[转帖]Kubernetes 领进门 | 使用 Ingress-nginx 反向代理外部站点

kubernetes,进门,使用,ingress,nginx,反向,代理,外部,站点 · 浏览次数 : 0

小编点评

**ingress-nginx 反向代理原理** **步骤：** 1. 创建外部服务： ```yaml apiVersion: v1 metadata: name: gh-proxyspec type: ExternalName externalName: github.com ports: - name: https port: 443---kind: IngressapiVersion: networking.k8s.io/v1metadata: name: &name gh-proxy annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/upstream-vhost: github.comspec: rules: - host: gh.rehiy.com http: paths: - path: / pathType: Prefix backend: service: name: *name port: name: https tls: - secretName: gh.rehiy.com ``` 2. 修改 github.com 为目标域名： ``` apiVersion: v1 metadata: name: gh-proxy annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/upstream-vhost: github.comspec: rules: - host: gh.rehiy.com http: paths: - path: / pathType: Prefix backend: service: name: *name port: name: https tls: - secretName: gh.rehiy.com ``` 3. 修改 gh.rehiy.com 为预期域名： ``` apiVersion: v1 metadata: name: gh-proxy annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/upstream-vhost: github.comspec: rules: - host: gh.rehiy.com http: paths: - path: / pathType: Prefix backend: service: name: *name port: name: https tls: - secretName: gh.rehiy.com ``` 4. 应用变更操作： ``` kubectl apply -f gh-proxy.yaml ``` **注意：** - 您需要在 GitHub 上创建一个名为 gh.rehiy.com 的项目。 - 您需要创建一个名为 gh-proxy 的 Kubernetes 应用程序。 - 您需要创建一个名为 gh-proxy 的 Ingress 规则。

正文

https://cloud.tencent.com/developer/article/2187041

warning: 这篇文章距离上次修改已过204天，其中的内容可能已经有所变动。

本文旨在展示如何使用 ingress-nginx 作为反向代理加速集群外部服务原理。下文以反向代理 github 为例，读者自行修改域名即可。

创建外部服务及路由描述

1、修改 github.com 为目标域名
2、修改 gh.rehiy.com 为预期域名
3、将下列内容保存为 gh-proxy.yaml

kind: Service
apiVersion: v1
metadata:
  name: gh-proxy
spec:
  type: ExternalName
  externalName: github.com
  ports:
    - name: https
      port: 443
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: &name gh-proxy
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: 100m
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/upstream-vhost: github.com
spec:
  rules:
    - host: gh.rehiy.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: *name
                port:
                  name: https
  tls:
    - secretName: gh.rehiy.com

为避免阅读障碍，详细的优化参数并未包含在内，如有需求可自行琢磨。

应用变更

操作完成后，即可通过 gh.rehiy.com 访问 github.com 的内容

kubectl apply -f gh-proxy.yaml