NGINX Ingress与Helm -配置速率限制响应代码

6tr1vspr  于 2023-10-17  发布在  Nginx
关注(0)|答案(1)|浏览(132)

我试图为我的nginx入口设置limit-req-status-code,但我没有这样做。根据文档,此设置属于ConfigMap(与作为注解的其他速率限制设置相反)。我创建了一个Map,但设置没有得到尊重。我怎么知道?我已经使用fortio运行到速率限制,它仍然返回503。
我试着找出如何正确命名Map,并尝试了很多不同的名称,如建议in these answers,没有效果。我也试着手动传递Map名称到掌舵调用,也没有运气。这就是我现在所拥有的:
ingress-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-config
data:
  limit-req-status-code: "429"

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ include "fullname" . }}-ingress
  labels:
    app.kubernetes.io/name: {{ include "name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: "{{ .Release.Revision }}"
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/limit-rpm: "1000"
    nginx.ingress.kubernetes.io/limit-rps: "100"
spec:
  ingressClassName: "nginx-public"
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ include "fullname" . }}-service
                port:
                  name: http

部署调用

helm upgrade ${{ inputs.release-name }} ${{ inputs.working-directory }} \
          --install \
          --namespace=${{ inputs.aws-role-name }} \
          --wait \
          --timeout=5m0s \
          --atomic \
          --values=${{ inputs.working-directory }}/values.yaml \
          --values=${{ inputs.working-directory }}/values-${{ inputs.stage-name }}.yaml \
          --set controller.config.name=nginx-ingress-config \
          --set-string deployment.image.registry="${{ secrets.mgmt-aws-account-id }}.dkr.ecr.${{ inputs.mgmt-aws-region }}.amazonaws.com" \
          --set-string deployment.image.repository="${{ inputs.image-name }}" \
          --set-string deployment.image.digest="${{ inputs.image-digest }}" \
          --set-string database.user='${{ steps.fetch-secret-postgres-username.outputs.aws-secret-value }}' \
          --set-string database.password='${{ steps.fetch-secret-postgres-password.outputs.aws-secret-value }}'

我做错了什么?

ftf50wuq

ftf50wuq1#

我在another question中找到了一个解决方案:我可以将设置作为annotation中的配置片段传递:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ include "fullname" . }}-ingress
  labels:
    app.kubernetes.io/name: {{ include "name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: "{{ .Release.Revision }}"
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/limit-rpm: "{{ .Values.ingress.requestsPerMinute }}"
    nginx.ingress.kubernetes.io/limit-rps: "{{ .Values.ingress.requestsPerSecond }}"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      limit_req_status 429;                                      <<<< this is the important one
spec:
  ingressClassName: "nginx-public"
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ include "fullname" . }}-service
                port:
                  name: http

不需要安装Map和配置的controller.config.name。

相关问题