1
  • 集群类型:基于OpenNebula的裸机集群
  • 规格:4 个工作节点,每个工作节点 8 个 CPU,每个工作节点 32GB 内存/RAM

我正在尝试使用以下命令为我的集群设置 NGINX 入口控制器:

[root@onekube-ip-193-144-35-177 ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/baremetal/deploy.yaml

这给了我这个输出

namespace/ingress-nginx unchanged serviceaccount/ingress-nginx unchanged configmap/ingress-nginx-controller configured clusterrole.rbac.authorization.k8s.io/ingress-nginx unchanged clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged role.rbac.authorization.k8s.io/ingress-nginx unchanged rolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged service/ingress-nginx-controller-admission unchanged service/ingress-nginx-controller unchanged deployment.apps/ingress-nginx-controller created validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission configured clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission unchanged clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged job.batch/ingress-nginx-admission-create unchanged job.batch/ingress-nginx-admission-patch unchanged role.rbac.authorization.k8s.io/ingress-nginx-admission unchanged rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged serviceaccount/ingress-nginx-admission unchanged

然后我使用以下命令编辑 ingress-nginx-controller 服务:

kubectl edit svc -n ingress-nginx ingress-nginx-controller

我在 externalIPs 下添加了 K8S 集群的外部 IP,具体如下:

[...]
spec:
 clusterIP: 10.99.1.223
 externalIPs:
 - 193.144.35.177
 externalTrafficPolicy: Cluster
 ports:
[...]

为了测试 NGINX 入口控制器是否正常工作,我现在应该能够浏览指向 K8S 集群 IP 地址的子域(例如 prometheus.grapevine-project.eu)(由 DNS 查找确认),并且"404 Not Found page"如果控制器确实已正确设置,则URL 应包含NGINX 入口控制器返回的值。但是,我目前正在"This site can’t be reached prometheus.grapevine-project.eu took too long to respond."我的 Internet 浏览器上获取一个页面。

这是测试 NGINX 是否正常工作的正确/推荐方法吗?我的 NGINX 入口控制器设置有什么问题吗?

附言

[root@onekube-ip-193-144-35-177 ~]# kubectl get svc -n ingress-nginx ingress-nginx-controller -o wide
NAME                       TYPE       CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE   SELECTOR
ingress-nginx-controller   NodePort   10.105.197.205   193.144.35.177   80:30498/TCP,443:30781/TCP   14d   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
4

2 回答 2

4

无法通过评论解决问题,让我们通过答案来解决吗?我会在进展后编辑这篇文章。

来自https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/baremetal/deploy.yaml

我们可以看到一个type: NodePort服务name: ingress-nginx-controller

这意味着您将拥有以下内容:

ubectl get svc ingress-nginx-controller -n ingress-nginx
NAME                       TYPE       CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE
ingress-nginx-controller   NodePort   10.99.1.223   193.144.35.177   80:30498/TCP,443:30781/TCP   8m40s

我可以看到您主机上的 NodePort 范围内正好打开了 2 个端口。

PORT      STATE    SERVICE
30498/tcp filtered unknown
30781/tcp filtered unknown

请检查您是否能够通过 CLUSTER-IP:80 和 CLUSTER-IP:443 从集群内部访问应用程序

更新

我刚刚复制了您的设置,就我而言,它运行良好。

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/baremetal/deploy.yaml


$ kubectl get all -n ingress-nginx

NAME                                            READY   STATUS      RESTARTS   AGE
pod/ingress-nginx-admission-create-rh2b4        0/1     Completed   0          82m
pod/ingress-nginx-admission-patch-l7ttw         0/1     Completed   0          82m
pod/ingress-nginx-controller-547b58f6cb-whrck   1/1     Running     0          82m

NAME                                         TYPE        CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGE
service/ingress-nginx-controller             NodePort    10.0.12.124   <none>          80:31691/TCP,443:30114/TCP   82m
service/ingress-nginx-controller-admission   ClusterIP   10.0.1.61     <none>          443/TCP                      82m

NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   1/1     1            1           82m

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx-controller-547b58f6cb   1         1         1       82m

NAME                                       COMPLETIONS   DURATION   AGE
job.batch/ingress-nginx-admission-create   1/1           6s         82m
job.batch/ingress-nginx-admission-patch    1/1           7s         82m

$ kubectl -n ingress-nginx get ep
NAME                                 ENDPOINTS                      AGE
ingress-nginx-controller             10.52.0.49:80,10.52.0.49:443   82m
ingress-nginx-controller-admission   10.52.0.49:8443                82m

即使没有编辑服务,我也能够从本地电脑向 K8s 集群发送请求(我的防火墙允许我这样做)。

$ curl K8S_node_IP:31691
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>

$ curl K8S_node_IP:30114
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.19.1</center>
</body>
</html>

是类型,所以在我ingress-nginx-controllerNodePort情况下,不需要编辑它,因为我已经知道我的 K8s_node_IP。

为了解决您描述的问题(服务器超时),可以执行以下操作:

  • 检查问题是否与 nginx-ingress 相关。为此,我已经拥有可以通过kubectlcli 轻松部署的最小容器。
$ kubectl create deployment server-gog -n ingress-nginx --image=nkolchenko/enea:server_go_latest
deployment.apps/server-gog created

$ kubectl expose -n ingress-nginx deployment server-gog --type=NodePort --port=8180 --selector=app=server-gog

$ kubectl get svc -o wide -n ingress-nginx server-gog
NAME         TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)          AGE   SELECTOR
server-gog   NodePort   10.0.10.254   <none>        8180:32068/TCP   76s   app=server-gog

### our app is avaliable at K8S_node_IP:32068 and 10.0.10.254:8180

$ curl K8S_node_IP:32068/some_string
Hello from ServerGo. You requested: /some_string

如果上述方法确实有效,则问题出在您的ingress-nginx设置中。并且需要对每个组件进行检查。

于 2020-08-19T14:27:21.580 回答
1

我将尝试回答您的两个问题,但这可能会让您在入口控制器完全运行之前还有更多工作要做

  1. 您是否以正确的方式测试您的 Nginx 入口控制器?我会说不。测试控制器的最佳方法是创建一个入口对象,将流量路由到echoserver等简单服务,并确保流量按预期路由到该入口。您是正确的,您执行的 http 请求应该已经返回404,但即使您实现了这一点,在完成整个循环之前您可能仍然会错过一些问题(像 SSL 终止之类的东西是最明显的陷阱,但还有更多)
  2. 看来您的设置确实存在一些问题。您用作外部 IP 的 IP 是什么?为什么您希望它将流量路由到您的集群中?
于 2020-08-18T18:24:12.470 回答