Skip to content

reference

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/

ingress-nginx-controller ConfigMap

use-proxy-protocol

如果ingress-nginx-controller直接暴露在公网,设置为true

如果不暴露在公网,用nginx再代理一次,并且代理访问的时候还是用的 http:// ,那么设置为 false

github issue 链接

ingress annotations

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/

ConfigMap配置参考

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.10.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: "1.10.1"
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
data:
  allow-snippet-annotations: "false"
  compute-full-forwarded-for: "true"
  custom-http-errors: "404,500,501,502,503,504"
  enable-real-ip: "true"
  proxy-add-original-uri-header: "true"
  use-forwarded-headers: "true"
  use-proxy-protocol: "false"

ingress 配置参考

ingress 配置 https

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    # We can upload large files (extensions)
    nginx.ingress.kubernetes.io/proxy-body-size: "150m"
    # See
    # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
    # for more nginx annotations.
  labels:
    app: sourcegraph-frontend
    deploy: sourcegraph
    sourcegraph-resource-requires: no-cluster-admin
    app.kubernetes.io/component: frontend
  name: sourcegraph-frontend
spec:
  # See the customization guide (../../../docs/configure.md) for information
  # about configuring TLS
  # tls:
  # - hosts:
  #   - sourcegraph.example.com
  #   secretName: sourcegraph-tls
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: sourcegraph-frontend
                port:
                  number: 30080
      # If you're using TLS/SSL, uncomment the following line and replace 'sourcegraph.example.com' with the real
      # domain that you want to use for your Sourcegraph instance.
      # host: sourcegraph.example.com