NGINX Ingress with Helm - 配置速率限制响应代码

问题描述 投票:0回答:1

我正在尝试为我的 nginx 入口设置 

limit-req-status-code
,但我没有这样做。根据文档,此设置属于 ConfigMap(与作为注释的其他速率限制设置相反)。我创建了一个配置映射,但该设置没有得到尊重。我怎么知道?我已经使用 fortio 达到了速率限制,但它仍然返回 503。

我尝试找出如何正确命名地图,并尝试了很多不同的名称,如建议的在这些答案中,但没有效果。我还尝试手动将 configmap 名称传递给 helm 调用,但也没有成功。这就是我现在所拥有的:

ingress-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-config
data:
  limit-req-status-code: "429"

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ include "fullname" . }}-ingress
  labels:
    app.kubernetes.io/name: {{ include "name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: "{{ .Release.Revision }}"
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/limit-rpm: "1000"
    nginx.ingress.kubernetes.io/limit-rps: "100"
spec:
  ingressClassName: "nginx-public"
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ include "fullname" . }}-service
                port:
                  name: http

部署呼叫

helm upgrade ${{ inputs.release-name }} ${{ inputs.working-directory }} \
          --install \
          --namespace=${{ inputs.aws-role-name }} \
          --wait \
          --timeout=5m0s \
          --atomic \
          --values=${{ inputs.working-directory }}/values.yaml \
          --values=${{ inputs.working-directory }}/values-${{ inputs.stage-name }}.yaml \
          --set controller.config.name=nginx-ingress-config \
          --set-string deployment.image.registry="${{ secrets.mgmt-aws-account-id }}.dkr.ecr.${{ inputs.mgmt-aws-region }}.amazonaws.com" \
          --set-string deployment.image.repository="${{ inputs.image-name }}" \
          --set-string deployment.image.digest="${{ inputs.image-digest }}" \
          --set-string database.user='${{ steps.fetch-secret-postgres-username.outputs.aws-secret-value }}' \
          --set-string database.password='${{ steps.fetch-secret-postgres-password.outputs.aws-secret-value }}'

我做错了什么?

nginx kubernetes-helm nginx-ingress configmap
1个回答
0
投票

好吧,我在另一个问题中找到了解决方案:我可以将设置作为注释中的配置片段传递:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ include "fullname" . }}-ingress
  labels:
    app.kubernetes.io/name: {{ include "name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: "{{ .Release.Revision }}"
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/limit-rpm: "{{ .Values.ingress.requestsPerMinute }}"
    nginx.ingress.kubernetes.io/limit-rps: "{{ .Values.ingress.requestsPerSecond }}"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      limit_req_status 429;                                      <<<< this is the important one
spec:
  ingressClassName: "nginx-public"
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ include "fullname" . }}-service
                port:
                  name: http

configmap和配置的controller.config.name不是必需的。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.