Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 如何加入ALB入口组而不是覆盖EKS中的现有组?

Amazon web services 如何加入ALB入口组而不是覆盖EKS中的现有组?

amazon-web-services kubernetes

Amazon web services 如何加入ALB入口组而不是覆盖EKS中的现有组?,amazon-web-services,kubernetes,amazon-eks,Amazon Web Services,Kubernetes,Amazon Eks,我正在将K8S部署到AWS EKS群集,并使用ALB进行部署。我想将一个ALB用于多个服务,但我不知道如何共享同一个ALB。每次部署入口时,它都会覆盖现有入口 我有两个配置yaml文件: a、 亚马尔 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: sample-ingress namespace: default annotations: kubernetes.io/ingress.class

我正在将K8S部署到AWS EKS群集,并使用ALB进行部署。我想将一个ALB用于多个服务,但我不知道如何共享同一个ALB。每次部署入口时,它都会覆盖现有入口

我有两个配置yaml文件:

a、 亚马尔

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: sample-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/group.name: sample-ingress
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/group.order: '1'
spec:
  rules:
    - http:
        paths:
          - path: /sample-app/*
            backend:
              serviceName: sample-entrypoint
              servicePort: 80
b、 亚马尔

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: sample-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/group.name: sample-ingress
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/group.order: '2'
spec:
  rules:
    - http:
        paths:
          - path: /sample-es/*
            backend:
              serviceName: sample-es-entrypoint
              servicePort: 9200
我希望两者共享相同的ALB,因此我指定组名相同:

alb.ingres.kubernetes.io/group.name:示例入口

我还在这两个文件中指定了不同的顺序

但是当我运行
kubectl apply-f a.yaml
时,它会使用我在配置文件中指定的规则创建一个ALB:
/sample app/*
。但是当我运行
kubectl apply-f b.yaml
时,它会用
/sample es/*
覆盖现有规则。那么,如何使两者共享相同的ALB并允许它们提供不同的规则呢?

我想您可以创建单独的入口并将它们附加到相同的服务配置。使用alb指向服务配置,这样应该可以工作。我有一个面向内部的服务配置,请看看这是否适合您

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
  labels:
    app.kubernetes.io/instance: goldendev-ingress-test
    app.kubernetes.io/managed-by: Tiller
    app.kubernetes.io/name: ingress-test
    environment: DEV
    helm.sh/chart: ingress-test
  name: ingress-test
  namespace: default
spec:
  externalTrafficPolicy: Cluster
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app.kubernetes.io/instance: z1
    app.kubernetes.io/name: gunicorn
  sessionAffinity: None
  type: LoadBalancer
亚马尔酒店

apiVersion:extensions/v1beta1
种类:入口
元数据:
名称:样本入口
名称空间:默认值
注释:
kubernetes.io/ingres.class:alb
alb.ingres.kubernetes.io/group.name:样本入口
alb.ingres.kubernetes.io/scheme:内部
alb.ingres.kubernetes.io/target-type:ip
alb.ingres.kubernetes.io/group.order:'1'
规格:
规则:
-http:
路径:
-路径:/mappings/v1/hello/*
后端:
服务名称:入口测试
服务端口:80
---
apiVersion:extensions/v1beta1
种类:入口
元数据:
名称:sample-ingress-1
名称空间:默认值
注释:
kubernetes.io/ingres.class:alb
alb.ingres.kubernetes.io/group.name:样本入口
alb.ingres.kubernetes.io/scheme:内部
alb.ingres.kubernetes.io/target-type:ip
alb.ingres.kubernetes.io/group.order:'2'
规格:
规则:
-http:
路径:
-路径:/mappings/v1/teams/*
后端:
服务名称:ingress-test-2
服务端口:80
我在AWS控制台中验证过,它只创建了一个具有服务配置的负载平衡器。 入口列表:

kubectl进入
名称主机地址端口年龄
样本入口*80 19m
进样口1*80 19m
让我知道这是否有帮助。

我已尝试以下主机

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: pub-uat-alb
  namespace: "uat-env"
  labels:
    imaharah-k8s/environment: staging
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: instance
    alb.ingress.kubernetes.io/tags: environment=staging
    alb.ingress.kubernetes.io/success-codes: '200,301,401'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123435678977:certificate/hskrhjf93ih-y4325kjhdsf0-hsr98
    alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
  rules:
  - http:
      paths:
      - path: /*
        backend:
          serviceName: ssl-redirect
          servicePort: use-annotation

  - host: test1.test.com
    http:
      paths:
      - path: /*
        backend:
          serviceName: test1-service
          servicePort: 80

  - host: test2.test.com
    http:
      paths:
      - path: /*
        backend:
          serviceName: test2-service
          servicePort: 80

  - host: test3.test.com
    http:
      paths:
      - path: /*
        backend:
          serviceName: test3-service
          servicePort: 80
验证--->

[centos@ip-10-0-68-81发布]$kubectl获得进入权-n uat环境--kubeconfig=$dev
名称类主机地址端口年龄
发布uat alb test1.test.com、test2.test.com、test3.test.com test-autenv-testtest-gfsadasd76-94238798.us-east-1.elb.amazonaws.com 80 3d6h

[centos@ip-10-0-68-81 pub]$ kubectl get ingress -n uat-env --kubeconfig=$dev
NAME          CLASS    HOSTS                                          ADDRESS                                                                         PORTS   AGE
pub-uat-alb   <none>   test1.test.com,test2.test.com,test3.test.com   test-uatenv-testtest-gfsadasd76-94238798.us-east-1.elb.amazonaws.com            80      3d6h