检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
部署Nginx Ingress后状态为未就绪怎么办? 问题背景 创建Nginx Ingress后,Ingress处于“未就绪”状态。 解决方案 在创建Nginx Ingress前应为对应集群安装Nginx Ingress Controller插件,若未安装会导致Ingress处于
使用L7负载均衡Ingress-nginx Ingress-nginx控制器用于存储nginx配置,实现统一路由转发管理。关于Ingress-nginx的详细信息请参见Ingress-Nginx Controller和社区官方项目。 本小节将指导您为本地集群安装与使用Ingress-nginx。 约束与限制
容器镜像以nginx开头,不符合策略实例。 apiVersion: v1 kind: Pod metadata: name: nginx-disallowed spec: containers: - name: nginx image: nginx 父主题:
name: nginx-host-filesystem labels: app: nginx-host-filesystem-disallowed spec: containers: - name: nginx image: nginx
metadata: name: nginx-privileged-allowed labels: app: nginx-privileged spec: containers: - name: nginx image: nginx securityContext:
apiVersion: v1 kind: Pod metadata: name: nginx-host-networking-ports-allowed labels: app: nginx-host-networking-ports spec: hostNetwork:
metadata: name: nginx-readonlyrootfilesystem-allowed labels: app: nginx-readonlyrootfilesystem spec: containers: - name: nginx image:
metadata: name: nginx-volume-types-allowed labels: app: nginx-volume-types spec: containers: - name: nginx image: nginx volumeMounts:
name: nginx-privilege-escalation-allowed labels: app: nginx-privilege-escalation spec: containers: - name: nginx image: nginx
name: nginx-forbidden-sysctls-disallowed labels: app: nginx-forbidden-sysctls spec: containers: - name: nginx image: nginx securityContext:
beta.kubernetes.io/nginx: runtime/default labels: app: nginx-apparmor spec: containers: - name: nginx image: nginx 不符合策略实例的资源定义 示例
name: nginx-flexvolume-driver-allowed labels: app: nginx-flexvolume-driver spec: containers: - name: nginx image: nginx volumeMounts:
containers: - name: nginx image: nginx 不符合策略实例的资源定义 示例中hostPID和hostIPC均为true,不符合策略实例。 apiVersion: v1 kind: Pod metadata: name: nginx-host-namespace-disallowed
metadata: name: nginx-proc-mount-disallowed labels: app: nginx-proc-mount spec: containers: - name: nginx image: nginx securityContext:
alpha.kubernetes.io/nginx: runtime/default labels: app: nginx-seccomp spec: containers: - name: nginx image: nginx 不符合策略实例的资源定义 示例中的container
app: nginx replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx
name: nginx image: nginx 不符合策略实例的资源定义 Pod的automountServiceAccountToken字段设为true,不符合策略实例。 apiVersion: v1 kind: Pod metadata: name: nginx-au
略实例。 apiVersion: v1 kind: Pod metadata: name: nginx-users-allowed labels: app: nginx-users spec: securityContext: supplementalGroups:
metadata: name: nginx-selinux-allowed labels: app: nginx-selinux spec: containers: - name: nginx image: nginx securityContext:
0%流量路由到同命名空间下的nginx-v1服务的5566端口,将70%流量路由到同命名空间下的nginx-v2服务的5566端口。 验证基于流量比例的路由生效 等待几秒钟待新规则配置下发成功,通过网关访问目标服务nginx应用,查看路由规则是否生效。 查看方法如下: 在浏览器中输入地址
长按/截图保存,微信识别二维码
或者关注公众号“华为云”
