我遇到了大使(特使)的问题。大使不同时支持 HTTP 和 HTTPS。因此,作为一种解决方法,我必须部署两组大使(一组用于 HTTP,另一组用于 HTTPS)。我已经部署了两组大使。
NAME READY STATUS RESTARTS AGE
pod/ambassador-k7nlr 2/2 Running 0 55m
pod/ambassador-t2dbm 2/2 Running 0 55m
pod/ambassador-tls-7h6td 2/2 Running 0 107s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ambassador-admin NodePort 10.233.58.170 <none> 8877:30857/TCP 18d
service/ambassador-admin-tls NodePort 10.233.33.29 <none> 8878:32339/TCP 28m
service/ambassador-monitor ClusterIP None <none> 9102/TCP 18d
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/ambassador 2 2 2 2 2 node-role.kubernetes.io/node= 58m
daemonset.apps/ambassador-tls 1 1 1 1 1 node-role.kubernetes.io/node=tls 107s
下面是我想用于 http 的两组 pod
pod/ambassador-k7nlr 2/2 Running 0 55m
pod/ambassador-t2dbm 2/2 Running 0 55m
而这个用于 https
pod/ambassador-tls-7h6td 2/2 Running 0 107s
下面是我的服务注释
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Module
name: tls
config:
server:
secret: dashboard-certs
---
apiVersion: ambassador/v0
kind: Mapping
name: dashboard_test_mapping
host: dashboard.example.com
service: https://dashboard.test.svc.cluster.local
prefix: /
这里
apiVersion: ambassador/v0指的是两个大使集,所以我在服务注释中所做的任何更改都将反射(reflect)在这两个大使集中。我想为特定的大使守护进程 (HTTPS) 设置此服务注释。
有什么建议 ??
最佳答案
您可以使用 AMBASSADOR_ID为此,像这样:
getambassador.io/config: |
---
ambassador_id: ambassador-1
apiVersion: ambassador/v0
kind: Module
name: tls
config:
server:
secret: dashboard-certs
---
ambassador_id: ambassador-1
apiVersion: ambassador/v0
kind: Mapping
name: dashboard_test_mapping
host: dashboard.example.com
service: https://dashboard.test.svc.cluster.local
prefix: /
然后在 DaemonSet 的 env 变量中指定这个 id:
env:
- name: AMBASSADOR_ID
value: ambassador-1
引用文档:
https://www.getambassador.io/reference/running/#ambassador_id
关于kubernetes - 如何在同一个命名空间中部署多个大使守护进程 - kubernetes,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56129026/