时间戳

首页 > 解决方案 > Nginx GKE 入口允许会话亲和性

nginx - Nginx GKE 入口允许会话亲和性

问题描述

我正在 GKE 1.19.7-gke.1302 上部署 nginx 入口,并通过 nginx-ingress-0.8.0 helm chart 部署 nginx 入口,并且我正在尝试使会话亲和性工作。它适用于托管的“gce”入口,我正在获取“GCLB”cookie,但不适用于 nginx 入口。这些是我的配置:

nginx-ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-nginx-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    # gke static ip address name
    #kubernetes.io/ingress.global-static-ip-name: my-proxy
    # make ssl connection to the backends (deprecated)
    #nginx.ingress.kubernetes.io/secure-backends: "true"
    # don't use http
    kubernetes.io/ingress.allow-http: "false"
    # enable backend redirections
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    # this is deprecated
    #nginx.ingress.kubernetes.io/app-root: /
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite ^/kibana/(.*)$ /$2 break;
    #nginx.ingress.kubernetes.io/app-root: /
    # enable stickiness
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/affinity-mode: persistent
    nginx.ingress.kubernetes.io/session-cookie-name: OAUTH
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
    cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
  tls:
  - secretName: my-tls
    hosts: 
    - "test.com"
  rules:
    - host: "test.com"
      http:
        paths:
        - path: /
          backend:
            serviceName: my-nodeport
            servicePort: 80

我的节点端口

apiVersion: v1
kind: Service
metadata:
  annotations:
    cloud.google.com/backend-config: '{"ports": {"80":"my-backendconfig"}}'
    cloud.google.com/neg: '{"ingress": true}'
    ingress.kubernetes.io/affinity: cookie
  name: my-nodeport
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: my
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800
  type: NodePort

我的后端配置

apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  annotations:
  name: my-backendconfig
  namespace: default
spec:
  sessionAffinity:
    affinityCookieTtlSec: 6000
    affinityType: GENERATED_COOKIE

我的目标是提供具有会话亲和性的 HTTPS 代理,然后将标头传递给我的应用程序,这对于内置的 GCE 入口是不可能的,所以我正在尝试使用 nginss 入口来做到这一点。其他解决方案而不是 nginx 入口也可以解决我的问题!

标签: nginxcookiesproxygoogle-kubernetes-enginekubernetes-ingress

解决方案

推荐阅读