【发布时间】:2021-06-29 09:42:39
【问题描述】:
我已经建立了一个 k8s 集群(目前是 1 个裸机节点,既是主节点也是从节点)。我还设置了 Nginx 入口控制器,如下所述:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/ 以下是具体步骤:
-
kubectl apply -f common/ns-and-sa.yamlhttps://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/ns-and-sa.yaml(无修改) -
kubectl apply -f rbac/rbac.yamlhttps://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/rbac/rbac.yaml(无修改) -
kubectl apply -f common/default-server-secret.yamlhttps://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/default-server-secret.yaml(无修改) -
kubectl apply -f common/nginx-config.yamlhttps://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/nginx-config.yaml修改文件:
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config
namespace: nginx-ingress
data:
ignore-invalid-headers: "false"
use-forwarded-headers: "true"
forwarded-for-header: "CF-Connecting-IP"
proxy-real-ip-cidr: "...IPs go here..."
-
kubectl apply -f common/ingress-class.yamlhttps://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/ingress-class.yaml修改文件:
apiVersion: networking.k8s.io/v1beta1
kind: IngressClass
metadata:
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: nginx.org/ingress-controller
- 这些命令:
kubectl apply -f common/crds/k8s.nginx.org_virtualservers.yaml
kubectl apply -f common/crds/k8s.nginx.org_virtualserverroutes.yaml
kubectl apply -f common/crds/k8s.nginx.org_transportservers.yaml
kubectl apply -f common/crds/k8s.nginx.org_policies.yaml
没有修改,链接:
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_virtualservers.yaml
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_virtualserverroutes.yaml
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_transportservers.yaml
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_policies.yaml
-
kubectl apply -f daemon-set/nginx-ingress.yamlhttps://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/daemon-set/nginx-ingress.yaml(无修改)
我还设置了 cert-manager,它工作正常(很确定这无关紧要)。
现在,当我创建一些 Ingress 资源时,它几乎可以工作了。我可以从外网访问,发证工作等。但是没有应用ConfigMap(common/nginx-config.yaml),也没有应用nginx.org/rewrite-target: /$1之类的注解。
例子:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-com
namespace: example-com
annotations:
nginx.org/rewrite-target: /$1
spec:
ingressClassName: nginx
tls:
- hosts:
- example.com
secretName: example-com-tls
rules:
- host: example.com
http:
paths:
- path: /api/(.*)
pathType: ImplementationSpecific
backend:
service:
name: api
port:
number: 80
- path: /(.*)
pathType: ImplementationSpecific
backend:
service:
name: frontend
port:
number: 80
当然会使用真实域名。在这个例子中我得到 404 nginx 错误。在其他 Ingress 我通过 /proxy-body-size 注释,这也不起作用(不能上传大文件)。
我已经 exec 使用 kubectl -n nginx-ingress exec -it nginx-ingress-snjjp bash 进入入口控制器 pod,并查看了 /etc/nginx/conf.d 中的文件。没有任何文件包含 ConfigMap 或注释中指定的配置。
这就是它的样子(我删除了多余的空白行并替换了域名):
# configuration for example-com/example-com
upstream example-com-example-com-example.com-api-80 {
zone example-com-example-com-example.com-api-80 256k;
random two least_conn;
server 10.32.0.4:80 max_fails=1 fail_timeout=10s max_conns=0;
}
upstream example-com-example-com-example.com-frontend-80 {
zone example-com-example-com-example.com-frontend-80 256k;
random two least_conn;
server 10.32.0.27:80 max_fails=1 fail_timeout=10s max_conns=0;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/secrets/example-com-example-com-tls;
ssl_certificate_key /etc/nginx/secrets/example-com-example-com-tls;
server_tokens on;
server_name example.com;
set $resource_type "ingress";
set $resource_name "example-com";
set $resource_namespace "example-com";
if ($scheme = http) {
return 301 https://$host:443$request_uri;
}
location /api/(.*) {
set $service "api";
proxy_http_version 1.1;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_max_body_size 1m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering on;
proxy_pass http://example-com-example-com-example.com-api-80;
}
location /(.*) {
set $service "frontend";
proxy_http_version 1.1;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_max_body_size 1m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering on;
proxy_pass http://example-com-example-com-example.com-frontend-80;
}
}
我还尝试了nginx.ingress.kubernetes.io/ 注释(如您所见,我不是专业人士,这是我用谷歌搜索的)。没有成功。
我正在更新我的集群,并且在几天前使用旧版本的 k8s(我认为是 1.15)一切正常。当然,除了入口控制器之外,我对每个服务都使用了完全相同的配置。
有什么想法吗?
【问题讨论】: