A cikin wannan labarin, Ina so in yi magana game da siffofi guda biyu na NGINX Ingress da suka danganci nuna shafukan kuskure na sirri, da kuma iyakokin da ke cikin su da kuma hanyoyin da za a yi aiki a kusa da su.
1. Canza tsoho baya
Ta hanyar tsoho, NGINX Ingress yana amfani da tsohowar baya, wanda ke yin aikin da ya dace. Wannan yana nufin cewa lokacin da ake buƙatar Ingress da ke ƙayyade rundunar da ba ta cikin albarkatun Ingress, muna karɓar shafi mai zuwa tare da lambar amsa ta 404:
Koyaya, sau da yawa abokan cinikinmu suna zuwa tare da buƙatun nuna shafinsu tare da tambarin kamfani da sauran abubuwan more rayuwa maimakon daidaitaccen 404. Don yin wannan, NGINX Ingress yana da sake bayyana default-backend-service. Mun wuce tsarin shigarwa azaman hujja zuwa zaɓi na suna iri ɗaya namespace/servicename. Ya kamata tashar tashar sabis ta zama 80.
Don yin wannan, kuna buƙatar ƙirƙirar kwaf ɗin ku (aiwatar da aiki) da sabis tare da aikace-aikacenku ( daga ingress-nginx repository), wanda za a ba a maimakon tsoho baya.
Ga karamin misali:
~$ curl -i -XGET http://sadsdasdas.kube-cloud.my/
HTTP/1.1 404 Not Found
Date: Mon, 11 Mar 2019 05:38:15 GMT
Content-Type: */*
Transfer-Encoding: chunked
Connection: keep-alive
<span>The page you're looking for could not be found.</span>
Don haka duk wuraren da ba a ƙirƙira su ta hanyar YAML tare da su ba kind: Ingress, fada cikin tsoho-baya. A cikin lissafin da ke sama, wannan yanki ya zama sadsdasdas.
2. Magance kurakuran HTTP a cikin aikace-aikacen ta amfani da tsohowar baya
Wani yanayi shine buƙatun da ke ƙarewa a cikin kurakuran HTTP (404, 500, 502...) zuwa aikace-aikacen da ba ya aiwatar da irin waɗannan yanayi (ba a samar da kyawawan shafukan da suka dace ba). Wannan kuma yana iya kasancewa saboda sha'awar masu haɓakawa don hidimar shafukan kuskure iri ɗaya a cikin aikace-aikace da yawa.
Don aiwatar da wannan harka a gefen uwar garken muna buƙatar:
- Bi umarnin da ke sama daga sakin layi game da tsohowar baya;
- Ƙara maɓalli zuwa nginx-ingress saitin ConfigMap
custom-http-errors, misali, tare da darajar404,503(a fili ya yi daidai da lambobin kuskure waɗanda sabuwar doka ta rufe).
An sami sakamakon da ake tsammanin: lokacin da aikace-aikacen abokin ciniki ke gudana kuma ya sami kuskure tare da lambar amsawa 404 ko 503, za a tura buƙatar ta atomatik zuwa sabon tsohuwar baya ...
Koyaya, lokacin haɓaka aikace-aikacen don tsoho baya da kurakurai-http-, kuna buƙatar la'akari da muhimmin fasali:
!!! Important The custom backend is expected to return the correct HTTP status code instead of 200. NGINX does not change the response from the custom default backend.Gaskiyar ita ce, lokacin da aka tura buƙatun, masu buga kai za su ƙunshi bayanai masu amfani tare da lambar amsawa ta baya da ƙarin bayani (cikakkiyar jerin su yana samuwa. ).
Wannan yana nufin cewa kai kanka dole ne kula da daidai lambar amsawa. daga takardun yadda yake aiki.
Aikace-aikace daban-daban suna da tsohowar baya daban-daban
Don tabbatar da cewa mafita ba ta duniya ba ce ga duka tari, amma ta shafi takamaiman aikace-aikace, da farko kuna buƙatar bincika sigar Ingress. Idan yayi daidai 0.23 ko sama da haka, yi amfani da bayanan Ingress na asali:
- Za mu iya sokewa
default-backendto kowane Ingress's ; - Za mu iya sokewa
custom-http-errorsto kowane Ingress's .
A sakamakon haka, albarkatun Ingress zai yi kama da wani abu kamar haka:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Chart.Name }}-app2
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/custom-http-errors: "404,502"
nginx.ingress.kubernetes.io/default-backend: error-pages
spec:
tls:
- hosts:
- app2.example.com
secretName: wildcard-tls
rules:
- host: app2.example.com
http:
paths:
- path: /
backend:
serviceName: {{ .Chart.Name }}-app2
servicePort: 80A wannan yanayin, kurakurai 404 da 502 za a karkatar da su zuwa sabis na shafukan kuskure tare da duk masu kai da ake bukata.
В Sigar baya na Ingress ba su da wannan fasalin (). Kuma idan kuna da aikace-aikacen daban-daban guda 2 waɗanda ke gudana a cikin cluster ɗinku kuma kuna son tantance sabis na tsoho-backend daban-daban da sarrafa lambobin kuskure daban-daban ga kowannen su, don wannan dole ne ku yi amfani da hanyoyin aiki, waɗanda muke da guda biyu.
Ƙaddamarwa <0.23: kusanci ɗaya
Wannan zaɓin ya fi sauƙi. A matsayin aikace-aikacen da ke aiki da shafukansa, muna da HTML na yau da kullum, wanda bai san yadda ake kallon masu kai da mayar da lambobin amsa daidai ba. Ana fitar da irin wannan aikace-aikacen tare da Ingress daga url /error-pages, kuma a cikin catalog ws za a mayar da HTML.
Misali a cikin YAML:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Chart.Name }}-app2
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/server-snippet: |
proxy_intercept_errors on;
error_page 500 501 502 503 504 @error_pages;
location @error_pages {
rewrite ^ /error-pages/other/index.html break;
proxy_pass http://error-pages.prod.svc.cluster.local;
}
spec:
tls:
- hosts:
- app2.example.com
secretName: wildcard-tls
rules:
- host: app2.example.com
http:
paths:
- path: /
backend:
serviceName: {{ .Chart.Name }}-app2
servicePort: 80Dole ne sabis ɗin wannan turawa ya kasance na nau'in ClusterIP.
A lokaci guda, a cikin aikace-aikacen da za mu aiwatar da kuskuren, a cikin Ingress muna ƙara snippet-snippet ko sanyi-snippet tare da abun ciki mai zuwa:
nginx.ingress.kubernetes.io /server-snippet: |
proxy_intercept_errors on;
error_page 500 501 502 503 504 @error_pages;
location @error_pages {
rewrite ^ /error-pages/ws/index.html break;
proxy_pass http://error-pages.prod.svc.cluster.local;
}Ƙaddamarwa <0.23: hanya ta biyu
Zaɓin aikace-aikacen da zai iya sarrafa rubutun kai... Kuma gabaɗaya wannan ita ce hanya mafi daidai, aro daga kuskuren http- custom. Yin amfani da shi da hannu (kwafi) zai ba ku damar canza saitunan duniya.
Matakan sune kamar haka. Mun halitta tare da aikace-aikacen da zai iya sauraron kanun labarai masu mahimmanci kuma ya amsa daidai. Ƙara snippet uwar garken zuwa aikace-aikacen Ingress tare da abun ciki mai zuwa:
nginx.ingress.kubernetes.io /server-snippet: |
proxy_intercept_errors off;
error_page 404 = @custom_404;
error_page 503 = @custom_503;
location @custom_404 {
internal;
proxy_intercept_errors off;
proxy_set_header X-Code 404;
proxy_set_header X-Format $http_accept;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Namespace $namespace;
proxy_set_header X-Ingress-Name $ingress_name;
proxy_set_header X-Service-Name $service_name;
proxy_set_header X-Service-Port $service_port;
proxy_set_header Host $best_http_host;
rewrite ^ /error-pages/ws/index.html break;
proxy_pass http://error-pages.prod.svc.cluster.local;
}
location @custom_503 {
internal;
proxy_intercept_errors off;
proxy_set_header X-Code 503;
proxy_set_header X-Format $http_accept;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Namespace $namespace;
proxy_set_header X-Ingress-Name $ingress_name;
proxy_set_header X-Service-Name $service_name;
proxy_set_header X-Service-Port $service_port;
proxy_set_header Host $best_http_host;
rewrite ^ /error-pages/ws/index.html break;
proxy_pass http://error-pages.prod.svc.cluster.local;
}Kamar yadda kake gani, ga kowane kuskuren da muke son aiwatarwa, muna buƙatar yin namu wurin, inda za a shigar da duk abin da ake bukata, kamar yadda yake a cikin "yan ƙasa". . Ta wannan hanyar za mu iya ƙirƙirar shafukan kuskure daban-daban har ma ga kowane wurare da sabar.
PS
Sauran daga jerin shawarwari da dabaru na K8s:
- «";
- «";
- «";
- «".
Karanta kuma a kan shafinmu:
- «";
- «".
source: www.habr.com