英文:
Kubernetes Ingress-Controllers "fighting" over Address in Ingress
问题
基础设施背景:
我在我的Kubernetes(K3s)集群中有4个节点。
k3s-server 位置=家(VM),主要用于etcd复制
k3s-agent 位置=家(VM),运行大多数Pod
mercury 位置=家(RPI4),重要Pod的备份
moon 位置=云(云VM),在公共云中运行某些工作负载
我在两个命名空间中运行ingress-nginx Helm图表的两个不同实例。一个用于在ingressClassName=nginx时在我的家中公开本地服务,使用loadBalancerIP: 192.168.113.230运行在nginx-ingres-home命名空间中。云控制器使用ingressClassName=nginx-cloud和loadBalancerIP: 91.x.x.x,并运行在nginx-ingress-cloud命名空间中。 (Helm图表和示例Ingress的值如下)
问题
现在我有多个定义的Ingress,它们使用不同的类。然而,使用kubectl get ingress -A提供以下输出。
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
kubernetes-dashboard kubernetes-dashboard nginx k3s.local.example.com 192.168.113.230 80, 443 4d3h
longhorn-system longhorn-ingress nginx longhorn.local.example.com 192.168.113.230 80, 443 10d
mailu mailu nginx-cloud mail.example.com 192.168.113.230 80, 443 2d23h
pihole pihole nginx dns.local.example.com 192.168.113.230 80, 443 10d
ubiquiti unifi-web-interface nginx unifi.local.example.com 192.168.113.230 80, 443 24h
可以看到,不管在Ingress中设置的ingressClassName是什么,地址始终来自其中一个ingress控制器。这些地址定期切换。 “nginx-ingress-home”的日志显示,控制器始终更新Ingress的地址(1分钟间隔):
I0510 19:46:12.087815 7 status.go:300] "updating Ingress status" namespace="pihole" ingress="pihole" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.087857 7 status.go:300] "updating Ingress status" namespace="ubiquiti" ingress="unifi-web-interface" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.088485 7 status.go:300] "updating Ingress status" namespace="mailu" ingress="mailu" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.088782 7 status.go:300] "updating Ingress status" namespace="longhorn-system" ingress="longhorn-ingress" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.090051 7 status.go:300] "updating Ingress status" namespace="kubernetes-dashboard" ingress="kubernetes-dashboard" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
当然,“nginx-ingress-cloud”也执行相同的操作,只是用“91.x.x.x”替换“192.168.113.230”。
有人知道如何阻止它们“占有”所有Ingress,只更新分配了相同IngressClass的Ingress吗?
配置
nginx-ingress-home的值
controller:
ingressClass: "nginx"
ingressClassResource:
name: nginx
enabled: yes
default: yes
service:
type: "LoadBalancer"
loadBalancerIP: 192.168.113.230
nodeSelector:
location: home
tolerations: #Allow running on backup nodes
- key: "backup"
operator: "Equal"
value: "true"
effect: "NoSchedule"
affinity: #Prefer running on nodes labled type=power
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: type
operator: In
values:
- power
nginx-ingress-cloud的值
controller:
ingressClass: "nginx-cloud"
ingressClassResource:
name: nginx-cloud
enabled: yes
default: no
service:
type: "LoadBalancer"
loadBalancerIP: 91.x.x.x
nodeSelector:
location: cloud
示例home Ingress:Pihole
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- k3s.local.example.com
secretName: kubernetes-dashboard-tls
rules:
- host: k3s.local.example.com
http:
paths:
- backend:
service:
name: kubernetes-dashboard
port:
number: 443
path: /
pathType: Prefix
英文:
Infrastructure Background:
I have 4 nodes in my Kubernetes (K3s) cluster.
k3s-server location=home (VM) maily used for etcd replication
k3s-agent location=home (VM) runs most pods
mercury location=home (RPI4) backup for important pods
moon location=cloud (Cloud VM) runs certain workloads in a public cloud
I am running 2 different instances of the ingress-nginx helm chart in two namespaces. One to exposes local services at my home when ingressClassName=nginx using loadBalancerIP: 192.168.113.230 running in the nginx-ingres-home namespace. The cloud controller uses ingressClassName=nginx-cloud with loadBalancerIP: 91.x.x.x and runs inside the nginx-ingress-cloud namespace. (Values for the Helm charts & example Ingress below)
The Problem
I now have multiple Ingresses defined, which are using the different classes. However using kubectl get ingress -A provides the following output.
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
kubernetes-dashboard kubernetes-dashboard nginx k3s.local.example.com 192.168.113.230 80, 443 4d3h
longhorn-system longhorn-ingress nginx longhorn.local.example.com 192.168.113.230 80, 443 10d
mailu mailu nginx-cloud mail.example.com 192.168.113.230 80, 443 2d23h
pihole pihole nginx dns.local.example.com 192.168.113.230 80, 443 10d
ubiquiti unifi-web-interface nginx unifi.local.example.com 192.168.113.230 80, 443 24h
You can see that regardless of the ingressClassName set in the Ingress, the addresses are always the ones from one of the ingress-controllers. The addresses are switching periodically. The logs of nginx-ingress-home show, that the controller permanently updates the addresses of the Ingresses (1m interval):
I0510 19:46:12.087815 7 status.go:300] "updating Ingress status" namespace="pihole" ingress="pihole" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.087857 7 status.go:300] "updating Ingress status" namespace="ubiquiti" ingress="unifi-web-interface" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.088485 7 status.go:300] "updating Ingress status" namespace="mailu" ingress="mailu" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.088782 7 status.go:300] "updating Ingress status" namespace="longhorn-system" ingress="longhorn-ingress" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
I0510 19:46:12.090051 7 status.go:300] "updating Ingress status" namespace="kubernetes-dashboard" ingress="kubernetes-dashboard" currentValue=[{IP:91.x.x.x Hostname: Ports:[]}] newValue=[{IP:192.168.113.230 Hostname: Ports:[]}]
Of course the nginx-ingress-cloud does the same thing, just replacing 192.168.113.230 with 91.x.x.x.
Does somebody know, how to stop them from "taking owernship" of all Ingresses and only updating the ones with the same IngressClass assigned?
Configs
Values of nginx-ingress-home
controller:
ingressClass: "nginx"
ingressClassResource:
name: nginx
enabled: yes
default: yes
service:
type: "LoadBalancer"
loadBalancerIP: 192.168.113.230
nodeSelector:
location: home
tolerations: #Allow running on backup nodes
- key: "backup"
operator: "Equal"
value: "true"
effect: "NoSchedule"
affinity: #Prefer running on nodes labled type=power
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: type
operator: In
values:
- power
Values of nginx-ingress-cloud
controller:
ingressClass: "nginx-cloud"
ingressClassResource:
name: nginx-cloud
enabled: yes
default: no
service:
type: "LoadBalancer"
loadBalancerIP: 91.x.x.x
nodeSelector:
location: cloud
Example home Ingress: Pihole
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- k3s.local.example.com
secretName: kubernetes-dashboard-tls
rules:
- host: k3s.local.example.com
http:
paths:
- backend:
service:
name: kubernetes-dashboard
port:
number: 443
path: /
pathType: Prefix
答案1
得分: 1
借助Blender Fox的评论,我能够找到解决方案。
IngressClass对象具有属性spec.controller,这似乎是入口控制器在选择入口类是否属于其类集时查看的值。我能够通过在Helm Chart中设置controller.ingressClassResource.controllerValue的不同值来更改该值。在我的情况下,我选择了k8s.io/ingress-nginx/nginx和k8s.io/ingress-nginx/nginx-cloud,而不是默认的k8s.io/ingress-nginx。
英文:
With the help of a comment from Blender Fox I was able to figure out the solution.
The IngressClass objects have the property spec.controller, which seems to be the value, for which a ingress controller looks, when choosing if the ingressClass is part of his set of classes. I was able to change that value in the Helm Chart, by setting the controller.ingressClassResource.controllerValue to different values. In my case I chose k8s.io/ingress-nginx/nginx and k8s.io/ingress-nginx/nginx-cloud instead of the default k8s.io/ingress-nginx.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论