如果我理解您在看什么,您想区分您的入站流量并根据您的入站流量进入的端口发送到服务吗?
您也许可以使用AWS Load Balancer Controller 完成此操作。我没有使用 http-header 在这个配置中测试过下面的对象,但我自己确实使用了非常相似的东西。我认为这可能值得基于documentation from AWS here 进行测试。不过,您需要对此进行试验。此示例还假设集群中的每个服务都在侦听您用来引导流量的同一端口——这可以很容易地更改为您的服务实际侦听的任何端口。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: example
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/security-groups: sg-01234567898765432
alb.ingress.kubernetes.io/ip-address-type: ipv4
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}, {"HTTP": 8180}, {"HTTP": 8181}]'
alb.ingress.kubernetes.io/actions.response-503: >
{"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain","statusCode":"503","messageBody":"Unknown Host"}}
alb.ingress.kubernetes.io/actions.some-webpage: >
{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"some-webpage","servicePort":80,"weight":100}]}}
alb.ingress.kubernetes.io/conditions.some-webpage: >
[{"field":"http-header","HttpHeaderConfig":{"HttpHeaderName":"Host","Values":["example.com:80"]}}]
alb.ingress.kubernetes.io/actions.app1-reachable-via-port: >
{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"app1-reachable-via-port","servicePort":8180,"weight":100}]}}
alb.ingress.kubernetes.io/conditions.app1-reachable-via-port: >
[{"field":"http-header","HttpHeaderConfig":{"HttpHeaderName":"Host","Values":["example.com:8180"]}}]
alb.ingress.kubernetes.io/actions.app2-reachable-via-port: >
{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"app2-reachable-via-port","servicePort":8181,"weight":100}]}}
alb.ingress.kubernetes.io/conditions.app2-reachable-via-port: >
[{"field":"http-header","HttpHeaderConfig":{"HttpHeaderName":"Host","Values":["example.com:8181"]}}]
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/load-balancer-attributes: routing.http2.enabled=true,idle_timeout.timeout_seconds=600
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:999999999999:certificate/11111111-1111-1111-1111-111111111111,arn:aws:acm:us-east-2:999999999999:certificate/22222222-2222-2222-2222-222222222222
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-2016-08
spec:
backend:
serviceName: response-503
servicePort: use-annotation
rules:
- http:
paths:
- backend:
serviceName: ssl-redirect
servicePort: use-annotation
- backend:
serviceName: some-webpage
servicePort: use-annotation
- backend:
serviceName: app1-reachable-via-port
servicePort: use-annotation
- backend:
serviceName: app2-reachable-via-port
servicePort: use-annotation
另一种解决方案可能是 ALB TargetGroupBinding。您失去了允许 EKS 代表您配置和管理 ALB 和目标组的一些优势,但您可以完全控制 ALB 和目标组配置。使用 TargetGroupBinding,您仍然需要集群中的 AWS Load Balancer Controller,但您自己创建 ALB 和目标组,然后使用 TargetGroupBinding 对象将集群中的服务映射到特定的目标组 ARN:
apiVersion: elbv2.k8s.aws/v1beta1
kind: TargetGroupBinding
metadata:
name: demo1-tgb
spec:
serviceRef:
name: demo1-service
port: 80
targetGroupARN: arn:aws:elasticloadbalancing:us-east-2:121212121212:targetgroup/my-target-group/cbc9f05b05caea6b
祝你好运 - 请在按要求运行后再次更新。