Fatal编程技术网
  • kubernetes/
  • Kubernetes 如何使用GKE启用子域

Kubernetes 如何使用GKE启用子域

kubernetes

Kubernetes 如何使用GKE启用子域,kubernetes,subdomain,google-kubernetes-engine,Kubernetes,Subdomain,Google Kubernetes Engine,我在GKE中有不同的Kubernetes部署,我想从不同的外部子域访问它们 我尝试创建两个具有子域sub1和sub2以及主机名app的部署另一个具有主机名app的部署以及在app.mydomain.com的DNS上配置的IP XXX.XXX.XXX.XXX上公开它的服务 我想从sub1.app.mydomain.com和sub2.app.mydomain.com访问2个子部署 这应该是自动的,添加新的部署我不能每次更改DNS记录。 也许我处理问题的方式不对,我是GKE的新手,有什么建议吗 api

我在GKE中有不同的Kubernetes部署,我想从不同的外部子域访问它们

我尝试创建两个具有子域sub1和sub2以及主机名app的部署另一个具有主机名app的部署以及在app.mydomain.com的DNS上配置的IP XXX.XXX.XXX.XXX上公开它的服务

我想从sub1.app.mydomain.com和sub2.app.mydomain.com访问2个子部署

这应该是自动的,添加新的部署我不能每次更改DNS记录。 也许我处理问题的方式不对,我是GKE的新手,有什么建议吗

apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-host spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-host type: proxy spec: hostname: app containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-1 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-1 type: app spec: hostname: app subdomain: sub1 containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-2 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-2 type: app spec: hostname: app subdomain: sub2 containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: v1 kind: Service metadata: name: my-expose-dns spec: ports: - port: 80 selector: name: my-host type: LoadBalancer 你想要的。有几个选项可供选择的Istio,nginx,traefik等。我喜欢使用nginx,它真的很容易安装和使用。有关安装步骤,请访问

安装入口控制器后,您需要确保已使用类型为LoadBalancer的服务将其公开。接下来,如果您使用的是谷歌云DNS,请为您的域设置一个通配符条目,其中包含指向入口控制器服务的外部IP地址的a记录。在您的情况下,它应该是*.app.mydomain.com

因此,现在您到app.mydomain.com的所有流量都将进入该负载平衡器,并由入口控制器处理,因此现在您需要为您想要的任何服务添加服务和入口实体

apiVersion: v1
kind: Service
metadata:
  name: my-service1
spec:
  selector:
    app: my-app-1
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: ClusterIP

apiVersion: v1
kind: Service
metadata:
  name: my-service2
spec:
  selector:
    app: my-app2
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: ClusterIP

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: name-virtual-host-ingress
spec:
  rules:
  - host: sub1.app.mydomain.com
    http:
      paths:
      - backend:
          serviceName: my-service1
          servicePort: 80
  - host: sub2.app.mydomain.com
    http:
      paths:
      - backend:
          serviceName: my-service2
          servicePort: 80
显示的路由是基于主机的,但您可以轻松地处理基于路径的服务,因此到app.mydomain.com/service1的所有流量都将转到您的一个部署。

您需要。有几个选项可供选择的Istio,nginx,traefik等。我喜欢使用nginx,它真的很容易安装和使用。有关安装步骤,请访问

安装入口控制器后,您需要确保已使用类型为LoadBalancer的服务将其公开。接下来,如果您使用的是谷歌云DNS,请为您的域设置一个通配符条目,其中包含指向入口控制器服务的外部IP地址的a记录。在您的情况下,它应该是*.app.mydomain.com

因此,现在您到app.mydomain.com的所有流量都将进入该负载平衡器,并由入口控制器处理,因此现在您需要为您想要的任何服务添加服务和入口实体

apiVersion: v1
kind: Service
metadata:
  name: my-service1
spec:
  selector:
    app: my-app-1
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: ClusterIP

apiVersion: v1
kind: Service
metadata:
  name: my-service2
spec:
  selector:
    app: my-app2
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: ClusterIP

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: name-virtual-host-ingress
spec:
  rules:
  - host: sub1.app.mydomain.com
    http:
      paths:
      - backend:
          serviceName: my-service1
          servicePort: 80
  - host: sub2.app.mydomain.com
    http:
      paths:
      - backend:
          serviceName: my-service2
          servicePort: 80
显示的路由是基于主机的,但您可以轻松地处理基于路径的服务,因此到app.mydomain.com/service1的所有流量都将流向您的一个部署。

这可能是一个解决方案,对于我的情况,我需要更具动态性的解决方案。我不会在每次添加子域时更新入口

我几乎解决了使用nginx代理的问题,如下所示:

apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-1 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-1 type: app spec: hostname: sub1 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-2 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-2 type: app spec: hostname: sub2 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: v1 kind: ConfigMap metadata: name: nginx-config-dns-file data: nginx.conf: | server { listen 80; server_name ~^(?.*?)\.; location / { proxy_pass http://$subdomain.my-internal-host; root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-proxy spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-proxy type: app spec: subdomain: my-internal-host containers: - image: nginx:alpine name: nginx volumeMounts: - name: nginx-config-dns-file mountPath: /etc/nginx/conf.d/default.conf.test subPath: nginx.conf ports: - name: nginx containerPort: 80 hostPort: 80 volumes: - name: nginx-config-dns-file configMap: name: nginx-config-dns-file restartPolicy: Always status: {} --- apiVersion: v1 kind: Service metadata: name: my-internal-host spec: selector: type: app clusterIP: None ports: - name: sk-port port: 80 targetPort: 80 --- apiVersion: v1 kind: Service metadata: name: sk-expose-dns spec: ports: - port: 80 selector: name: my-proxy type: LoadBalancer 我知道我需要“我的内部主机”服务,以允许所有部署在内部相互查看。 现在的问题只是nginx的proxy\u pass,如果我用“proxy\u pass;”来更改它它可以工作,但不适用于regexp变量

这个问题与nginx解析器有关。

这可能是一个解决方案,对于我的情况,我需要更具动态性的解决方案。我不会在每次添加子域时更新入口

我几乎解决了使用nginx代理的问题,如下所示:

apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-1 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-1 type: app spec: hostname: sub1 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-subdomain-2 spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-subdomain-2 type: app spec: hostname: sub2 subdomain: my-internal-host containers: - image: nginx:alpine name: nginx ports: - name: nginx containerPort: 80 hostPort: 80 restartPolicy: Always status: {} --- apiVersion: v1 kind: ConfigMap metadata: name: nginx-config-dns-file data: nginx.conf: | server { listen 80; server_name ~^(?.*?)\.; location / { proxy_pass http://$subdomain.my-internal-host; root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-proxy spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: name: my-proxy type: app spec: subdomain: my-internal-host containers: - image: nginx:alpine name: nginx volumeMounts: - name: nginx-config-dns-file mountPath: /etc/nginx/conf.d/default.conf.test subPath: nginx.conf ports: - name: nginx containerPort: 80 hostPort: 80 volumes: - name: nginx-config-dns-file configMap: name: nginx-config-dns-file restartPolicy: Always status: {} --- apiVersion: v1 kind: Service metadata: name: my-internal-host spec: selector: type: app clusterIP: None ports: - name: sk-port port: 80 targetPort: 80 --- apiVersion: v1 kind: Service metadata: name: sk-expose-dns spec: ports: - port: 80 selector: name: my-proxy type: LoadBalancer 我知道我需要“我的内部主机”服务,以允许所有部署在内部相互查看。 现在的问题只是nginx的proxy\u pass,如果我用“proxy\u pass;”来更改它它可以工作,但不适用于regexp变量

该问题与nginx解析器有关。

已解决

这是正确的nginx配置:

server {
  listen       80;
  server_name ~^(?<subdomain>.*?)\.;
  resolver kube-dns.kube-system.svc.cluster.local valid=5s;

  location / {
      proxy_pass         http://$subdomain.my-internal-host.default.svc.cluster.local;
      root   /usr/share/nginx/html;
      index  index.html index.htm;
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
      root   /usr/share/nginx/html;
  }
}
解决了

这是正确的nginx配置:

server {
  listen       80;
  server_name ~^(?<subdomain>.*?)\.;
  resolver kube-dns.kube-system.svc.cluster.local valid=5s;

  location / {
      proxy_pass         http://$subdomain.my-internal-host.default.svc.cluster.local;
      root   /usr/share/nginx/html;
      index  index.html index.htm;
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
      root   /usr/share/nginx/html;
  }
}
似乎您正在尝试将入口构建到应用程序中。从关注点分离的角度来看,这不是很好。你能更好地解释一下吗?我想让新子域在外部自动可用如果你说你不愿意向Kubernetes Ingress实体添加新规则,正如我在回答中所示,我没有一个很好的解决方案。听起来您正在寻找类似此功能请求的内容:。我将关注这个话题,看看对话的走向。是的!我只是在寻找类似的东西。看起来您正在尝试将入口构建到应用程序中。从关注点分离的角度来看,这不是很好。你能更好地解释一下吗?我想让新子域在外部自动可用如果你说你不愿意向Kubernetes Ingress实体添加新规则,正如我在回答中所示,我没有一个很好的解决方案。听起来您正在寻找类似此功能请求的内容:。我将关注这个话题,看看对话的走向。是的!我只是在找这样的东西