AWS Ingress Controller 似乎忽略了主机名规则

我正在尝试将前端应用程序部署到 Amazon EKS。这个概念是，将有两种部署和两种服务（

frontend-service

和

stg-frontend-service

），一种用于生产，一种用于登台。

最重要的是，将有一个入口 ALB，它将根据主机名重定向流量。即，如果主机名是

www.project.io

，流量将被路由到

frontend-service

，如果主机名是

stg-project.io

，流量将被路由到

stg-frontend-service

。

这是我的部署和入口配置

stg-frontend-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: stg-frontend-deployment
  namespace: project
spec:
  replicas: 3
  selector:
    matchLabels:
      app: stg-frontend
  template:
    metadata:
      labels:
        app: stg-frontend
    spec:
      containers:
        - name: stg-frontend
          image: STAGING_IMAGE
          imagePullPolicy: Always
          ports:
            - name: web
              containerPort: 3000
      imagePullSecrets:
        - name: project-ecr

---

apiVersion: v1
kind: Service
metadata:
  name: stg-frontend-service
  namespace: project
spec:
  selector:
    app: stg-frontend
  ports:
  - protocol: TCP
    port: 80
    targetPort: 3000

stg-prod-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-deployment
  namespace: project
spec:
  replicas: 3
  selector:
    matchLabels:
      app: frontend
  template:
    metadata:
      labels:
        app: frontend
    spec:
      containers:
        - name: frontend
          image: PRODUCTION_IMAGE
          imagePullPolicy: Always
          ports:
            - name: web
              containerPort: 3000
      imagePullSecrets:
        - name: project-ecr

---

apiVersion: v1
kind: Service
metadata:
  name: frontend-service
  namespace: project
spec:
  selector:
    app: frontend
  ports:
  - protocol: TCP
    port: 80
    targetPort: 3000

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: project-ingress
  namespace: project
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
  - host: www.project.io
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 80
  - host: stg.project.io
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: stg-frontend-service
            port:
              number: 80

后来，我使用 Route 53 将流量从两个域路由到 ALB。

+----------------+------+---------+-----------------------------------------------------+
|  Record Name   | Type | Routing |               Value/Route traffic to                |
+----------------+------+---------+-----------------------------------------------------+
| www.project.io | A    | Simple  | dualstack.k8s-********.us-west-1.elb.amazonaws.com. |
| stg.project.io | A    | Simple  | dualstack.k8s-********.us-west-1.elb.amazonaws.com. |
+----------------+------+---------+-----------------------------------------------------+

问题是，ALB 入口始终将流量路由到第一个规范规则。在上面的配置中，第一条规则是主机

www.project.io

，它指的是

frontend-service

。每当我尝试访问

www.project.io

或

stg.project.io

时，它都会向我显示来自

frontend-service

的响应。

后来，我切换了规则，将暂存规则放在第一位，然后它就在两个域上显示了暂存服务。

我什至创建了一个像

junk.project.io

这样的虚拟记录并指向负载均衡器，它仍然有效并向我显示了相同的响应，即使

junk.project.io

未包含在我的入口配置中。

在我看来，Ingress Config 完全忽略了主机名是什么，并且总是从第一条规则返回响应。

-

  - host: www.project.io
    http: # I removed the hyphen here
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 80
  - host: stg.project.io
    http: # I removed the hyphen here
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: stg-frontend-service
            port:
              number: 80