本文永久链接: https://www.xtplayer.cn/ingress/persistent-ingress-custom-configuration/

ingress 控制器的某些配置需要在 system 项目下修改 ingress-nginx-controller 配置映射来实现,在 rancher-rke 集群中,ingress 由 rancher 运行的一个 job 来负责安装和更新。虽然手动修改配置映射的方式可以临时生效,在 k8s 集群进行大版本更新时,会触发 job 的重新运行,从而会覆盖之前的所有自定义配置。要持久化配置,需要通过以下方法固定配置。

  • RKE1

在 rke1 集群的 YAML 配置中,找到 ingress 层级,然后在 options 中添加自定义配置。示例配置如下:

ingress:
    default_backend: false
    http_port: 0
    https_port: 0
    options:
      access-log-path: /var/log/nginx/nginx_access.log
      compute-full-forwarded-for: 'true'
      error-log-path: /var/log/nginx/nginx_error.log
      log-format-escape-json: 'true'
      log-format-upstream: {"request_time": "$time_iso8601", "request_id": "$req_id","proxy_upstream_name": "$proxy_upstream_name", "proxy_alternative_upstream_name": "$proxy_alternative_upstream_name","upstream_status": "$upstream_status", "upstream_addr": "$upstream_addr","request_method": "$request_method", "request_host": "$host", "f5_ip": "$remote_addr", "request_uri": "$request_uri", "http_status": "$status","request_size": "$request_length", "upstream_response_size": "$upstream_response_length", "user_agent": "$http_user_agent", "original_ip": "$http_x_forwarded_for", "referer": "$http_referer", "request_time_taken": "$request_times", "upstream_response_time_taken": "$upstream_response_times", "request_protocol": "$server_protocol", "geoip_country_code": "$geoip_country_code", "geoip_city": "$geoip_city", "bytes_sent": "$bytes_sent"}
      server-tokens: 'false'
  • RKE2

可以根据文档 https://docs.rancher.cn/docs/rke2/networking/_index#nginx-ingress-controller ,使用 HelmChartConfig crd 来设置自定义配置,就是集群更新,自定义配置不会被覆盖。