我在 AWS 托管的 kubernetes 集群(v1.21.2-eks-06eac09)和单个服务/部署中有一个 haproxy-ingress(v0.13.5,默认 helm 设置)。该服务已启动并正在运行,可以通过 curl 成功调用,haproxy stats 页面显示具有正确 ip 的绿色后端。一切对我来说看起来都不错,但是如果我调用 url,我会得到默认的 404 后端,除非我配置了具有相同服务的默认后端。这让我得出结论,主机或路径映射一定有问题,对吧?我的配置有错误还是其他地方有问题?
这是我的入口资源:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-service
namespace: my-service
annotations:
haproxy-ingress.github.io/affinity: "cookie"
haproxy-ingress.github.io/backend-server-naming: "pod"
haproxy-ingress.github.io/secure-backends: "true"
haproxy-ingress.github.io/session-cookie-dynamic: "true"
haproxy-ingress.github.io/session-cookie-keywords: "indirect nocache httponly maxidle 900"
haproxy-ingress.github.io/session-cookie-preserve: "true"
haproxy-ingress.github.io/session-cookie-same-site: "true"
haproxy-ingress.github.io/slots-min-free: "0"
haproxy-ingress.github.io/ssl-redirect: "false"
haproxy-ingress.github.io/strict-host: "true"
spec:
ingressClassName: haproxy-ingress
tls:
- secretName: my-service-tls
rules:
- http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: my-service
port:
number: 443
host: my-service.dev.aws.company.local
# defaultBackend:
# service:
# name: my-service
# port:
# number: 443
入口类:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: haproxy-ingress
spec:
controller: haproxy-ingress.github.io/controller
helm安装命令:
helm install haproxy-ingress haproxy-ingress/haproxy-ingress --create-namespace --namespace ingress-controller --set controller.service.type=ClusterIP --version 0.13.5
从 haproxy.conf 生成的后端
backend my-service_my-service_https
mode http
balance roundrobin
acl https-request ssl_fc
http-request set-header X-Original-Forwarded-For %[hdr(x-forwarded-for)] if { hdr(x-forwarded-for) -m found }
http-request del-header x-forwarded-for
option forwardfor
cookie INGRESSCOOKIE insert preserve attr SameSite=None secure indirect nocache httponly maxidle 900 dynamic
dynamic-cookie-key "Ingress"
http-response set-header Strict-Transport-Security "max-age=15768000" if https-request
server my-service-0 10.19.25.214:443 weight 1 ssl no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets verify none check inter 2s
从 haproxy.conf 生成的前端
frontend _front_https
mode http
bind :443 ssl alpn h2,http/1.1 crt-list /etc/haproxy/maps/_front_bind_crt.list ca-ignore-err all crt-ignore-err all
option httplog
http-request set-var(req.path) path
http-request set-var(req.host) hdr(host),field(1,:),lower
http-request set-var(req.base) var(req.host),concat(\#,req.path)
http-request set-var(req.hostbackend) var(req.base),map_dir(/etc/haproxy/maps/_front_https_host__prefix.map)
http-request set-header X-Forwarded-Proto https
http-request del-header X-SSL-Client-CN
http-request del-header X-SSL-Client-DN
http-request del-header X-SSL-Client-SHA1
http-request del-header X-SSL-Client-Cert
use_backend %[var(req.hostbackend)] if { var(req.hostbackend) -m found }
use_backend %[var(req.defaultbackend)]
default_backend _error404
生成的地图/_front_https_host__prefix.map
my-service.dev.aws.company.local#/ my-service_my-service_https