【发布时间】:2021-02-01 11:09:36
【问题描述】:
我在 GKE 集群中有一个入口控制器,ingress.class:
kubernetes.io/ingress.class: "nginx"
我希望为这个入口控制器分配一个静态 IP。我按照本教程创建和分配静态 ip:
https://cloud.google.com/kubernetes-engine/docs/tutorials/configuring-domain-name-static-ip
基本上我保留了一个静态 IP 并尝试使用以下方法将其分配给入口:
kubernetes.io/ingress.global-static-ip-name: "my-ingress-static-ip"
问题
ip地址入口没有更改为新分配的静态ip。
我应该如何将此静态 IP 分配给入口?
我的配置
使用以下方式部署的控制器:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.40.2/deploy/static/provider/cloud/deploy.yaml
我的入口 yaml:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: api-ingress
namespace: development
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
kubernetes.io/ingress.class: "nginx"
# Disallow http - Allowed only with gce controller
# kubernetes.io/ingress.allow-http: "false"
# Enable client certificate authentication
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
# Create the secret containing the trusted ca certificates
nginx.ingress.kubernetes.io/auth-tls-secret: "development/api-ingress-ca-secret"
# Specify the verification depth in the client certificates chain
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
# Automatically redirect http to https
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# Use regex in paths
nginx.ingress.kubernetes.io/use-regex: "true"
# For notifications we add the proxy headers
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Set a static ip for the ingress
kubernetes.io/ingress.global-static-ip-name: "my-ingress-static-ip"
spec:
tls:
- hosts:
- my-host.com
secretName: api-tls-certificate
rules:
- host: my-host.com
http:
paths:
- path: /(v[0-9]/.*)
backend:
serviceName: my-service
servicePort: 443
删除入口或控制器并没有解决问题。
【问题讨论】:
标签: kubernetes google-cloud-platform google-kubernetes-engine kubernetes-ingress nginx-ingress