重写目标注释破坏了所有入口规则

Question

我在一个集群中有 3 个入口规则，它们指向 3 个不同的服务/部署。

我希望每个配置为侦听/tenant 的应用程序响应它们各自的子路径，所以：

https://example.com/foo -> foo 服务 https://example.com/bar -> 酒吧服务

等等

foo 的入口规则如下所示。

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    meta.helm.sh/release-name: foo-platform
    meta.helm.sh/release-namespace: aks-foo-namespace
    nginx.ingress.kubernetes.io/client-header-buffer-size: 64k
    nginx.ingress.kubernetes.io/client_body_buffer_size: 64k
    nginx.ingress.kubernetes.io/http2-max-field-size: 16k
    nginx.ingress.kubernetes.io/http2-max-header-size: 128k
    nginx.ingress.kubernetes.io/large-client-header-buffers: 8 64k
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffers: 4 256k
    nginx.ingress.kubernetes.io/proxy-busy-buffers-size: 256k
  labels:
    app.kubernetes.io/managed-by: Helm
  name: foo-ingress
  namespace: foo
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          service:
            name: foo-service
            port:
              number: 80
        path: /foo1/(.*)
        pathType: Prefix
  tls:
  - hosts:
    - example.com
    secretName: example-tls-ingress

现在，这目前有效，但仅如果另一个不相关的命名空间配置如下：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    meta.helm.sh/release-name: bar-platform
    meta.helm.sh/release-namespace: aks-bar-namespace
    nginx.ingress.kubernetes.io/client-header-buffer-size: 64k
    nginx.ingress.kubernetes.io/client_body_buffer_size: 64k
    nginx.ingress.kubernetes.io/http2-max-field-size: 16k
    nginx.ingress.kubernetes.io/http2-max-header-size: 128k
    nginx.ingress.kubernetes.io/large-client-header-buffers: 8 64k
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffers: 4 256k
    nginx.ingress.kubernetes.io/proxy-busy-buffers-size: 256k
    nginx.ingress.kubernetes.io/rewrite-target: $1
  labels:
    app.kubernetes.io/managed-by: Helm
  name: bar-ingress
  namespace: bar
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          service:
            name: bar-service
            port:
              number: 80
        path: /bar/(.*)
        pathType: Prefix
  tls:
  - hosts:
    - example.com
    secretName: bar-tls-ingress

注意rewrite-target 注释似乎需要在那里。不幸的是，这意味着https://example.com/bar 没有正确响应，并在https://example.com/bar/bar 上配置

我查看了nginx.conf 的工作 foo 入口，并注意到如果存在rewrite-target 注释，则位置块完全不同。当它被破坏时，location 块被设置为location ~*，所以有些事情是不对的。

为 nginx-ingress 配置子路径的正确方法是什么？我怎样才能让所有 3 个应用程序都响应 https://example.com/app-tenant-name

Answer 1

理想情况下，情况并非如此，Nginx 不会崩溃左右。我建议稍微更新一下 path 和 re-write 注释并检查

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    meta.helm.sh/release-name: bar-platform
    meta.helm.sh/release-namespace: aks-bar-namespace
    nginx.ingress.kubernetes.io/client-header-buffer-size: 64k
    nginx.ingress.kubernetes.io/client_body_buffer_size: 64k
    nginx.ingress.kubernetes.io/http2-max-field-size: 16k
    nginx.ingress.kubernetes.io/http2-max-header-size: 128k
    nginx.ingress.kubernetes.io/large-client-header-buffers: 8 64k
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffers: 4 256k
    nginx.ingress.kubernetes.io/proxy-busy-buffers-size: 256k
    nginx.ingress.kubernetes.io/rewrite-target: $2
  labels:
    app.kubernetes.io/managed-by: Helm
  name: bar-ingress
  namespace: bar
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          service:
            name: bar-service
            port:
              number: 80
        path: /bar(/|$)(.*)
        pathType: Prefix
  tls:
  - hosts:
    - example.com
    secretName: bar-tls-ingress

更新了 bar 服务的 nginx.ingress.kubernetes.io/rewrite-target: $2 和路径更改。