文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >会话亲和性cookie不再工作(Kubernetes with Nginx ingress)

会话亲和性cookie不再工作(Kubernetes with Nginx ingress)
EN

Stack Overflow用户
提问于 2021-01-03 19:44:21
回答 1查看 703关注 0票数 1

我们的Azure AKS - Kubernetes环境升级到Kubernetes版本1.19.3迫使我也将我的Nginx helm.sh/chart升级到nginx-ingress 0.7.1。结果,我被迫将API版本定义更改为networking.k8s.io/v1,因为我的DevOps管道相应地失败了(对旧API的警告导致了一个错误)。但是,现在我遇到了这样的问题:我的会话亲和性注释被忽略了,并且在响应中没有设置会话cookie。

我拼命地更改名字,尝试不同的无关博客帖子,以某种方式解决这个问题。

任何帮助都将不胜感激。

我目前的nginx yaml (为了增强可读性,我去掉了状态/管理字段标签):

代码语言:javascript
复制
kind: Deployment
apiVersion: apps/v1
metadata:
  name: nginx-ingress-infra-nginx-ingress
  namespace: ingress-infra 
  labels:
    app.kubernetes.io/instance: nginx-ingress-infra
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nginx-ingress-infra-nginx-ingress
    helm.sh/chart: nginx-ingress-0.7.1
  annotations:
    deployment.kubernetes.io/revision: '1'
    meta.helm.sh/release-name: nginx-ingress-infra
    meta.helm.sh/release-namespace: ingress-infra
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx-ingress-infra-nginx-ingress
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx-ingress-infra-nginx-ingress
      annotations:
        prometheus.io/port: '9113'
        prometheus.io/scrape: 'true'
    spec:
      containers:
        - name: nginx-ingress-infra-nginx-ingress
          image: 'nginx/nginx-ingress:1.9.1'
          args:
            - '-nginx-plus=false'
            - '-nginx-reload-timeout=0'
            - '-enable-app-protect=false'
            - >-
              -nginx-configmaps=$(POD_NAMESPACE)/nginx-ingress-infra-nginx-ingress
            - >-
              -default-server-tls-secret=$(POD_NAMESPACE)/nginx-ingress-infra-nginx-ingress-default-server-secret
            - '-ingress-class=infra'
            - '-health-status=false'
            - '-health-status-uri=/nginx-health'
            - '-nginx-debug=false'
            - '-v=1'
            - '-nginx-status=true'
            - '-nginx-status-port=8080'
            - '-nginx-status-allow-cidrs=127.0.0.1'
            - '-report-ingress-status'
            - '-external-service=nginx-ingress-infra-nginx-ingress'
            - '-enable-leader-election=true'
            - >-
              -leader-election-lock-name=nginx-ingress-infra-nginx-ingress-leader-election
            - '-enable-prometheus-metrics=true'
            - '-prometheus-metrics-listen-port=9113'
            - '-enable-custom-resources=true'
            - '-enable-tls-passthrough=false'
            - '-enable-snippets=false'
            - '-ready-status=true'
            - '-ready-status-port=8081'
            - '-enable-latency-metrics=false'

我的服务名account的入口配置:

代码语言:javascript
复制
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: account
  namespace: infra
  resourceVersion: '194790'
  labels:
    app.kubernetes.io/managed-by: Helm
  annotations:
    kubernetes.io/ingress.class: infra
    meta.helm.sh/release-name: infra
    meta.helm.sh/release-namespace: infra
    nginx.ingress.kubernetes.io/affinity: cookie
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffering: 'on'
    nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
spec:
  tls:
    - hosts:
        - account.infra.mydomain.com
      secretName: my-default-cert **this is a self-signed certificate with cn=account.infra.mydomain.com
  rules:
    - host: account.infra.mydomain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              serviceName: account
              servicePort: 80
status:
  loadBalancer:
    ingress:
      - ip: 123.123.123.123 **redacted**

我的帐户服务yaml

代码语言:javascript
复制
kind: Service
apiVersion: v1
metadata:
  name: account
  namespace: infra
  labels:
    app.kubernetes.io/instance: infra
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: account
    app.kubernetes.io/version: latest
    helm.sh/chart: account-0.1.0
  annotations:
    meta.helm.sh/release-name: infra
    meta.helm.sh/release-namespace: infra
spec:
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
  selector:
    app.kubernetes.io/instance: infra
    app.kubernetes.io/name: account
  clusterIP: 10.0.242.212
  type: ClusterIP
  sessionAffinity: ClientIP **just tried to add this setting to the service, but does not work either**
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800
status:
  loadBalancer: {}
nginx
kubernetes
cookies
session-affinity
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2021-01-03 20:55:00

好吧,这个问题与上面显示的任何配置都没有关系。nginx pod的调试日志中充满了关于kube-control名称空间的错误消息。我完全删除了Nginx helm图表,并使用了Microsoft建议的存储库:

https://docs.microsoft.com/en-us/azure/aks/ingress-own-tls

代码语言:javascript
复制
# Create a namespace for your ingress resources
kubectl create namespace ingress-basic

# Add the ingress-nginx repository
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

# Use Helm to deploy an NGINX ingress controller
helm install nginx-ingress ingress-nginx/ingress-nginx \
    --namespace ingress-basic \
    --set controller.replicaCount=2 \
    --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux
票数 1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/65549436

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档