2

我在 Kubernetes AKS 上安装了 HA 代理入口。我安装它使用:

helm install ingress haproxy-ingress/haproxy-ingress

我的入口是这样的:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress  
metadata:
  name: ravendb
  namespace: default
  labels:
    app: ravendb
  annotations:
    ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  rules:
  - host: a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 443
        path: /
  - host: tcp-a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 38888
        path: /
  - host: b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 443
        path: /
  - host: tcp-b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 38888
        path: /
  - host: c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 443
        path: /
  - host: tcp-c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 38888
        path: /

但是,当我将浏览器指向https://a.raven.aedas-prev.inercya.com时,我得到了默认后端。HA 代理不会将请求反向代理到 ravendb-0 服务。

我做错了什么?我该怎么做才能使入口工作?

Pod 正在运行:

haproxy-ingress-8548ff5ff4-9wmxv            1/1     Running            0          137m
ingress-default-backend-b6f678779-9d88r     1/1     Running            0          137m
ravendb-0                                   1/1     Running            0          137m
ravendb-1                                   1/1     Running            0          139m
ravendb-2                                   1/1     Running            0          141m

并配置服务:

NAME                       TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                        AGE
haproxy-ingress            LoadBalancer   10.0.166.252   xx.xx.xx.xx    443:30526/TCP,1936:32388/TCP   139m
ingress-default-backend    ClusterIP      10.0.102.165   <none>           8080/TCP                       139m
kubernetes                 ClusterIP      10.0.0.1       <none>           443/TCP                        412d
ravendb                    ClusterIP      None           <none>           443/TCP,38888/TCP,161/TCP      411d
ravendb-0                  ClusterIP      10.0.193.14    <none>           443/TCP,38888/TCP,161/TCP      411d
ravendb-1                  ClusterIP      10.0.156.73    <none>           443/TCP,38888/TCP,161/TCP      411d
ravendb-2                  ClusterIP      10.0.53.227    <none>           443/TCP,38888/TCP,161/TCP      411d
4

1 回答 1

2

我终于弄清楚我错过了什么。我添加了kubernetes.io/ingress.class: haproxy注释并解决了问题:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress  
metadata:
  name: ravendb
  namespace: default
  labels:
    app: ravendb
  annotations:
    ingress.kubernetes.io/ssl-passthrough: "true"
    kubernetes.io/ingress.class: haproxy
spec:
  rules:
  - host: a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 443
        path: /
  - host: tcp-a.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-0
          servicePort: 38888
        path: /
  - host: b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 443
        path: /
  - host: tcp-b.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-1
          servicePort: 38888
        path: /
  - host: c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 443
        path: /
  - host: tcp-c.raven.aedas-prev.inercya.com
    http:
      paths:
      - backend:
          serviceName: ravendb-2
          servicePort: 38888
        path: /

现在 HAproxy 入口按预期工作,将外部流量反向代理到内部服务。

于 2021-03-08T12:32:49.417 回答