发现大部分架构都是 nginx 代理后端,挂载前端提供服务。但是放到 k8s 还得单独启动个 nginx 部署前端,这就造成两个问题。
- 1:配置复杂,每加有新的服务调用,不仅要改 ingress,web 服务的 nginx 配置文件也需要修改。
- 2:访问复杂,变成了 dns>ingress>web>后端
经过修改,我们的架构图
1 正常需要添加的参数
1 2 3 4 5 6 7 8 9
| nginx.ingress.kubernetes.io/client-body-buffer-size: 2m nginx.ingress.kubernetes.io/enable-access-log: 'true' nginx.ingress.kubernetes.io/enable-cors: 'true' nginx.ingress.kubernetes.io/proxy-body-size: 10m nginx.ingress.kubernetes.io/proxy-buffer-size: 2m nginx.ingress.kubernetes.io/proxy-buffers-number: '32' nginx.ingress.kubernetes.io/proxy-connect-timeout: '3600' nginx.ingress.kubernetes.io/proxy-read-timeout: '3600' nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
|
2 http 跳转到 HTTPS
1
| nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
3 解决跨域
使用上面的方案唯一的缺点是需要解决跨域,ingress 需要允许,后端代码需要允许跨域
1 2 3 4 5 6 7 8 9 10 11 12 13 14
| kubectl.kubernetes.io/last-applied-configuration: | if ($request_method = 'OPTIONS') { add_header 'Access-Control-Max-Age' 1728008; add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' '*'; add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,PATCH,OPTIONS'; return 200; } nginx.ingress.kubernetes.io/cors-allow-credentials: 'true' nginx.ingress.kubernetes.io/cors-allow-headers: >- DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,token,Cookie nginx.ingress.kubernetes.io/cors-allow-methods: 'PUT, GET, POST, OPTIONS' nginx.ingress.kubernetes.io/cors-allow-origin: '*' nginx.ingress.kubernetes.io/enable-cors: 'true'
|
检测是否生效,主要看响应头