发现大部分架构都是 nginx 代理后端,挂载前端提供服务。但是放到 k8s 还得单独启动个 nginx 部署前端,这就造成两个问题。
- 1:配置复杂,每加有新的服务调用,不仅要改 ingress,web 服务的 nginx 配置文件也需要修改。
- 2:访问复杂,变成了 dns>ingress>web>后端
经过修改,我们的架构图
1 正常需要添加的参数
1
2
3
4
5
6
7
8
9
| nginx.ingress.kubernetes.io/client-body-buffer-size: 2m
nginx.ingress.kubernetes.io/enable-access-log: 'true'
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/proxy-body-size: 10m
nginx.ingress.kubernetes.io/proxy-buffer-size: 2m
nginx.ingress.kubernetes.io/proxy-buffers-number: '32'
nginx.ingress.kubernetes.io/proxy-connect-timeout: '3600'
nginx.ingress.kubernetes.io/proxy-read-timeout: '3600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
|
2 http 跳转到 HTTPS
1
| nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
3 解决跨域
使用上面的方案唯一的缺点是需要解决跨域,ingress 需要允许,后端代码需要允许跨域
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| kubectl.kubernetes.io/last-applied-configuration: |
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728008;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,PATCH,OPTIONS';
return 200;
}
nginx.ingress.kubernetes.io/cors-allow-credentials: 'true'
nginx.ingress.kubernetes.io/cors-allow-headers: >-
DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,token,Cookie
nginx.ingress.kubernetes.io/cors-allow-methods: 'PUT, GET, POST, OPTIONS'
nginx.ingress.kubernetes.io/cors-allow-origin: '*'
nginx.ingress.kubernetes.io/enable-cors: 'true'
|
检测是否生效,主要看响应头
