云计算/大数据/区块链

部署kubernetes/ingress-nginx(踩坑)

2020-12-22 17:46:56 阅读数 2444 收藏 0

nginx-ingress-controller:0.25.0有问题,所以这里采用nginx-ingress-controller:0.30.0

[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml

[root@k8s-master ~]# cat mandatory.yaml | grep image
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0

所有节点下载quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
[root@k8s-master ~]# docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0

[root@k8s-master ~]# kubectl apply -f mandatory.yaml

[root@k8s-master ~]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-7fcf8df75d-kps22 1/1 Running 0 79s

[root@k8s-master ~]# kubectl describe pod -n ingress-nginx
Events:
Type Reason Age From Message


Normal Scheduled 45s default-scheduler Successfully assigned ingress-nginx/nginx-ingress-controller-7fcf8df75d-p79dr to k8s-node2
Normal Pulled 39s kubelet, k8s-node2 Container image "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0" already present on machine
Normal Created 38s kubelet, k8s-node2 Created container nginx-ingress-controller
Normal Started 38s kubelet, k8s-node2 Started container nginx-ingress-controller

[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml

[root@k8s-master ~]# kubectl apply -f service-nodeport.yaml
service/ingress-nginx created

[root@k8s-master ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.97.244.100 <none> 80:31355/TCP,443:30036/TCP 6s

[root@k8s-master ~]# kubectl get pod -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-7fcf8df75d-v42m9 1/1 Running 0 103s 10.244.1.198 k8s-node2 <none> <none>

[root@k8s-master ~]# ipvsadm -Ln (可以看到当访问NodePort的31355端口时,其实访问的是nginx-ingress-controller 10.244.1.198 的80)

Ingress HTTP 代理访问
deployment、Service、Ingress Yaml 文件
[root@k8s-master ~]# vi ingress.http.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-dm
spec:
replicas: 2
template:
metadata:
labels:
name: nginx
spec:
containers:

  • name: nginx
    image: wangyanglinux/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    • containerPort: 80

      apiVersion: v1
      kind: Service
      metadata:
      name: nginx-svc
      spec:
      ports:

      • port: 80
        targetPort: 80
        protocol: TCP
        selector:
        name: nginx

[root@k8s-master ~]# kubectl apply -f ingress.http.yaml
deployment.extensions/nginx-dm created
service/nginx-svc created

[root@k8s-master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 76m
nginx-svc ClusterIP 10.108.165.161 <none> 80/TCP 6s

[root@k8s-master ~]# curl 10.108.165.161
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

[root@k8s-master ~]# vi ingress1.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: ingress-nginx
name: nginx-test
spec:
rules:

  • host: www1.normantest.com
    http:
    paths:

    • path: /
      backend:
      serviceName: nginx-svc
      servicePort: 80

    [root@k8s-master ~]# kubectl apply -f ingress1.yaml
    ingress.extensions/nginx-test created

[root@k8s-master ~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.97.244.100 <none> 80:31355/TCP,443:30036/TCP 4m5s

[root@k8s-master ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dm-7d967c7ff5-fhpnh 1/1 Running 0 84s 10.244.1.199 k8s-node2 <none> <none>
nginx-dm-7d967c7ff5-z4fm6 1/1 Running 0 84s 10.244.2.108 k8s-node1 <none> <none>

[root@k8s-master ~]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-7fcf8df75d-v42m9 1/1 Running 0 5m35s

[root@k8s-master ~]# kubectl get pod -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-7fcf8df75d-v42m9 1/1 Running 0 8m59s 10.244.1.198 k8s-node2 <none> <none>

为了测试效果,我在Windows主机上的C:\Windows\System32\drivers\etc\hosts建立以下DNS记录
10.10.21.8 www1.normantest.com
在浏览器访问www1.normantest.com:31355,访问页面出错

[root@k8s-master ~]# ipvsadm -Ln(可以看到当访问NodePort的31355端口时,其实访问的是nginx-ingress-controller 10.244.1.198 的80)


进入容器nginx-ingress-controller 排错:
[root@k8s-master ~]# kubectl exec nginx-ingress-controller-7fcf8df75d-v42m9 -it -n ingress-nginx /bin/bash
bash-5.0$ ls
fastcgi.conf geoip mime.types nginx.conf scgi_params uwsgi_params.default
fastcgi.conf.default koi-utf mime.types.default nginx.conf.default scgi_params.default win-utf
fastcgi_params koi-win modsecurity opentracing.json template
fastcgi_params.default lua modules owasp-modsecurity-crs uwsgi_params

bash-5.0$ vi nginx.conf (发现上面部署的ingress没有注入到nginx-ingress-controller的nginx配置中,修改后正确配置如下)

最后成功访问