senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/k8s/load-balancing/ingress-with-lb.yaml
senke f5bca2b642 v0.9.5
2026-03-06 10:02:53 +01:00

107 lines
3.3 KiB
YAML
Raw Blame History

# Enhanced Ingress with Load Balancing Configuration
# This ingress includes load balancing annotations and optimizations
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: veza-ingress
namespace: veza-production
annotations:
# Ingress class
kubernetes.io/ingress.class: nginx
# SSL/TLS
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-protocols: "TLSv1.2 TLSv1.3"
nginx.ingress.kubernetes.io/ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384"
nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: "true"
# Load Balancing
nginx.ingress.kubernetes.io/load-balance: "round_robin" # Options: round_robin, least_conn, ip_hash
# nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri" # For consistent hashing
# Connection Keep-Alive
nginx.ingress.kubernetes.io/upstream-keepalive-connections: "64"
nginx.ingress.kubernetes.io/upstream-keepalive-timeout: "60"
nginx.ingress.kubernetes.io/upstream-keepalive-requests: "100"
# Health Checks
nginx.ingress.kubernetes.io/health-check: "true"
nginx.ingress.kubernetes.io/health-check-path: "/health"
nginx.ingress.kubernetes.io/health-check-interval: "10s"
nginx.ingress.kubernetes.io/health-check-timeout: "5s"
nginx.ingress.kubernetes.io/health-check-expected-status: "200"
# Circuit Breaker
nginx.ingress.kubernetes.io/upstream-max-fails: "3"
nginx.ingress.kubernetes.io/upstream-fail-timeout: "30s"
# Rate Limiting
nginx.ingress.kubernetes.io/limit-rps: "100"
nginx.ingress.kubernetes.io/limit-connections: "10"
# Timeouts
nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
# WebSocket Support (for chat and stream)
nginx.ingress.kubernetes.io/proxy-set-headers: "veza-ws-headers"
nginx.ingress.kubernetes.io/websocket-services: "veza-backend-api,veza-stream-server"
nginx.ingress.kubernetes.io/proxy-read-timeout: "86400" # 24 hours for WebSocket
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
spec:
tls:
- hosts:
- app.veza.com
- api.veza.com
- stream.veza.com
secretName: veza-tls
rules:
# Frontend
- host: app.veza.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: veza-frontend
port:
number: 80
# Backend API
- host: api.veza.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: veza-backend-api
port:
number: 8080
# Stream Server
- host: stream.veza.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: veza-stream-server
port:
number: 8080
---
# ConfigMap for custom headers
apiVersion: v1
kind: ConfigMap
metadata:
name: veza-ws-headers
namespace: veza-production
data:
X-Forwarded-Proto: "https"
X-Real-IP: "$remote_addr"
X-Forwarded-For: "$proxy_add_x_forwarded_for"
Reference in a new issue View git blame Copy permalink