Kubernetes 如何使用GKE启用子域
我在GKE中有不同的Kubernetes部署,我想从不同的外部子域访问它们 我尝试创建两个具有子域sub1和sub2以及主机名app的部署另一个具有主机名app的部署以及在app.mydomain.com的DNS上配置的IP XXX.XXX.XXX.XXX上公开它的服务 我想从sub1.app.mydomain.com和sub2.app.mydomain.com访问2个子部署 这应该是自动的,添加新的部署我不能每次更改DNS记录。 也许我处理问题的方式不对,我是GKE的新手,有什么建议吗 apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-host spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-host type: proxy spec: hostname: app containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-1 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-1 type: app spec: hostname: app subdomain: sub1 containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-2 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-2 type: app spec: hostname: app subdomain: sub2 containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: v1 kind: Service metadata: name: my-expose-dns spec: ports: - port: 80 selector: name: my-host type: LoadBalancer 你想要的。有几个选项可供选择的Istio,nginx,traefik等。我喜欢使用nginx,它真的很容易安装和使用。有关安装步骤,请访问 安装入口控制器后,您需要确保已使用类型为LoadBalancer的服务将其公开。接下来,如果您使用的是谷歌云DNS,请为您的域设置一个通配符条目,其中包含指向入口控制器服务的外部IP地址的a记录。在您的情况下,它应该是*.app.mydomain.com 因此,现在您到app.mydomain.com的所有流量都将进入该负载平衡器,并由入口控制器处理,因此现在您需要为您想要的任何服务添加服务和入口实体Kubernetes 如何使用GKE启用子域,kubernetes,subdomain,google-kubernetes-engine,Kubernetes,Subdomain,Google Kubernetes Engine,我在GKE中有不同的Kubernetes部署,我想从不同的外部子域访问它们 我尝试创建两个具有子域sub1和sub2以及主机名app的部署另一个具有主机名app的部署以及在app.mydomain.com的DNS上配置的IP XXX.XXX.XXX.XXX上公开它的服务 我想从sub1.app.mydomain.com和sub2.app.mydomain.com访问2个子部署 这应该是自动的,添加新的部署我不能每次更改DNS记录。 也许我处理问题的方式不对,我是GKE的新手,有什么建议吗 api
apiVersion: v1
kind: Service
metadata:
name: my-service1
spec:
selector:
app: my-app-1
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
apiVersion: v1
kind: Service
metadata:
name: my-service2
spec:
selector:
app: my-app2
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: name-virtual-host-ingress
spec:
rules:
- host: sub1.app.mydomain.com
http:
paths:
- backend:
serviceName: my-service1
servicePort: 80
- host: sub2.app.mydomain.com
http:
paths:
- backend:
serviceName: my-service2
servicePort: 80
显示的路由是基于主机的,但您可以轻松地处理基于路径的服务,因此到app.mydomain.com/service1的所有流量都将转到您的一个部署。您需要。有几个选项可供选择的Istio,nginx,traefik等。我喜欢使用nginx,它真的很容易安装和使用。有关安装步骤,请访问
安装入口控制器后,您需要确保已使用类型为LoadBalancer的服务将其公开。接下来,如果您使用的是谷歌云DNS,请为您的域设置一个通配符条目,其中包含指向入口控制器服务的外部IP地址的a记录。在您的情况下,它应该是*.app.mydomain.com
因此,现在您到app.mydomain.com的所有流量都将进入该负载平衡器,并由入口控制器处理,因此现在您需要为您想要的任何服务添加服务和入口实体
apiVersion: v1
kind: Service
metadata:
name: my-service1
spec:
selector:
app: my-app-1
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
apiVersion: v1
kind: Service
metadata:
name: my-service2
spec:
selector:
app: my-app2
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: name-virtual-host-ingress
spec:
rules:
- host: sub1.app.mydomain.com
http:
paths:
- backend:
serviceName: my-service1
servicePort: 80
- host: sub2.app.mydomain.com
http:
paths:
- backend:
serviceName: my-service2
servicePort: 80
显示的路由是基于主机的,但您可以轻松地处理基于路径的服务,因此到app.mydomain.com/service1的所有流量都将流向您的一个部署。这可能是一个解决方案,对于我的情况,我需要更具动态性的解决方案。我不会在每次添加子域时更新入口 我几乎解决了使用nginx代理的问题,如下所示: apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-1 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-1 type: app spec: hostname: sub1 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-2 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-2 type: app spec: hostname: sub2 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: v1 kind: ConfigMap metadata: name: nginx-config-dns-file data: nginx.conf: | server { listen 80; server_name ~^(?.*?)\.; location / { proxy_pass http://$subdomain.my-internal-host; root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-proxy spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-proxy type: app spec: subdomain: my-internal-host containers: - image: nginx:alpine name: nginx volumeMounts: - name: nginx-config-dns-file mountPath: /etc/nginx/conf.d/default.conf.test subPath: nginx.conf ports: - name: nginx containerPort: 80 hostPort: 80 volumes: - name: nginx-config-dns-file configMap: name: nginx-config-dns-file restartPolicy: Always status: {} --- apiVersion: v1 kind: Service metadata: name: my-internal-host spec: selector: type: app clusterIP: None ports: - name: sk-port port: 80 targetPort: 80 --- apiVersion: v1 kind: Service metadata: name: sk-expose-dns spec: ports: - port: 80 selector: name: my-proxy type: LoadBalancer 我知道我需要“我的内部主机”服务,以允许所有部署在内部相互查看。 现在的问题只是nginx的proxy\u pass,如果我用“proxy\u pass;”来更改它它可以工作,但不适用于regexp变量
这个问题与nginx解析器有关。这可能是一个解决方案,对于我的情况,我需要更具动态性的解决方案。我不会在每次添加子域时更新入口 我几乎解决了使用nginx代理的问题,如下所示: apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-1 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-1 type: app spec: hostname: sub1 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-2 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-2 type: app spec: hostname: sub2 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: v1 kind: ConfigMap metadata: name: nginx-config-dns-file data: nginx.conf: | server { listen 80; server_name ~^(?.*?)\.; location / { proxy_pass http://$subdomain.my-internal-host; root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-proxy spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-proxy type: app spec: subdomain: my-internal-host containers: - image: nginx:alpine name: nginx volumeMounts: - name: nginx-config-dns-file mountPath: /etc/nginx/conf.d/default.conf.test subPath: nginx.conf ports: - name: nginx containerPort: 80 hostPort: 80 volumes: - name: nginx-config-dns-file configMap: name: nginx-config-dns-file restartPolicy: Always status: {} --- apiVersion: v1 kind: Service metadata: name: my-internal-host spec: selector: type: app clusterIP: None ports: - name: sk-port port: 80 targetPort: 80 --- apiVersion: v1 kind: Service metadata: name: sk-expose-dns spec: ports: - port: 80 selector: name: my-proxy type: LoadBalancer 我知道我需要“我的内部主机”服务,以允许所有部署在内部相互查看。 现在的问题只是nginx的proxy\u pass,如果我用“proxy\u pass;”来更改它它可以工作,但不适用于regexp变量 该问题与nginx解析器有关。已解决 这是正确的nginx配置:
server {
listen 80;
server_name ~^(?<subdomain>.*?)\.;
resolver kube-dns.kube-system.svc.cluster.local valid=5s;
location / {
proxy_pass http://$subdomain.my-internal-host.default.svc.cluster.local;
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
解决了
这是正确的nginx配置:
server {
listen 80;
server_name ~^(?<subdomain>.*?)\.;
resolver kube-dns.kube-system.svc.cluster.local valid=5s;
location / {
proxy_pass http://$subdomain.my-internal-host.default.svc.cluster.local;
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
似乎您正在尝试将入口构建到应用程序中。从关注点分离的角度来看,这不是很好。你能更好地解释一下吗?我想让新子域在外部自动可用如果你说你不愿意向Kubernetes Ingress实体添加新规则,正如我在回答中所示,我没有一个很好的解决方案。听起来您正在寻找类似此功能请求的内容:。我将关注这个话题,看看对话的走向。是的!我只是在寻找类似的东西。看起来您正在尝试将入口构建到应用程序中。从关注点分离的角度来看,这不是很好。你能更好地解释一下吗?我想让新子域在外部自动可用如果你说你不愿意向Kubernetes Ingress实体添加新规则,正如我在回答中所示,我没有一个很好的解决方案。听起来您正在寻找类似此功能请求的内容:。我将关注这个话题,看看对话的走向。是的!我只是在找这样的东西