入口:连接被拒绝,但是它可以在集群中工作

时间:2019-11-08 15:56:48

标签: kubernetes

我已经设置了Ingress控制器:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
    name: {{ template "mychart.fullname" . }}-app
    annotations:
        # type of authentication [basic|digest]
        nginx.ingress.kubernetes.io/auth-type: basic
        # name of the secret that contains the user/password definitions
        nginx.ingress.kubernetes.io/auth-secret: {{ template "mychart.fullname" . }}-myauthsecret
        # message to display with an appropriate context why the authentication is required
        nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"
spec:
    rules:
        -   host: "test.example.com"
            http:
                paths:
                    -   path: /
                        backend:
                            serviceName: {{ template "mychart.fullname" . }}-app
                            servicePort: 80

但是,当我对其进行测试时,我得到connection refusedcurl -H 'Host: test.example.com' http://{public ip}/

当我在运行集群的机器上对其进行测试时,它可以正常工作: curl -H 'Host: test.example.com' https://10.96.183.247/

10.96.183.247是本地群集IP

1 个答案:

答案 0 :(得分:1)

谢谢您的评论,我没有注意到,我没有在新的裸机上安装Nginx ingress controller

这里缺少一部分,进入了主机端口:

apiVersion: v1
kind: Namespace
metadata:
    name: ingress-nginx

---

kind: ConfigMap
apiVersion: v1
metadata:
    name: nginx-configuration
    namespace: ingress-nginx

---

# tcp-services-configmap
kind: ConfigMap
apiVersion: v1
metadata:
    name: tcp-services
    namespace: ingress-nginx

---

# udp-services-configmap
kind: ConfigMap
apiVersion: v1
metadata:
    name: udp-services
    namespace: ingress-nginx

# rbac start
---

apiVersion: v1
kind: ServiceAccount
metadata:
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
    name: nginx-ingress-clusterrole
rules:
    - apiGroups:
          - ""
      resources:
          - configmaps
          - endpoints
          - nodes
          - pods
          - secrets
      verbs:
          - list
          - watch
    - apiGroups:
          - ""
      resources:
          - nodes
      verbs:
          - get
    - apiGroups:
          - ""
      resources:
          - services
      verbs:
          - get
          - list
          - watch
    - apiGroups:
          - "extensions"
      resources:
          - ingresses
      verbs:
          - get
          - list
          - watch
    - apiGroups:
          - ""
      resources:
          - events
      verbs:
          - create
          - patch
    - apiGroups:
          - "extensions"
      resources:
          - ingresses/status
      verbs:
          - update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
    name: nginx-ingress-role
    namespace: ingress-nginx
rules:
    - apiGroups:
          - ""
      resources:
          - configmaps
          - pods
          - secrets
          - namespaces
      verbs:
          - get
    - apiGroups:
          - ""
      resources:
          - configmaps
      resourceNames:
          # Defaults to "<election-id>-<ingress-class>"
          # Here: "<ingress-controller-leader>-<nginx>"
          # This has to be adapted if you change either parameter
          # when launching the nginx-ingress-controller.
          - "ingress-controller-leader-nginx"
      verbs:
          - get
          - update
    - apiGroups:
          - ""
      resources:
          - configmaps
      verbs:
          - create
    - apiGroups:
          - ""
      resources:
          - endpoints
      verbs:
          - get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
    name: nginx-ingress-role-nisa-binding
    namespace: ingress-nginx
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: nginx-ingress-role
subjects:
    - kind: ServiceAccount
      name: nginx-ingress-serviceaccount
      namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
    name: nginx-ingress-clusterrole-nisa-binding
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: nginx-ingress-clusterrole
subjects:
    - kind: ServiceAccount
      name: nginx-ingress-serviceaccount
      namespace: ingress-nginx

---
# rbac end

# with-rbac start

apiVersion: apps/v1
kind: Deployment
metadata:
    name: nginx-ingress-controller
    namespace: ingress-nginx
spec:
    replicas: 1
    selector:
        matchLabels:
            app: ingress-nginx
    template:
        metadata:
            labels:
                app: ingress-nginx
            annotations:
                prometheus.io/port: '10254'
                prometheus.io/scrape: 'true'
        spec:
            serviceAccountName: nginx-ingress-serviceaccount
            containers:
                - name: nginx-ingress-controller
                  image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0
                  args:
                      - /nginx-ingress-controller
                      - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
                      - --configmap=$(POD_NAMESPACE)/nginx-configuration
                      - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
                      - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
                      - --annotations-prefix=nginx.ingress.kubernetes.io
                  env:
                      - name: POD_NAME
                        valueFrom:
                            fieldRef:
                                fieldPath: metadata.name
                      - name: POD_NAMESPACE
                        valueFrom:
                            fieldRef:
                                fieldPath: metadata.namespace
                  ports:
                      - name: http
                        containerPort: 80
                        hostPort: 80 # !!!!!!
                      - name: https
                        containerPort: 443
                        hostPort: 443 # !!!!!!
                  livenessProbe:
                      failureThreshold: 3
                      httpGet:
                          path: /healthz
                          port: 10254
                          scheme: HTTP
                      initialDelaySeconds: 10
                      periodSeconds: 10
                      successThreshold: 1
                      timeoutSeconds: 1
                  readinessProbe:
                      failureThreshold: 3
                      httpGet:
                          path: /healthz
                          port: 10254
                          scheme: HTTP
                      periodSeconds: 10
                      successThreshold: 1
                      timeoutSeconds: 1
                  securityContext:
                      runAsNonRoot: false


---
# with-rbac end

# default-backend start

apiVersion: apps/v1
kind: Deployment
metadata:
    name: default-http-backend
    namespace: ingress-nginx
spec:
    selector:
        matchLabels:
            app: default-http-backend
    template:
        metadata:
            labels:
                app: default-http-backend
        spec:
            terminationGracePeriodSeconds: 60
            containers:
                - name: default-http-backend
                    # Any image is permissible as long as:
                    # 1. It serves a 404 page at /
                    # 2. It serves 200 on a /healthz endpoint
                  image: gcr.io/google_containers/defaultbackend:1.4
                  livenessProbe:
                      httpGet:
                          path: /healthz
                          port: 8080
                          scheme: HTTP
                      initialDelaySeconds: 30
                      timeoutSeconds: 5
                  ports:
                      - containerPort: 8080
                  resources:
                      limits:
                          cpu: 10m
                          memory: 20Mi
                      requests:
                          cpu: 10m
                          memory: 20Mi
---

apiVersion: v1
kind: Service
metadata:
    name: default-http-backend
    namespace: ingress-nginx
spec:
    selector:
        app: default-http-backend
    ports:
        - port: 80
          targetPort: 8080

---
# default-backend end