部署kubernetes/ingress-nginx(踩坑)

nginx-ingress-controller:0.25.0有问题，所以这里采用nginx-ingress-controller:0.30.0

[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml

[root@k8s-master ~]# cat mandatory.yaml | grep image image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0

所有节点下载quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0 [root@k8s-master ~]# docker pull quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0

[root@k8s-master ~]# kubectl apply -f mandatory.yaml

[root@k8s-master ~]# kubectl get pod -n ingress-nginx NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7fcf8df75d-kps22 1/1 Running 0 79s

[root@k8s-master ~]# kubectl describe pod -n ingress-nginx Events: Type Reason Age From Message

---

Normal Scheduled 45s default-scheduler Successfully assigned ingress-nginx/nginx-ingress-controller-7fcf8df75d-p79dr to k8s-node2 Normal Pulled 39s kubelet, k8s-node2 Container image "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0" already present on machine Normal Created 38s kubelet, k8s-node2 Created container nginx-ingress-controller Normal Started 38s kubelet, k8s-node2 Started container nginx-ingress-controller

[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml

[root@k8s-master ~]# kubectl apply -f service-nodeport.yaml service/ingress-nginx created

[root@k8s-master ~]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx NodePort 10.97.244.100 <none> 80:31355/TCP,443:30036/TCP 6s

[root@k8s-master ~]# kubectl get pod -o wide -n ingress-nginx NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-ingress-controller-7fcf8df75d-v42m9 1/1 Running 0 103s 10.244.1.198 k8s-node2 <none> <none>

[root@k8s-master ~]# ipvsadm -Ln （可以看到当访问NodePort的31355端口时，其实访问的是nginx-ingress-controller 10.244.1.198 的80）

Ingress HTTP 代理访问 deployment、Service、Ingress Yaml 文件 [root@k8s-master ~]# vi ingress.http.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-dm spec: replicas: 2 template: metadata: labels: name: nginx spec: containers: - name: nginx image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent ports: - containerPort: 80

apiVersion: v1 kind: Service metadata: name: nginx-svc spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx

[root@k8s-master ~]# kubectl apply -f ingress.http.yaml deployment.extensions/nginx-dm created service/nginx-svc created

[root@k8s-master ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 76m nginx-svc ClusterIP 10.108.165.161 <none> 80/TCP 6s

[root@k8s-master ~]# curl 10.108.165.161
Hello MyApp | Version: v1 | <a rel="nofollow" href="hostname.html">Pod Name</a>

[root@k8s-master ~]# vi ingress1.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: namespace: ingress-nginx name: nginx-test spec: rules: - host: www1.normantest.com http: paths: - path: / backend: serviceName: nginx-svc servicePort: 80

[root@k8s-master ~]# kubectl apply -f ingress1.yaml ingress.extensions/nginx-test created

[root@k8s-master ~]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx NodePort 10.97.244.100 <none> 80:31355/TCP,443:30036/TCP 4m5s

[root@k8s-master ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-dm-7d967c7ff5-fhpnh 1/1 Running 0 84s 10.244.1.199 k8s-node2 <none> <none> nginx-dm-7d967c7ff5-z4fm6 1/1 Running 0 84s 10.244.2.108 k8s-node1 <none> <none>

[root@k8s-master ~]# kubectl get pod -n ingress-nginx NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7fcf8df75d-v42m9 1/1 Running 0 5m35s

[root@k8s-master ~]# kubectl get pod -o wide -n ingress-nginx NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-ingress-controller-7fcf8df75d-v42m9 1/1 Running 0 8m59s 10.244.1.198 k8s-node2 <none> <none>

为了测试效果，我在Windows主机上的C:\Windows\System32\drivers\etc\hosts建立以下DNS记录 10.10.21.8 www1.normantest.com 在浏览器访问www1.normantest.com:31355，访问页面出错 [root@k8s-master ~]# ipvsadm -Ln（可以看到当访问NodePort的31355端口时，其实访问的是nginx-ingress-controller 10.244.1.198 的80）

进入容器nginx-ingress-controller 排错： [root@k8s-master ~]# kubectl exec nginx-ingress-controller-7fcf8df75d-v42m9 -it -n ingress-nginx /bin/bash bash-5.0$ ls fastcgi.conf geoip mime.types nginx.conf scgi_params uwsgi_params.default fastcgi.conf.default koi-utf mime.types.default nginx.conf.default scgi_params.default win-utf fastcgi_params koi-win modsecurity opentracing.json template fastcgi_params.default lua modules owasp-modsecurity-crs uwsgi_params

bash-5.0$ vi nginx.conf (发现上面部署的ingress没有注入到nginx-ingress-controller的nginx配置中，修改后正确配置如下) 最后成功访问