0

我创建了两个入口,一个用于 Grafana,一个用于我的应用程序。当外部 dns 将它们作为 A 记录写入 route53 托管区域时,其中只有一个(Myapp dns)获得(E)LB 别名(dns),尽管第二个 A 记录将内部 IP 作为 ip 地址获取route53 一条记录。

最大的问题:有没有办法将它们全部设置为相同的别名/或在列表中设置为相同的 elb?为什么默认情况下这样做不成功?

使用:

terraform:
   helm_release:
      nginx-controller-bitnami
      external-dns-bitnami
      prometheus community

grafana入口:

apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
      meta.helm.sh/release-name: kube-prometheus-stack
      meta.helm.sh/release-namespace: prometheus
    generation: 1
    labels:
      app.kubernetes.io/instance: kube-prometheus-stack
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: grafana
      app.kubernetes.io/version: 8.3.3
      helm.sh/chart: grafana-6.20.5
    name: kube-prometheus-stack-grafana
    namespace: prometheus
    resourceVersion: "2419"
  spec:
    rules:
    - host: grafana.dns.io
      http:
        paths:
        - backend:
            service:
              name: kube-prometheus-stack-grafana
              port:
                number: 80
          path: /
          pathType: Prefix
  status:
    loadBalancer:
      ingress:
      - ip: 10.0.1.19
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

我的应用入口


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: /
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: "some.website.io"
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: "{{ .Release.Name }}-app"
            port:
              number: 80

status:
  loadBalancer:
    ingress:
    - ip: 10.0.1.19

nginx-控制器服务

kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: website.my-app.io, some.grafana.io
    meta.helm.sh/release-name: nginx-ingress-controller
    meta.helm.sh/release-namespace: default
  finalizers:
  - service.kubernetes.io/load-balancer-cleanup
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: nginx-ingress-controller
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nginx-ingress-controller
    helm.sh/chart: nginx-ingress-controller-9.1.4
  name: nginx-ingress-controller
  namespace: default
  resourceVersion: "997"
spec:
  clusterIP: 172.30.0.140
  clusterIPs:
  - 172.30.0.140
  externalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: http
    nodePort: 30337
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    nodePort: 31512
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: nginx-ingress-controller
    app.kubernetes.io/name: nginx-ingress-controller
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - hostname: someElbDns.eu-west-1.elb.amazonaws.com
4

1 回答 1

0

由于您的入口控制器服务属于 LoadBalancer 类型,因此创建此服务将为您提供一个 NLB,它将您的 nginx 控制器 pod 作为目标组。

请求将从 NLB 传递到入口 pod,然后再传递到 grafana/您的应用程序。

我会尝试使用相同的主机(website.io)和相同的 nginx 入口类,以便为两个入口分配相同的 NLB 地址:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  namespace: default
  name: grafana-ingress
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
    - hosts:
        - grafana.website.io
      secretName: tls-secret-website-io
  rules:
    - host: website.io
    - http:
        paths:
          - path: /
            backend:
              serviceName: grafana-service
              servicePort: 80

---

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  namespace: default
  name: awebsite-ingress
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
    - hosts:
        - subdomain.website.io
      secretName: tls-secret-website-io
  rules:
    - host: website.io
    - http:
        paths:
          - path: /(/|$)(.*)
            backend:
              serviceName: website-service
              servicePort: 80


kind: Service
apiVersion: v1
metadata:
  name: nginx-controller
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: nginx-controller
    app.kubernetes.io/part-of: nginx-controller
  annotations:
    # by default the type is elb (classic load balancer).
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
spec:
  # this setting is to make sure the source IP address is preserved.
  externalTrafficPolicy: Local
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: nginx-controller
    app.kubernetes.io/part-of: nginx-controller
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: https

最后一步是在 Rot53 中创建一个从您的域到负载均衡器 DNS 的 CNAME 条目。

于 2022-01-26T06:05:03.133 回答