2

我正在尝试在 GKE 中创建静态内部入口。看来我们没有直接的办法。在How to set static internal IP to the GKE internal Ingress之后,我遵循了一种解决方法。

这是我用来部署一些示例工作负载和 Ingress 的 Ingress.yaml 文件。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-app
spec:
  selector:
    matchLabels:
      app: hello
  replicas: 3
  template:
    metadata:
      labels:
        app: hello
    spec:
      containers:
        - name: hello
          image: "gcr.io/google-samples/hello-app:2.0"
---
apiVersion: v1
kind: Service
metadata:
  name: hello-service
  labels:
    app: hello
spec:
  type: NodePort
  selector:
    app: hello
  ports:
    - name: hello-port
      port: 80
      targetPort: 8080
      protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-kubernetes-deployment
spec:
  selector:
    matchLabels:
      greeting: hello
      department: kubernetes
  replicas: 3
  template:
    metadata:
      labels:
        greeting: hello
        department: kubernetes
    spec:
      containers:
        - name: hello-again
          image: "gcr.io/google-samples/node-hello:1.0"
          env:
            - name: "PORT"
              value: "8080"
---
apiVersion: v1
kind: Service
metadata:
  name: hello-kubernetes
spec:
  type: NodePort
  selector:
    greeting: hello
    department: kubernetes
  ports:
    - protocol: TCP
      port: 80
      targetPort: 8080

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hello-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
    - host:
      http:
        paths:
          - path: /
            backend:
              serviceName: hello-service
              servicePort: hello-port
          - path: /kube
            backend:
              serviceName: ....
              servicePort: ....

只有在应用此 Yaml 并首先创建“hello-ingress”和 nginx-ingress-controller.yaml 时,我才能创建 Ingress(https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static /provider/cloud/deploy.yaml)稍后。但是我无法对“hello-ingress”进行更改,例如添加新的后端。

我收到以下错误,没有其他日志: 错误:来自服务器的错误(超时):创建“ingress.yaml”时出错:超时:请求未在请求的超时 30 秒内完成

请帮我解决这个问题>

这是日志:

所有命令都成功运行以安装 nginx-ingress 控制器。我在日志中看不到任何变化。

kubectl 获取 svc -n 入口-nginx

NAME                                 TYPE           CLUSTER-IP   EXTERNAL-IP    PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.0.70.63   34.89.23.101   80:31487/TCP,443:30883/TCP   4m31s
ingress-nginx-controller-admission   ClusterIP      10.0.70.77   <none>         443/TCP                      4m33s

kubectl 记录 ingress-nginx-controller-7656c59dc4-lxzr8 -n ingress-nginx

-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       0.33.0
  Build:         git-589187c35
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.19.0

-------------------------------------------------------------------------------

I0626 12:37:33.117229       6 flags.go:204] Watching for Ingress class: nginx
W0626 12:37:33.117726       6 flags.go:249] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W0626 12:37:33.117819       6 client_config.go:552] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0626 12:37:33.118042       6 main.go:218] Creating API client for https://10.0.70.1:443
I0626 12:37:33.129303       6 main.go:262] Running in Kubernetes cluster version v1.14+ (v1.14.10-gke.36) - git (clean) commit 34a615f32e9a0c9e97cdb9f749adb392758349a6 - platform linux/amd64
I0626 12:37:33.423095       6 main.go:103] SSL fake certificate created /etc/ingress-controller/ssl/default-fake-certificate.pem
I0626 12:37:33.427971       6 ssl.go:528] loading tls certificate from certificate path /usr/local/certificates/cert and key path /usr/local/certificates/key
I0626 12:37:33.489675       6 nginx.go:263] Starting NGINX Ingress controller
I0626 12:37:33.514359       6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"ingress-nginx-controller", UID:"b61c2d49-b7a9-11ea-b6c6-4201ac100064", APIVersion:"v1", ResourceVersion:"10997045", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/ingress-nginx-controller
I0626 12:37:34.690278       6 nginx.go:307] Starting NGINX process
I0626 12:37:34.690278       6 leaderelection.go:242] attempting to acquire leader lease  ingress-nginx/ingress-controller-leader-nginx...
I0626 12:37:34.691363       6 nginx.go:327] Starting validation webhook on :8443 with keys /usr/local/certificates/cert /usr/local/certificates/key
I0626 12:37:34.692058       6 controller.go:139] Configuration changes detected, backend reload required.
I0626 12:37:34.702054       6 leaderelection.go:252] successfully acquired lease ingress-nginx/ingress-controller-leader-nginx
I0626 12:37:34.702550       6 status.go:86] new leader elected: ingress-nginx-controller-7656c59dc4-lxzr8
I0626 12:37:34.832600       6 controller.go:155] Backend successfully reloaded.
I0626 12:37:34.832669       6 controller.go:164] Initial sync, sleeping for 1 second.

kubectl apply -f ingress.yaml

deployment.apps/hello-app created
service/hello-service created
Error from server (Timeout): error when creating "ingress.yaml": Timeout: request did not complete within requested timeout 30s

kubectl 记录 ingress-nginx-controller-7656c59dc4-lxzr8 -n ingress-nginx

-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       0.33.0
  Build:         git-589187c35
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.19.0

-------------------------------------------------------------------------------

I0626 12:37:33.117229       6 flags.go:204] Watching for Ingress class: nginx
W0626 12:37:33.117726       6 flags.go:249] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W0626 12:37:33.117819       6 client_config.go:552] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0626 12:37:33.118042       6 main.go:218] Creating API client for https://10.0.70.1:443
I0626 12:37:33.129303       6 main.go:262] Running in Kubernetes cluster version v1.14+ (v1.14.10-gke.36) - git (clean) commit 34a615f32e9a0c9e97cdb9f749adb392758349a6 - platform linux/amd64
I0626 12:37:33.423095       6 main.go:103] SSL fake certificate created /etc/ingress-controller/ssl/default-fake-certificate.pem
I0626 12:37:33.427971       6 ssl.go:528] loading tls certificate from certificate path /usr/local/certificates/cert and key path /usr/local/certificates/key
I0626 12:37:33.489675       6 nginx.go:263] Starting NGINX Ingress controller
I0626 12:37:33.514359       6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"ingress-nginx-controller", UID:"b61c2d49-b7a9-11ea-b6c6-4201ac100064", APIVersion:"v1", ResourceVersion:"10997045", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/ingress-nginx-controller
I0626 12:37:34.690278       6 nginx.go:307] Starting NGINX process
I0626 12:37:34.690278       6 leaderelection.go:242] attempting to acquire leader lease  ingress-nginx/ingress-controller-leader-nginx...
I0626 12:37:34.691363       6 nginx.go:327] Starting validation webhook on :8443 with keys /usr/local/certificates/cert /usr/local/certificates/key
I0626 12:37:34.692058       6 controller.go:139] Configuration changes detected, backend reload required.
I0626 12:37:34.702054       6 leaderelection.go:252] successfully acquired lease ingress-nginx/ingress-controller-leader-nginx
I0626 12:37:34.702550       6 status.go:86] new leader elected: ingress-nginx-controller-7656c59dc4-lxzr8
I0626 12:37:34.832600       6 controller.go:155] Backend successfully reloaded.
I0626 12:37:34.832669       6 controller.go:164] Initial sync, sleeping for 1 second.
4

1 回答 1

2

所以,我面临的问题是防火墙。

我在私有集群中创建了 nginx-ingress,我必须从主地址范围到节点打开端口 8443 和 10254。

于 2020-07-03T07:51:15.497 回答