解决多个内部Web服务的使用一个域名访问的问题
k8sService name,port代理转发
通过指定url模板 /proxyk8s/servicename.namespace:port/....的方式实现非K8s 请求代理转发
通过指定url模板 /proxy/host:port/....的方式实现
apiVersion: v1
kind: ConfigMap
metadata:
name: auxo-proxy-config
namespace: manage
data:
endpoints.conf: |
server
{
if ( $request_uri ~* \/proxyk8s\/([A-Za-z0-9|-]+)\.([A-Za-z0-9|-]+)\:([0-9|-]+)(\/*[\s\S]*) ) {
set $subk8s "$1.$2";
set $portk8s "$3";
set $parmk8s "$4";
}
if ( $request_uri ~* \/proxy\/([A-Za-z0-9|.]+)\:([0-9|-]+)(\/*[\s\S]*) ) {
set $sub "$1:$2";
set $parm "$3";
}
listen 80;
location ~* \/proxyk8s\/([A-Za-z0-9|-]+)\.([A-Za-z0-9|-]+)\:([0-9|-]+)(\/*[\s\S]*) {
rewrite ^\/proxyk8s\/([A-Za-z0-9|-]+)\.([A-Za-z0-9|-]+)\:([0-9|-]+)(\/*[\s\S]*) $parmk8s break;
resolver kube-dns.kube-system.svc.cluster.local valid=5s;
proxy_pass http://$subk8s.svc.cluster.local:$portk8s;
# auth_basic "Restricted";
# auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
}
location ~* \/proxy\/([0-9|-]+)(\/*[\s\S]*) {
rewrite ^\/proxy\/([0-9|-]+)(\/*[\s\S]*) $parm break;
# resolver kube-dns.kube-system.svc.cluster.local valid=5s;
proxy_pass $sub;
# auth_basic "Restricted";
# auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
}
}
.htpasswd: |
admin:$apr1$pP5p9B37$R9tFUko/sCvm4fjAKzri.0
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: auxo-proxy
namespace: manage
spec:
replicas: 1
selector:
matchLabels:
app: auxo-proxy
template:
metadata:
labels:
app: auxo-proxy
spec:
imagePullSecrets:
- name: harborkey
containers:
- name: auxo-proxy
image: nginx:1.17.0
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d/
readOnly: true
name: auxo-proxy-config
- mountPath: /var/log/nginx
name: log
volumes:
- name: auxo-proxy-config
configMap:
name: auxo-proxy-config
items:
- key: endpoints.conf
path: endpoints.conf
- key: .htpasswd
path: .htpasswd
- name: log
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: auxo-proxy
namespace: manage
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: auxo-proxy
---
