请在直接申请之前仔细评估一下。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: default
  name: alb-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123456789123:certificate/xxxxxxx-yyyy-zzzz-abce-ffffffffffff
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/security-groups: sg-xxxxxxxxxxxxxx
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/actions.response-404: >
      {"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain","statusCode":"404","messageBody":"Not Found"}}
    alb.ingress.kubernetes.io/actions.green-svc: >
      {"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"green-k8s-service","servicePort":80,"weight":100}]}}
    alb.ingress.kubernetes.io/conditions.green-svc: >
      [{"field":"host-header","hostHeaderConfig":{"values":["domain.com"]}},{"field":"path-pattern","pathPatternConfig":{"values":["/green"]}}]
    alb.ingress.kubernetes.io/actions.red-svc: >
      {"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"red-k8s-service","servicePort":80,"weight":100}]}}
    alb.ingress.kubernetes.io/conditions.red-svc: >
      [{"field":"host-header","hostHeaderConfig":{"values":["domain.com"]}},{"field":"path-pattern","pathPatternConfig":{"values":["/red"]}}]
    alb.ingress.kubernetes.io/actions.mongo-svc: >
      {"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"mongo-k8s-service","servicePort":8081,"weight":100}]}}
    alb.ingress.kubernetes.io/conditions.mongo-svc: >
      [{"field":"host-header","hostHeaderConfig":{"values":["mongo.domain.com"]}}]
spec:
  backend:
    serviceName: response-404
    servicePort: use-annotation
  rules:
    - http:
        paths:
          - backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - backend:
              serviceName: green-svc
              servicePort: use-annotation
          - backend:
              serviceName: red-svc
              servicePort: use-annotation
          - backend:
              serviceName: mongo-svc
              servicePort: use-annotation

默认 ALB 规则直接在spec对象下方但在对象之前指定rules

对于注释、动作和条件,当它们共享相同的名称时,它们会被一起解释。

AWS LoadBalancer Controller的Ingress Annotations文档页面有很多很好的示例,这些示例应该能够帮助您解决您可能想要进行的任何其他调整或更改。具体来说,查看流量路由

推荐阅读