kubernetes-ingress

问题 We are on Kubernetes and use Istio Service Mesh. Currently, there is SSL Termination for HTTPS in Gateway. I see in the istio-proxy logs that the HTTP protocol is HTTP 1.1. I want to upgrade HTTP 1.1 to HTTP2 due to its various advantages. Clients should call our services HTTP2 over SSL/TLS. I am using this blog for an internal demo on this topic. These are the bottlenecks: 1) I want to propose a plan which will causes least amount of changes. I understand I need to update the Gateway from

问题 I am using this Ingress it is similar to Nginx: https://cloud.ibm.com/docs/containers?topic=containers-ingress_annotation#general When I do: request -> LoadBalancer Service -> client source public IP returned request -> Ingress -> LoadBalancer Service -> some private IP returned I would like to preserve the client source public IP. In my Service I am setting ExternalTrafficPolicy: Local , and it works when hitting the LoadBalancer directly, but I do not know what setting I require when going

问题 I have a small java webapp comprising of three microservices - api-service , book-service and db-service all of which are deployed on a kubernetes cluster locally using minikube. I am planning to keep separate UIs for api-service and book-service , with the common static files served from a separate pod, probably an nginx:alpine image. I was able to create a front end that serves the static files from nginx:alpine referring to this tutorial. I would like to use ingress-nginx controller for

问题 I've a simple kubernetes ingress network. I need deny the access some critical paths like /admin or etc. My ingress network file shown as below. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-test spec: rules: - host: host.host.com http: paths: - path: /service-mapping backend: serviceName: /service-mapping servicePort: 9042 How I can deny the custom path with kubernetes ingress network, with nginx annonations or another methods . I handle this issue with annotations

问题 I have a backend using https. I want to separate load on that back-end based on URL/path. I decided to use ingress to do this url/path based logic in order to move traffic to different back-ends ( same back-ends , just duplicated to different NodePorts ) my question is how I can configure the ingress to receive https requests and to forward those https requests to the https back-end? thanks edit: I added the yaml file: spec: rules: - http: paths: - backend: serviceName: service servicePort:

问题 My Kubernetes cluster uses a replicaSet to run N similar pods. Each pod can only handles one websocket connection du to resource limitations. My Kubernetes uses a nginx ingress controller. Is there any way to make nginx dispatch only one incoming websocket connection per pod and in case of lack of available pods, refuses the incoming connection ? 回答1: I'm not super familiar with the Kubernetes Nginx ingress setup, but assuming it exposes some of the Nginx configuration options for setting up

问题 I am installing istio version 1.1.5 on Azure kubernetes services. i have followed the installation procedure mentioned in this istio site isito installation I have installed istio-demo installation pack. after successful installation,few resources are not starting... NAME READY STATUS RESTARTS AGE grafana-6b849f66c8-hfn24 1/1 Running 0 10h istio-citadel-6f958bff99-r4jdj 1/1 Running 0 10h istio-galley-64867c7ddc-jggxx 1/1 Running 0 10h istio-grafana-post-install-1.1.5-8mstl 0/1 Completed 0 10h

问题 So that a browser would show the login page if no authentication is provided, but the backend would accept calls with a valid bearer token header as well. Is that possible? If so, how? We have several kubernetes services in the same namespace behind an ingress and annotated the ingress with ingress.bluemix.net/appid-auth: "bindSecret=binding-appidname namespace=somenamespace requestType=api serviceName=service-a" requestType=web will work too, but requestType=api,web does not work, neither

问题 We have a k8s cluster with an nginx Ingress and Minio installed. In Minio I have a bucket called tester with a hello world index.html file. I used the Minio MC client to set the tester bucket to public. Now I am able to see the hello world file when I visit my (altered) minio url like so: https://minio.example.com/tester/index.html . My goal is to set up an Ingress resource to access the public bucket. Here is my manifest to try and do so, however I only ever get a 404 error . . . ingress

问题 I've recently asked a question about how to structure multiple applications which should be bundled together and am thinking of going down a route of having each separate application have it's own Helm chart and own ingress controller. This would allow for CI/CD to update each component easily without affecting the rest. I was also thinking about using a "Umbrella" chart to specify versions of the other charts when it comes to actual releases and keep that in another repo. However, when using