阿里云ALB Ingress 高级用法
在Kubernetes集群中,ALB Ingress对集群服务(Service)中外部可访问的API对象进行管理,提供七层负载均衡能力。本文介绍如何使用ALB Ingress将来自不同域名或URL路径的请求转发给不同的后端服务器组、将HTTP访问重定向至HTTPS以及实现灰度发布等功能。
1)请求方向注解
alb.ingress.kubernetes.io/backend-keepalive: 'true'
alb.ingress.kubernetes.io/connection-drain-enabled: 'true'
alb.ingress.kubernetes.io/connection-drain-timeout: '300'
alb.ingress.kubernetes.io/cors-allow-credentials: 'true'
alb.ingress.kubernetes.io/cors-allow-headers: >-
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Forwarded-For
alb.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, OPTIONS'
alb.ingress.kubernetes.io/cors-allow-origin: '*'
alb.ingress.kubernetes.io/cors-expose-headers: '*'
alb.ingress.kubernetes.io/cors-max-age: '172800'
alb.ingress.kubernetes.io/enable-cors: 'true'
alb.ingress.kubernetes.io/enable-ipv6: 'true'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"QUIC": 443},{"HTTPS": 443}]'
alb.ingress.kubernetes.io/slow-start-duration: '30'
alb.ingress.kubernetes.io/slow-start-enabled: 'true'- 连接优雅中断
- alb.ingress.kubernetes.io/connection-drain-enabled: ‘true’
alb.ingress.kubernetes.io/connection-drain-timeout: ‘300’
- alb.ingress.kubernetes.io/connection-drain-enabled: ‘true’
- 跨域配置
- alb.ingress.kubernetes.io/cors-allow-credentials: ‘true’
alb.ingress.kubernetes.io/cors-allow-methods: ‘GET, PUT, POST, DELETE, PATCH, OPTIONS’
alb.ingress.kubernetes.io/cors-allow-origin: ‘*’
alb.ingress.kubernetes.io/cors-expose-headers: ‘*’
alb.ingress.kubernetes.io/cors-max-age: ‘172800’
alb.ingress.kubernetes.io/enable-cors: ‘true’
- alb.ingress.kubernetes.io/cors-allow-credentials: ‘true’
- 开启服务组ipv6挂载和HTTP3
- alb.ingress.kubernetes.io/enable-ipv6: ‘true’
alb.ingress.kubernetes.io/listen-ports: ‘[{“QUIC”: 443},{“HTTPS”: 443}]’
- alb.ingress.kubernetes.io/enable-ipv6: ‘true’
- 后端慢启动
- alb.ingress.kubernetes.io/slow-start-duration: ’30’
alb.ingress.kubernetes.io/slow-start-enabled: ‘true’
- alb.ingress.kubernetes.io/slow-start-duration: ’30’
- 会话保持
- alb.ingress.kubernetes.io/sticky-session-type: ‘Insert’
alb.ingress.kubernetes.io/cookie-timeout: 86400
- alb.ingress.kubernetes.io/sticky-session-type: ‘Insert’
- 后端长链接
- alb.ingress.kubernetes.io/backend-keepalive: ‘true’
2)响应方向自定义响应头,需要单独创建一个Ingress 作为响应配置
- 自定义响应头
alb.ingress.kubernetes.io/actions.service-name: |
alb.ingress.kubernetes.io/actions.website-service: |
[
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Access-Control-Allow-Headers",
"value": "*",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Access-Control-Allow-Method",
"value": "POST, OPTIONS, GET",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Frame-Options",
"value": "ALLOW-FROM https://*.obsbot.com",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Content-Type-Options",
"value": "nosniff",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Download-Options",
"value": "closed",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-XSS-Protection",
"value": "1; mode=block",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Pacific-Timestamp",
"value": "$time_iso8601",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Content-Security-Policy",
"value": "frame-ancestors 'self' https://*.obsbot.com https://*.obsbothk.com https://*.youtube.com",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Cache-Control",
"value": "no-cache",
"valueType": "UserDefined"
}
}
]
alb.ingress.kubernetes.io/rule-direction.service-name: Responsespec:
ingressClassName: alb
rules:
- host: demo.com
http:
paths:
- backend:
service:
name: service-name
port:
name: use-annotation
path: /
pathType: Prefix- alb.ingress.kubernetes.io/actions.service-name
- 注解中的service-name,需要和spec.rules里面的service-name 名字一样
- 删除spec.rules 里的Port字段,添加 name: use-annotation
3)请求方向自定义请求头,添加到对应的ALB Ingress 配置里面
alb.ingress.kubernetes.io/actions.website-jp-service: |
[
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Remo-Dealer-Proxy",
"value": "Japan",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Remo-Website-Base-Url",
"value": "https://demo.com",
"valueType": "UserDefined"
}
}
]- 接口请求头中会带上自定义的header,通过F12查看
可自行查看阿里云ALB 官网配置:ACK托管与专有集群_容器服务 Kubernetes 版 ACK(ACK)-阿里云帮助中心
starbucket
0
