Nginx Ingress 控制器设置问题
Nginx Ingress controller set up issues
我已经设置了一个裸机 k8 集群(1 个主节点 - intel NUC 和 Raspberry pi 上的 2 个工作节点)。我设法设置了一个 metal-lb 负载平衡和 nginx 入口控制器。我启动了两个应用程序,ghost(在默认端口 2368 上侦听)和 nextcloud(在默认端口 80 上侦听)。我正在尝试从 public ip myhomeserver.io(访问 ghost 应用程序)和 nextcloud.myhomeserver.io(访问下一个云应用程序)访问应用程序。我可以访问 ghost 应用程序,但我似乎无法访问 nextcloud.Given 下面是入口和服务的 yaml 文件。不确定我哪里出错了。
kubectl get services --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 98d
ghost ghost-service ClusterIP 10.107.116.108 <none> 2368/TCP 7h37m
ingress-nginx ingress-nginx LoadBalancer 10.109.177.223 192.168.178.200 80:31619/TCP,443:30365/TCP 7d23h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 98d
nextcloud nextcloud-service ClusterIP 10.105.24.162 <none> 8080/TCP 137m
=============================================================================================================================
NAMESPACE NAME HOSTS ADDRESS PORTS AGE
ghost ingress-ghost myhomeserver.io 192.168.178.200 80 7d22h
nextcloud ingress-nextcloud nextcloud.myhomeserver.io 192.168.178.200 80 140m
=============================================================================================================================
cat ingress-object-ghost.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ghost
namespace: ghost
spec:
rules:
- host: myhomeserver.io
http:
paths:
- backend:
serviceName: ghost-service
servicePort: 2368
=============================================================================================================================
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nextcloud
namespace: nextcloud
spec:
rules:
- host: nextcloud.myhomeserver.io
http:
paths:
- backend:
serviceName: nextcloud-service
servicePort: 8080
================================================================================================================================
cat ingress-object-nextcloud.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nextcloud
namespace: nextcloud
spec:
rules:
- host: nextcloud.myhomeserver.io
http:
paths:
- backend:
serviceName: nextcloud-service
servicePort: 8080
===================================================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name:
deployment-nextcloud
namespace: nextcloud
labels:
env: prod
app: nextcloud-app
spec:
template:
metadata:
name: nextcloud-app-pod
labels:
app: nextcloud-app
env: production
spec:
containers:
- name: nextcloud
image: arm32v7/nextcloud
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-data
securityContext:
privileged: True
volumes:
- name: nextcloud-data
persistentVolumeClaim:
claimName: pvc-nextcloud
nodeSelector:
kubernetes.io/arch: arm
replicas: 2
selector:
matchLabels:
app: nextcloud-app
================================================================================================================
apiVersion: v1
kind: Service
metadata:
name: nextcloud-service
namespace: nextcloud
labels:
app: nextcloud-app
spec:
type: ClusterIP
selector:
app: nextcloud-app
ports:
- port: 8080
targetPort: 8080
protocol: TCP
请注意,您的 nginx 入口控制器 运行 在 ghost 命名空间中,因此它只知道 ghost 服务。如果你想在那里有一个入口,你需要为你的 nextcloud 命名空间有另一个入口控制器。如果您不想要另一个入口控制器,那么您可以通过以下方式定位其 dns 来解析 nextcloud 服务 servicename.namespacename.svc.cluster.local
一方面,将您的应用程序划分得如此之多并没有什么意义。 Kubernetes 已经为您在同一命名空间中的应用程序之间提供了足够的隐私。
更新
Ingress 适合您,因为您只有 1 INGRESS CONTROLLER。由于有两个服务,我添加了一个路径规则,该规则将被重写为 /,因此每个服务都会收到一个干净的 URI。使用 myhomeserver.io/ghost 访问 ghost,使用 myhomeserver.io/nextcloud 访问 nextcloud。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ghost
namespace: ghost
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myhomeserver.io
http:
paths:
- path: /ghost
backend:
serviceName: ghost-service
servicePort: 2368
- path: /nextcloud
backend:
serviceName: nextcloud-service.nextcloud.svc.cluster.local
servicePort: 8080
更新 2
所以你的 ingress controller 在 ghost 命名空间中是 运行。因此,您的入口 必须部署在 ghost 命名空间中。 请注意每个主机的 http 规则。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ghost
namespace: ghost
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myhomeserver.io
http:
paths:
- path: /
backend:
serviceName: ghost-service
servicePort: 2368
- host: nextcloud.myhomeserver.io
http:
- path: /
backend:
serviceName: nextcloud-service.nextcloud.svc.cluster.local
servicePort: 8080
我已经设置了一个裸机 k8 集群(1 个主节点 - intel NUC 和 Raspberry pi 上的 2 个工作节点)。我设法设置了一个 metal-lb 负载平衡和 nginx 入口控制器。我启动了两个应用程序,ghost(在默认端口 2368 上侦听)和 nextcloud(在默认端口 80 上侦听)。我正在尝试从 public ip myhomeserver.io(访问 ghost 应用程序)和 nextcloud.myhomeserver.io(访问下一个云应用程序)访问应用程序。我可以访问 ghost 应用程序,但我似乎无法访问 nextcloud.Given 下面是入口和服务的 yaml 文件。不确定我哪里出错了。
kubectl get services --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 98d
ghost ghost-service ClusterIP 10.107.116.108 <none> 2368/TCP 7h37m
ingress-nginx ingress-nginx LoadBalancer 10.109.177.223 192.168.178.200 80:31619/TCP,443:30365/TCP 7d23h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 98d
nextcloud nextcloud-service ClusterIP 10.105.24.162 <none> 8080/TCP 137m
=============================================================================================================================
NAMESPACE NAME HOSTS ADDRESS PORTS AGE
ghost ingress-ghost myhomeserver.io 192.168.178.200 80 7d22h
nextcloud ingress-nextcloud nextcloud.myhomeserver.io 192.168.178.200 80 140m
=============================================================================================================================
cat ingress-object-ghost.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ghost
namespace: ghost
spec:
rules:
- host: myhomeserver.io
http:
paths:
- backend:
serviceName: ghost-service
servicePort: 2368
=============================================================================================================================
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nextcloud
namespace: nextcloud
spec:
rules:
- host: nextcloud.myhomeserver.io
http:
paths:
- backend:
serviceName: nextcloud-service
servicePort: 8080
================================================================================================================================
cat ingress-object-nextcloud.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nextcloud
namespace: nextcloud
spec:
rules:
- host: nextcloud.myhomeserver.io
http:
paths:
- backend:
serviceName: nextcloud-service
servicePort: 8080
===================================================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name:
deployment-nextcloud
namespace: nextcloud
labels:
env: prod
app: nextcloud-app
spec:
template:
metadata:
name: nextcloud-app-pod
labels:
app: nextcloud-app
env: production
spec:
containers:
- name: nextcloud
image: arm32v7/nextcloud
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-data
securityContext:
privileged: True
volumes:
- name: nextcloud-data
persistentVolumeClaim:
claimName: pvc-nextcloud
nodeSelector:
kubernetes.io/arch: arm
replicas: 2
selector:
matchLabels:
app: nextcloud-app
================================================================================================================
apiVersion: v1
kind: Service
metadata:
name: nextcloud-service
namespace: nextcloud
labels:
app: nextcloud-app
spec:
type: ClusterIP
selector:
app: nextcloud-app
ports:
- port: 8080
targetPort: 8080
protocol: TCP
请注意,您的 nginx 入口控制器 运行 在 ghost 命名空间中,因此它只知道 ghost 服务。如果你想在那里有一个入口,你需要为你的 nextcloud 命名空间有另一个入口控制器。如果您不想要另一个入口控制器,那么您可以通过以下方式定位其 dns 来解析 nextcloud 服务 servicename.namespacename.svc.cluster.local
一方面,将您的应用程序划分得如此之多并没有什么意义。 Kubernetes 已经为您在同一命名空间中的应用程序之间提供了足够的隐私。
更新
Ingress 适合您,因为您只有 1 INGRESS CONTROLLER。由于有两个服务,我添加了一个路径规则,该规则将被重写为 /,因此每个服务都会收到一个干净的 URI。使用 myhomeserver.io/ghost 访问 ghost,使用 myhomeserver.io/nextcloud 访问 nextcloud。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ghost
namespace: ghost
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myhomeserver.io
http:
paths:
- path: /ghost
backend:
serviceName: ghost-service
servicePort: 2368
- path: /nextcloud
backend:
serviceName: nextcloud-service.nextcloud.svc.cluster.local
servicePort: 8080
更新 2
所以你的 ingress controller 在 ghost 命名空间中是 运行。因此,您的入口 必须部署在 ghost 命名空间中。 请注意每个主机的 http 规则。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-ghost
namespace: ghost
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myhomeserver.io
http:
paths:
- path: /
backend:
serviceName: ghost-service
servicePort: 2368
- host: nextcloud.myhomeserver.io
http:
- path: /
backend:
serviceName: nextcloud-service.nextcloud.svc.cluster.local
servicePort: 8080