背景:想要将外部访问xxx.yyy.com的流量,全部打到harbor.local.top:31888服务上,其中harbor.local.top是一个内部的域名。

我们需要自定义一个外部的Service,定义域名为harbor.local.top,实现访问这个Service即可访问外部的域名的服务。

kind: Service
apiVersion: v1
metadata:
  name: harbor-external-service
  namespace: harbor
spec:
  type: ExternalName
  sessionAffinity: None
  externalName: harbor.local.top

接着,我们需要定义一个Ingress去实现,将外部访问xxx.yyy.com的流量,全部打到harbor.local.top:31888服务上。

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: harbor-external-ingress
  namespace: harbor
  annotations:
    ingress.kubernetes.io/proxy-body-size: '0'
    ingress.kubernetes.io/ssl-redirect: 'true'
    meta.helm.sh/release-name: harbor
    meta.helm.sh/release-namespace: harbor
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/upstream-vhost: harbor.local.top
spec:
  ingressClassName: nginx
  rules:
    - host: xxx.yyy.com
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: harbor-external-service
                port:
                  number: 31888

最关键的是需要添加下面这项,用来表示请求该流量时,将Host设置为harbor.local.top。更多可以参考ingress-nginx-user-guide

nginx.ingress.kubernetes.io/upstream-vhost: harbor.local.top