NodePort上的Kubernetes Nginx入口控制器

时间:2019-10-26 19:39:28

标签: nginx kubernetes rancher nginx-ingress rke

我正在RKE管理的Kubernetes集群上部署基于Nginx的入口控制器。 (我也尝试过不使用RKE的情况)。

在这两种情况下,它都尝试使用/绑定到主机上的Ports 80443上,但失败了,因为在security policy的所有服务帐户的Pod中允许主机端口。

实际上,我不需要直接在主机上访问入口,但是我想从外部{{1}作为ingress controller上的Service访问NodePort }。

有没有办法部署LoadBalancer而不使用任何hostPort。

2 个答案:

答案 0 :(得分:0)

在关于NodePort的文档中,您可以发现此类型可以分配30000-32767范围内的端口。 但是,有一种解决方法。如果您要添加具有请求范围的特殊标志#include <UIPEthernet.h> #include <PubSubClient.h> // Update these with values suitable for your network. byte mac[] = { 0xDE, 0xED, 0xBA, 0xFE, 0xFE, 0xED }; byte ip[] = { 192, 168, 1, 200 }; //put your device’s local ip here DA EthernetClient ethClient; //char servername[]=”1jyf9u.messaging.internetofthings.ibmcloud.com”; char servername[] = { 141, 125, 70, 157 }; PubSubClient client(servername, 1883, 0, ethClient); void setup() { Serial.begin(9600); Serial.println("Arduino MQTT v, 1, 2"); Ethernet.begin(mac, ip); } void loop() { //client.loop(); char clientStr[33]; String clientName = String("d:1jyf9u:my_nano_type:my_nano_id"); clientName.toCharArray(clientStr, 33); char token[] = "6q_n@g@HjUyQJEv6Nx"; while (!client.connected()) { Serial.println("Reconnecting client … "); client.connect(clientStr, "use - token - auth", token); } String data = "{\"d\": {\"TEST\" : \""; data += random(10); data += "\" } } " ; char jsonStr[33]; data.toCharArray(jsonStr, 33); char topicStr[33]; String topicName = String("iot - 2 / evt / status / fmt / json"); topicName.toCharArray(topicStr, 33); Serial.print("attempt to send "); Serial.print(jsonStr); Serial.print(" to "); Serial.println(topicStr); if (client.publish(topicStr, jsonStr)) Serial.println("successfully sent"); else Serial.println("unsuccessfully sent"); Serial.println("Disconnecting client … "); client.disconnect(); delay(5000); } , 准入控制器允许您使用端口80和443创建NodePort。

您将需要转到--service-node-port-range,使用sudo编辑/etc/kubernetes/manifests/并添加条目 kube-apiserver.yaml。之后,您需要保存它。

现在,您将需要创建- --service-node-port-range=1-32767。为此,您需要编辑this yaml并在端口中将service添加到node port

之前: 

spec.ports

之后: 

 ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP

这些更改之后,您可以在 / etc / kubernetes / manifests / 中再次编辑 ports: - name: http nodePort: 80 port: 80 protocol: TCP targetPort: 80 - name: https nodePort: 443 port: 443 protocol: TCP targetPort: 443 ,并在与kube-apiserver.yaml相同的行中使用#对其进行注释。

然后,您将可以卷曲此- --service-node-port-range地址和NodePort地址。

编辑: 经过澄清

可以通过两种方式部署Ingress。第一个是将Node部署为Deamonset,这需要在配置文件中使用Nginx。但是,还有另一种选择,您可以将hostPort部署为Nginx

  

NodeIP和已知端口:DaemonSet中的Pod可以使用hostPort,因此   可以通过节点IP到达Pod。客户知道清单   节点IP以某种方式,并按约定知道端口。

但是在页面底部您可以找到:

  

DaemonSet与Deployment相似,它们都创建Pod,   而那些Pod的进程预计不会终止   (例如Web服务器,存储服务器)。

     

对无状态服务(如前端)进行扩展时使用Deployment   上下副本数量和推出更新数量更多   比精确控制Pod运行在哪个主机上更重要。用一个   当Pod的副本始终在所有对象上运行很重要时,请设置DaemonSet   或某些主机,以及何时需要在其他Pod之前启动。

您需要将Deployment部署为Ingress,将不是部署为Deployment

可以找到here的Nginx部署示例。 由于部署不需要Deamonset,因此您可以创建不带此参数的Pod。

答案 1 :(得分:0)

通过禁用hostNetwork来完成,并删除不必要的特权和功能:

C02W84XMHTD5:Downloads iahmad$ kubectl get deployments -n ingress-nginx -o yaml
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  kind: Deployment
  metadata:
    annotations:
      deployment.kubernetes.io/revision: "1"

    labels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
    name: nginx-ingress-controller
    namespace: ingress-nginx
    resourceVersion: "68427"
    selfLink: /apis/extensions/v1beta1/namespaces/ingress-nginx/deployments/nginx-ingress-controller
    uid: 0b92b556-12fa-11ea-9d82-08002762a3c5
  spec:
    progressDeadlineSeconds: 600
    replicas: 1
    revisionHistoryLimit: 10
    selector:
      matchLabels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
    strategy:
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    template:
      metadata:
        annotations:
          prometheus.io/port: "10254"
          prometheus.io/scrape: "true"
        creationTimestamp: null
        labels:
          app.kubernetes.io/name: ingress-nginx
          app.kubernetes.io/part-of: ingress-nginx
      spec:
        containers:
        - args:
          - /nginx-ingress-controller
          - --configmap=$(POD_NAMESPACE)/nginx-configuration
          - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
          - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
          - --publish-service=$(POD_NAMESPACE)/ingress-nginx
          - --annotations-prefix=nginx.ingress.kubernetes.io
          env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                - /wait-shutdown
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          name: nginx-ingress-controller
          ports:
          - containerPort: 80
            name: http
            protocol: TCP
          - containerPort: 443
            name: https
            protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          resources: {}
          securityContext:
            runAsUser: 33
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        serviceAccount: nginx-ingress-serviceaccount
        serviceAccountName: nginx-ingress-serviceaccount
        terminationGracePeriodSeconds: 300
  status:
    availableReplicas: 1
    conditions:
    - lastTransitionTime: 2019-11-29T22:46:59Z
      lastUpdateTime: 2019-11-29T22:46:59Z
      message: Deployment has minimum availability.
      reason: MinimumReplicasAvailable
      status: "True"
      type: Available
    - lastTransitionTime: 2019-11-29T22:46:13Z
      lastUpdateTime: 2019-11-29T22:46:59Z
      message: ReplicaSet "nginx-ingress-controller-84758fb96c" has successfully progressed.
      reason: NewReplicaSetAvailable
      status: "True"
      type: Progressing
    observedGeneration: 1
    readyReplicas: 1
    replicas: 1
    updatedReplicas: 1
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

,然后创建一个指向入口控制器端口的节点端口服务:

C02W84XMHTD5:Downloads iahmad$ kubectl get svc -n ingress-nginx -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Service
  metadata:

    labels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
    name: ingress-nginx
    namespace: ingress-nginx
    resourceVersion: "68063"
    selfLink: /api/v1/namespaces/ingress-nginx/services/ingress-nginx
    uid: 7aa425a4-12f9-11ea-9d82-08002762a3c5
  spec:
    clusterIP: 10.97.110.93
    externalTrafficPolicy: Cluster
    ports:
    - name: http
      nodePort: 30864
      port: 80
      protocol: TCP
      targetPort: 80
    - name: https
      nodePort: 30716
      port: 443
      protocol: TCP
      targetPort: 443
    selector:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/part-of: ingress-nginx
    sessionAffinity: None
    type: NodePort
  status:
    loadBalancer: {}
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
C02W84XMHTD5:Downloads iahmad$
相关问题
最新问题