使用Kubernete+Nginx做反向代理

使用Kubernete+Nginx做反向代理

整体说明

有两个服务:

方式1:使用2个不同的端口映射两个服务

思路:

k8s配置文件中,配置两个不同的nodePort,进行映射

k8s配置文件:

apiVersion: v1
kind: Service
metadata:
  name: nginx-tyyy
  labels:
    app: nginx
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 31010  #用于映射madrids服务
      name: madrids
    - port: 81
      targetPort: 81
      protocol: TCP
      nodePort: 31009  #用于映射oauth服务
      name: oauth
  type: NodePort
  selector:
    app: nginx
    tier: nginx-tyyy
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-tyyy
  labels:
    app: nginx
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nginx
        tier: nginx-tyyy
    spec:
      containers:
      - image: xxxx/library/nginx:latest
        name: nginx-tyyy
        ports:
        - containerPort: 80
          name: nginx-tyyy
        volumeMounts:
        - mountPath: "/etc/nginx/conf.d"
          name: nginx-config
      volumes:
      - name: nginx-config
        hostPath:
          path: "/opt/data/config/tyyy/nginx"  #Nginx配置文件放置位置


nginx配置文件:(default.conf

server {
    keepalive_requests 120; #单连接请求上限次数。
    listen       81;   #监听端口
    server_name  localhost;   #监听地址
    location / {       #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。
       proxy_pass  http://10.254.9.21:31047/;  #请求转向mysvr 定义的服务器列表
    }
}

server {
    listen       80;
    server_name  localhost;
    client_max_body_size 40960M;
    client_body_timeout  6000s;
    keepalive_timeout  60000;
    proxy_connect_timeout 60000;
    proxy_read_timeout 60000;
    #使用frame
    add_header X-Frame-Options SAMEORIGIN;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 2;
    gzip_types text/html application/javascript text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046/;
    }


    error_page  404              /404.html;
        location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache‘s document root
    # concurs with nginx‘s one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}

}

结果演示:
使用Kubernete+Nginx做反向代理

使用Kubernete+Nginx做反向代理

代理流程

k8s的配置文件中:

    - port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 31010  #用于映射madrids服务
      name: madrids
    - port: 81
      targetPort: 81
      protocol: TCP
      nodePort: 31009  #用于映射oauth服务
      name: oauth
  • 31010端口映射为Nginx服务的80端口
  • 31009端口映射为Nginx服务的81端口

80和81端口会在Nginx配置文件中体现;

server {
    keepalive_requests 120; 
    listen       81;   #监听端口, 当请求k8s服务的31009端口时,会转发到Nginx内部端口 81,所以这里针对81端口进行监听
    server_name  localhost;  
    location / {
       proxy_pass  http://10.254.9.21:31047/; # 转发到31047服务,即madrids服务
    }
}

server {
    listen       80; #监听端口, 当请求k8s服务的31010端口时,会转发到Nginx内部端口 80,所以这里针对80端口进行监听
    server_name  localhost;
    ...
    location / {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046/;  # 转发到31046服务,即oauth服务
    }
    ...
}    

方式2:使用相同的端口映射两个服务

Nginx配置文件:(default.conf)

server {
    listen       80;
    server_name  localhost;
    client_max_body_size 40960M;
    client_body_timeout  6000s;
    keepalive_timeout  60000;
    proxy_connect_timeout 60000;
    proxy_read_timeout 60000;
    #使用frame
    add_header X-Frame-Options SAMEORIGIN;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 2;
    gzip_types text/html application/javascript text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

    location ~* /v1/(users|tenants|organizations|frontend|roles|districts|userSubusers|pods|providers|capacity|applications)/ {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046; #注意,后面没有 "/"
    }

    location ~* /v1/(users|tenants|organizations|frontend|roles|districts|userSubusers|pods|providers|capacity|applications) {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31046;  #注意,后面没有 "/"
    }

    location /oauth/token/ {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31047;  #注意,后面没有 "/"
    }

    location /oauth/token {
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass   http://10.254.9.21:31047;  #注意,后面没有 "/"
    }


    error_page  404              /404.html;
        location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache‘s document root
    # concurs with nginx‘s one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}

}

location中proxy_pass说明

  • 当proxy_pass添加 "/" 后缀时,则 location的匹配路径不会作为URL的一部分
  • 当proxy_pass没有 "/" 后缀时,则 location的匹配路径会作为URL的一部分

使用Kubernete+Nginx做反向代理

使用Kubernete+Nginx做反向代理

上一篇:mysql和SqlServer 中取得汉字字段的各汉字首字母


下一篇:简单静态网站搭建——http