Amazon web services 如何加入ALB入口组而不是覆盖EKS中的现有组?
我正在将K8S部署到AWS EKS群集,并使用ALB进行部署。我想将一个ALB用于多个服务,但我不知道如何共享同一个ALB。每次部署入口时,它都会覆盖现有入口 我有两个配置yaml文件: a、 亚马尔Amazon web services 如何加入ALB入口组而不是覆盖EKS中的现有组?,amazon-web-services,kubernetes,amazon-eks,Amazon Web Services,Kubernetes,Amazon Eks,我正在将K8S部署到AWS EKS群集,并使用ALB进行部署。我想将一个ALB用于多个服务,但我不知道如何共享同一个ALB。每次部署入口时,它都会覆盖现有入口 我有两个配置yaml文件: a、 亚马尔 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: sample-ingress namespace: default annotations: kubernetes.io/ingress.class
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '1'
spec:
rules:
- http:
paths:
- path: /sample-app/*
backend:
serviceName: sample-entrypoint
servicePort: 80
b、 亚马尔
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sample-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sample-ingress
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '2'
spec:
rules:
- http:
paths:
- path: /sample-es/*
backend:
serviceName: sample-es-entrypoint
servicePort: 9200
我希望两者共享相同的ALB,因此我指定组名相同:
alb.ingres.kubernetes.io/group.name:示例入口
我还在这两个文件中指定了不同的顺序
但是当我运行
kubectl apply-f a.yaml
时,它会使用我在配置文件中指定的规则创建一个ALB:/sample app/*
。但是当我运行kubectl apply-f b.yaml
时,它会用/sample es/*
覆盖现有规则。那么,如何使两者共享相同的ALB并允许它们提供不同的规则呢?我想您可以创建单独的入口并将它们附加到相同的服务配置。使用alb指向服务配置,这样应该可以工作。我有一个面向内部的服务配置,请看看这是否适合您
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
labels:
app.kubernetes.io/instance: goldendev-ingress-test
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: ingress-test
environment: DEV
helm.sh/chart: ingress-test
name: ingress-test
namespace: default
spec:
externalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: z1
app.kubernetes.io/name: gunicorn
sessionAffinity: None
type: LoadBalancer
亚马尔酒店
apiVersion:extensions/v1beta1
种类:入口
元数据:
名称:样本入口
名称空间:默认值
注释:
kubernetes.io/ingres.class:alb
alb.ingres.kubernetes.io/group.name:样本入口
alb.ingres.kubernetes.io/scheme:内部
alb.ingres.kubernetes.io/target-type:ip
alb.ingres.kubernetes.io/group.order:'1'
规格:
规则:
-http:
路径:
-路径:/mappings/v1/hello/*
后端:
服务名称:入口测试
服务端口:80
---
apiVersion:extensions/v1beta1
种类:入口
元数据:
名称:sample-ingress-1
名称空间:默认值
注释:
kubernetes.io/ingres.class:alb
alb.ingres.kubernetes.io/group.name:样本入口
alb.ingres.kubernetes.io/scheme:内部
alb.ingres.kubernetes.io/target-type:ip
alb.ingres.kubernetes.io/group.order:'2'
规格:
规则:
-http:
路径:
-路径:/mappings/v1/teams/*
后端:
服务名称:ingress-test-2
服务端口:80
我在AWS控制台中验证过,它只创建了一个具有服务配置的负载平衡器。
入口列表:
kubectl进入
名称主机地址端口年龄
样本入口*80 19m
进样口1*80 19m
让我知道这是否有帮助。我已尝试以下主机
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: pub-uat-alb
namespace: "uat-env"
labels:
imaharah-k8s/environment: staging
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/tags: environment=staging
alb.ingress.kubernetes.io/success-codes: '200,301,401'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123435678977:certificate/hskrhjf93ih-y4325kjhdsf0-hsr98
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- host: test1.test.com
http:
paths:
- path: /*
backend:
serviceName: test1-service
servicePort: 80
- host: test2.test.com
http:
paths:
- path: /*
backend:
serviceName: test2-service
servicePort: 80
- host: test3.test.com
http:
paths:
- path: /*
backend:
serviceName: test3-service
servicePort: 80
验证--->
[centos@ip-10-0-68-81发布]$kubectl获得进入权-n uat环境--kubeconfig=$dev
名称类主机地址端口年龄
发布uat alb test1.test.com、test2.test.com、test3.test.com test-autenv-testtest-gfsadasd76-94238798.us-east-1.elb.amazonaws.com 80 3d6h
[centos@ip-10-0-68-81 pub]$ kubectl get ingress -n uat-env --kubeconfig=$dev
NAME CLASS HOSTS ADDRESS PORTS AGE
pub-uat-alb <none> test1.test.com,test2.test.com,test3.test.com test-uatenv-testtest-gfsadasd76-94238798.us-east-1.elb.amazonaws.com 80 3d6h