Kubernetes与Nginx Ingress从集群外部访问。

huangapple
go评论126阅读模式
英文:

kubernetes with nginx-ingress access from outside cluster

问题

以下是您提供的内容的翻译部分:

  1. So, here is my current setup
  2. My experience is mostly on openshift, but I'm trying to get familiar with kubernetes... and I'm a bit noob in KS8 :)
  4. kubernets + callico + external storage(nfs) + metallb + ingress-nginx
  6.      kubectl get nodes -o wide
  7.     NAME        STATUS   ROLES           AGE     VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
  8.     master01    Ready    control-plane   3d14h   v1.26.2   192.168.50.15    <none>        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4
  9.     master02    Ready    control-plane   2d15h   v1.26.2   192.168.50.16    <none>        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4
  10.     worker-01   Ready    worker          2d14h   v1.26.2   192.168.50.105   <none>        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4
  11.     worker-02   Ready    worker          2d13h   v1.26.2   192.168.50.106   <none>        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4
  14. kubectl get pods -n metallb-system -o wide
  16.     NAME                         READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
  17.     controller-79d5899cb-hg4lv   1/1     Running   0          23m   10.30.0.27       worker-02   <none>           <none>
  18.     speaker-lvpbn                1/1     Running   0          21m   192.168.50.106   worker-02   <none>           <none>
  19.     speaker-rxcvb                1/1     Running   0          21m   192.168.50.105   worker-01   <none>           <none>
  21. metallb has been config with this ippool
  23.     apiVersion: metallb.io/v1beta1
  24.     kind: IPAddressPool
  25.     metadata:
  26.       namespace: metallb-system
  27.       name: lb-pool
  28.     spec:
  29.       addresses:
  30.         - 192.168.50.115-192.168.50.118
  33.  kubectl get all -n ingress-nginx
  35.     NAME                                           READY   STATUS    RESTARTS   AGE
  36.     pod/ingress-nginx-controller-c69664497-z84b8   1/1     Running   0          12h
  37.     
  38.     NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                                     AGE
  39.     service/ingress-nginx-controller             LoadBalancer   10.108.69.42    192.168.50.115   80:32481/TCP,443:32137/TCP,8443:30940/TCP   83m
  40.     service/ingress-nginx-controller-admission   ClusterIP      10.97.240.138   <none>           443/TCP                                     12h
  41.     
  42.     NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
  43.     deployment.apps/ingress-nginx-controller   1/1     1            1           12h
  44.     
  45.     NAME                                                 DESIRED   CURRENT   READY   AGE
  46.     replicaset.apps/ingress-nginx-controller-c69664497   1         1         1       12h
  49.     kubectl create deployment  httpd24 --image=docker.io/library/httpd:2.4.55
  50.     kubectl expose deployment/httpd24 --port 80
  52. create ingress::
  54.     apiVersion: networking.k8s.io/v1
  55.     kind: Ingress
  56.     metadata:
  57.       name: httpd24-ingress
  58.       namespace: default
  59.     spec:
  60.       ingressClassName: nginx
  61.       rules:
  62.       - host: http24-kube.docker-containers.local
  63.         http:
  64.           paths:
  65.           - path: /
  66.             pathType: Prefix
  67.             backend:
  68.               service:
  69.                 name: httpd24
  70.                 port:
  71.                   number: 80
  73.     kubectl get ingress
  74.     NAME              CLASS   HOSTS                                 ADDRESS          PORTS   AGE
  75.     httpd24-ingress   nginx   http24-kube.docker-containers.local   192.168.50.115   80      58m
  78. So, from inside cluster I can execute w/o errors curl -s http://http24-kube.docker-containers.local
  80. However, from outside cluster ping to 192.158.50.115 or ping to http24-kube.docker-containers.local got timeout.
  82. Computer from where I try to connect to http24-kube.docker-containers.local has access to subnet 192.168.50.0/25
  84. I think it may be related to nginx-ingress...but have zero experience with  ....
  86. C:\Users\AZ_fjonnas>nslookup http24-kube.docker-containers.local
  87. Name:    http24-kube.docker-containers.local
  88. Address:  192.168.50.115
  90. Now, from the one of the masternodes
  92. root@master01:~# curl -s 'http://http24-kube.docker-containers.local'
  93. <html><body><h1>It works!</h1></body></html>
  94. root@master01:~#
  96. So, cluster master nodes resolve the name, moreover can access the httpd24 pod with ingress IP
  98. But, windows machine can't access at all ingress IP(192.168.50.111) port 80
  100. That's why I think is something related to how nginx-ingress works... :(
  102. ALL nodes belong to same subnet: 192.168.50.0/25

希望这些翻译对您有所帮助。如果您有任何其他问题或需要进一步的帮助,请随时提出。

英文:

So, here is my current setup
My experience is mostly on openshift, but I'm trying to get familiar with kubernetes... and I'm a bit noob in KS8 Kubernetes与Nginx Ingress从集群外部访问。

kubernets + callico + external storage(nfs) + metallb + ingress-nginx

  1.  kubectl get nodes -o wide
  2. NAME        STATUS   ROLES           AGE     VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
  3. master01    Ready    control-plane   3d14h   v1.26.2   192.168.50.15    &lt;none&gt;        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4
  4. master02    Ready    control-plane   2d15h   v1.26.2   192.168.50.16    &lt;none&gt;        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4
  5. worker-01   Ready    worker          2d14h   v1.26.2   192.168.50.105   &lt;none&gt;        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4
  6. worker-02   Ready    worker          2d13h   v1.26.2   192.168.50.106   &lt;none&gt;        Ubuntu 22.04.2 LTS   5.15.0-67-generic   cri-o://1.24.4

kubectl get pods -n metallb-system -o wide

  1. NAME                         READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
  2. controller-79d5899cb-hg4lv   1/1     Running   0          23m   10.30.0.27       worker-02   &lt;none&gt;           &lt;none&gt;
  3. speaker-lvpbn                1/1     Running   0          21m   192.168.50.106   worker-02   &lt;none&gt;           &lt;none&gt;
  4. speaker-rxcvb                1/1     Running   0          21m   192.168.50.105   worker-01   &lt;none&gt;           &lt;none&gt;

metallb has been config with this ippool

  1. apiVersion: metallb.io/v1beta1
  2. kind: IPAddressPool
  3. metadata:
  4. namespace: metallb-system
  5. name: lb-pool
  6. spec:
  7. addresses:
  8. - 192.168.50.115-192.168.50.118

kubectl get all -n ingress-nginx

  1. NAME                                           READY   STATUS    RESTARTS   AGE
  2. pod/ingress-nginx-controller-c69664497-z84b8   1/1     Running   0          12h
  3. NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                                     AGE
  4. service/ingress-nginx-controller             LoadBalancer   10.108.69.42    192.168.50.115   80:32481/TCP,443:32137/TCP,8443:30940/TCP   83m
  5. service/ingress-nginx-controller-admission   ClusterIP      10.97.240.138   &lt;none&gt;           443/TCP                                     12h
  6. NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
  7. deployment.apps/ingress-nginx-controller   1/1     1            1           12h
  8. NAME                                                 DESIRED   CURRENT   READY   AGE
  9. replicaset.apps/ingress-nginx-controller-c69664497   1         1         1       12h
  10. kubectl create deployment  httpd24 --image=docker.io/library/httpd:2.4.55
  11. kubectl expose deployment/httpd24 --port 80

create ingress::

  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4. name: httpd24-ingress
  5. namespace: default
  6. spec:
  7. ingressClassName: nginx
  8. rules:
  9. - host: http24-kube.docker-containers.local
  10. http:
  11. paths:
  12. - path: /
  13. pathType: Prefix
  14. backend:
  15. service:
  16. name: httpd24
  17. port:
  18. number: 80
  19. kubectl get ingress
  20. NAME              CLASS   HOSTS                                 ADDRESS          PORTS   AGE
  21. httpd24-ingress   nginx   http24-kube.docker-containers.local   192.168.50.115   80      58m

So, from inside cluster I can execute w/o errors curl -s http://http24-kube.docker-containers.local

However, from outside cluster ping to 192.158.50.115 or ping to http24-kube.docker-containers.local got timeout.

Computer from where I try to connect to http24-kube.docker-containers.local has access to subnet 192.168.50.0/25

I think it may be related to nginx-ingress...but have zero experience with ....

========

  1. C:\Users\AZ_fjonnas&gt;nslookup http24-kube.docker-containers.local
  2. Name:    http24-kube.docker-containers.local
  3. Address:  192.168.50.115

Now, from the one of the masternodes

  1. root@master01:~# curl -s &#39;http://http24-kube.docker-containers.local&#39;
  2. &lt;html&gt;&lt;body&gt;&lt;h1&gt;It works!&lt;/h1&gt;&lt;/body&gt;&lt;/html&gt;
  3. root@master01:~#

So, cluster master nodes resolve the name, moreover can access the httpd24 pod with ingress IP

But, windows machine can't access at all ingress IP(192.168.50.111) port 80

That's why I think is something related to how nginx-ingress works... Kubernetes与Nginx Ingress从集群外部访问。

ALL nodes belong to same subnet: 192.168.50.0/25

答案1

得分: 1

抱歉,我无法理解你的请求。请提供需要翻译的文本,我会帮你进行翻译。

英文:

Damn,

Solved Kubernetes与Nginx Ingress从集群外部访问。

  1. ---
  2. apiVersion: metallb.io/v1beta1
  3. kind: L2Advertisement
  4. metadata:
  5. name: lb-pool
  6. namespace: metallb-system
  7. spec:
  8. ipAddressPools:
  9. - lb-pool

Seems that L2Advertisement was missing according to :
https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/baremetal.md

答案2

得分: 0

在您的机器上,除非您已将http24-kube.docker-containers.local的DNS名称指定为记录(因为这是您选择的名称,公共DNS服务器中没有相关记录),否则它无法将其解析为IP地址。如果您像下面这样添加它:

  1. 192.168.50.115	http24-kube.docker-containers.local

然后您可以执行以下操作:

  1. curl -s http://http24-kube.docker-containers.local

或者

当您直接提供入口的IP时,需要在调用入口时指定主机标头,如下所示:

  1. curl -s http://192.168.50.115 -H "Host: http24-kube.docker-containers.local"

注意

另外,您在Pod中尝试的命令不应该起作用,因为CoreDNS(使用默认引导配置 - Corefile)不知道如何解析http24-kube.docker-containers.local的DNS名称。

  1. curl -s http://http24-kube.docker-containers.local

使用服务名称和命名空间组合应该起作用:

  1. curl -s http://http24.default
英文:

In your machine, it does not know how to resolve http24-kube.docker-containers.local DNS name to an IP address unless you have specified it in /etc/hosts as a record (since it's a name chosen by you that has no records in public DNS servers). If you add it like the below:

  1. 192.168.50.115	http24-kube.docker-containers.local

Then you can do the following:

  1. curl -s http://http24-kube.docker-containers.local

OR

You need to specify the host header when invoking the ingress while directly giving the IP of the ingress like below:

  1. curl -s http://192.168.50.115 -H &quot;Host: http24-kube.docker-containers.local&quot;

Note

Also, The command you tried within a pod should not work since CoreDNS (with the default bootstrap configuration - Corefile) does not know what to resolve for this http24-kube.docker-containers.local DNS name.

  1. curl -s http://http24-kube.docker-containers.local

Using service name and namespace combination should work:

  1. curl -s http://http24.default

huangapple
  • 本文由 发表于 2023年3月7日 19:14:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/75661258.html
  • kubernetes
  • nginx-ingress
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定