我有多个服务需要公开到 Internet,但我想为它们使用单个 ALB。
我正在使用最新的AWS Load Balancer Controller,我一直在阅读这里的文档(https://kubernetes-sigs.github.io/aws-load-balancer-controller/guide/ingress/annotations/#traffic-routing ),但我还没有找到关于如何实现这一点的明确解释。
这是设置:
我有 service-a.example.com -and- service-b.example.com。他们每个人在 Amazon Certificate Manager 中都有自己的证书。
在 Kubernetes 中,每个都有自己的服务对象,定义如下(每个都是唯一的):
apiVersion: v1
kind: Service
metadata:
name: svc-a-service
annotations:
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthy-threshold-count: '5'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/healthcheck-path: /index.html
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '30'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/tags: Environment=Test,App=ServiceA
spec:
selector:
app: service-a
ports:
- port: 80
targetPort: 80
type: NodePort
每个服务都有自己的 Ingress 对象,定义如下(同样,每个服务都是唯一的,并且为每个服务指定了正确的证书):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: svc-a-ingress
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: services
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/security-groups: sg-01234567898765432 …amazon-web-services kubernetes kubernetes-ingress amazon-eks