问题
I have two AKS clusters as primary and secondary in two different regions. I want to use Azure traffic manager for the the Priority based endpoint monitoring and fail-over mechanism on the primary and secondary clusters. I got two services: A and B that routes at the relative path /service-a and /service-b respectively. I have nginx ingress controller on each cluster with PIP mapped to the custom host aks-primary.xyz.com and aks-secondary.xyz.com respectively.
The services are reachable on the below paths:
On Primary Custer:
https://aks-primary.xyz.com/service-a
https://aks-primary.xyz.com/service-b
On secondary cluster:
https://aks-secondary.xyz.com/service-a
https://aks-secondary.xyz.com/service-b
I added the primary and secondary host aks-primary.xyz.com and aks-secondary.xyz.com as the endpoint in the Azure Traffic Manager for priority based routing. I added the probe path /healthz and port 443. My endpoints are online.
I added the custom domain for the ATM FQDN my-atm.trafficmanager.net to aks.xyz.com I am unable to reach to my services on below paths
https://aks.xyz.com/service-a
https://aks.xyz.com/service-b
Please suggest.
回答1:
I got this resolved.
I added the ingress with two hosts on each cluster.
hosts: aks-primary.xyz.com and aks.xyz.com on cluster aks primary.
hosts: aks-secondary.xyz.com and aks.xyz.com on cluster aks secondary.
A sample ingress on cluster aks primary:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-atm
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: aks-primary.xyz.com
http:
paths:
- backend:
serviceName: service-a
servicePort: 80
path: /service-a
- backend:
serviceName: service-b
servicePort: 80
path: /service-b
- host: aks.xyz.com
http:
paths:
- backend:
serviceName: service-a
servicePort: 80
path: /service-a
- backend:
serviceName: service-b
servicePort: 80
path: /service-b
tls:
- hosts:
- aks-primary.xyz.com
secretName: tls-secret-wildcard-for-xyz-com
- hosts:
- aks.xyz.com
secretName: tls-secret-wildcard-for-xyz-com`
Cheers!
来源:https://stackoverflow.com/questions/62113650/unable-to-reach-services-via-azure-traffic-manager-and-nginx-ingress-on-aks