nginx 入口主机应用程序主 IP 不工作

问题描述

附上下面的说明。我需要在 192.168.5.91 托管应用程序,这是 kubetnet 集群的主 IP。所有这些都在私人空间中运行。可以通过 localhost:30239 访问。但我需要通过 192.168.5.51 (master.example.com) 访问它 - 在 /etc/hosts 中添加

     $kubectl describe service -n ingress-Nginx  ingress-Nginx
Name:              ingress-Nginx-controller
Namespace:         ingress-Nginx
Labels:            app.kubernetes.io/component=controller
                   app.kubernetes.io/instance=ingress-Nginx
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=ingress-Nginx
                   app.kubernetes.io/version=0.46.0
                   helm.sh/chart=ingress-Nginx-3.30.0
Annotations:       service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: true
                   service.beta.kubernetes.io/do-loadbalancer-hostname: master-kmrl.example.com
Selector:          app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-Nginx,app.kubernetes.io/name=metrodash-ingress
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.98.115.20
IPs:               10.98.115.20
External IPs:      192.168.9.51
Port:              http  80/TCP
TargetPort:        http/TCP
Endpoints:         <none>
Port:              https  443/TCP
TargetPort:        https/TCP
Endpoints:         <none>
Session Affinity:  None
Events:            <none>

Name:              ingress-Nginx-controller-admission
Namespace:         ingress-Nginx
Labels:            app.kubernetes.io/component=controller
                   app.kubernetes.io/instance=ingress-Nginx
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=ingress-Nginx
                   app.kubernetes.io/version=0.46.0
                   helm.sh/chart=ingress-Nginx-3.30.0
Annotations:       <none>
Selector:          app.kubernetes.io/component=controller,app.kubernetes.io/name=ingress-Nginx
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.101.116.78
IPs:               10.101.116.78
Port:              https-webhook  443/TCP
TargetPort:        webhook/TCP
Endpoints:         192.168.79.191:8443
Session Affinity:  None
Events:            <none>

此处附上服务文件

 $kubectl get service --all-namespaces
NAMESPACE              NAME                                 TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                      AGE
cert-manager           cert-manager                         ClusterIP      10.97.7.155      <none>         9402/TCP                     2d1h
cert-manager           cert-manager-webhook                 ClusterIP      10.102.27.254    <none>         443/TCP                      2d1h
default                kubernetes                           ClusterIP      10.96.0.1        <none>         443/TCP                      10d
ingress-Nginx          ingress-Nginx-controller             LoadBalancer   10.104.163.193   192.168.9.51   80:31152/TCP,443:31291/TCP   7m24s
ingress-Nginx          ingress-Nginx-controller-admission   ClusterIP      10.101.116.78    <none>         443/TCP                      8d
ingress-Nginx          metrodash-service                    NodePort       10.107.176.33    <none>         80:30239/TCP                 13m
kube-system            calico-etcd                          ClusterIP      10.96.232.136    <none>         6666/TCP                     10d
kube-system            kube-dns                             ClusterIP      10.96.0.10       <none>         53/UDP,53/TCP,9153/TCP       10d
kubernetes-dashboard   dashboard-metrics-scraper            ClusterIP      10.109.44.9      <none>         8000/TCP                     9d
kubernetes-dashboard   kubernetes-dashboard                 ClusterIP      10.102.146.7     <none>         443/TCP                      9d

入口配置

apiVersion: networking.k8s.io/v1
kind: Ingress
Metadata:
  name: metrodash-ingress
  namespace: ingress-Nginx
  annotations:
    Nginx.ingress.kubernetes.io/proxy-send-timeout: '200'
    Nginx.ingress.kubernetes.io/proxy-read-timeout: '200'
    Nginx.ingress.kubernetes.io/proxy-connect-timeout: '200'
    # cert-manager.io/cluster-issuer: lets-encrypt-stag
spec:
  ingressClassName: Nginx
  rules:
    - host: master.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: metrodash-service
                port:
                  number: 8000

部署配置:

apiVersion: apps/v1
kind: Deployment
Metadata:
  name: metrodash-app
  namespace: ingress-Nginx
  labels:
    app: metrodash
spec:
    replicas: 2
    selector:
      matchLabels:
         app: metrodash
    template:
      Metadata:
        labels:
          app: metrodash
      spec:
        containers:
          - image: metrodash:latest
            name: metrodash
            imagePullPolicy: IfNotPresent
            envFrom:
            - secretRef:
                name: metrodash-secret
            - configMapRef:
                name: metrodash-config
            ports:
              - containerPort: 8000
                name: gunicorn

配置映射:

apiVersion: v1
kind: ConfigMap
Metadata:
  name: metrodash-config
  namespace: ingress-Nginx
data:
  DJANGO_ALLOWED_HOSTS: "*"
  STATIC_ENDPOINT_URL: "metrodash.com"
  STATIC_BUCKET_NAME: "metrodashbucket"
  DJANGO_LOGLEVEL: "info"
  DEBUG: "True"
  DATABASE_ENGINE: "postgresql_psycopg2"

入口描述:

kubectl describe ingress -n ingress-Nginx metrodash-ingress
Name:             metrodash-ingress
Namespace:        ingress-Nginx
Address:          192.168.9.51
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                     Path  Backends
  ----                     ----  --------
  master.example.com  
                           /   metrodash-service:8000 (192.168.79.134:8000,192.168.79.135:8000)
Annotations:               Nginx.ingress.kubernetes.io/proxy-connect-timeout: 200
                           Nginx.ingress.kubernetes.io/proxy-read-timeout: 200
                           Nginx.ingress.kubernetes.io/proxy-send-timeout: 200
Events:                    <none>

单节点:

 kubectl get nodes
NAME          STATUS   ROLES                  AGE   VERSION
master   Ready    control-plane,master   10d   v1.21.0

解决方法

检查入口 nginx 控制器并按以下格式添加主机端口。 $ kubectl get pod -n kube-system ingress-nginx-controller-789d9c4dc-5wnc2 -oyaml

[...]
ports:
- containerPort: 80
  hostPort: 80
  name: http
  protocol: TCP
- containerPort: 443
  hostPort: 443
  name: https
  protocol: TCP
- containerPort: 8443
  name: webhook
  protocol: TCP
[...]

要通过主机 ip 获取访问权限,请从入口配置中删除主机 FQDN 名称,留空或将其删除。

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: metrodash-ingress
  namespace: ingress-nginx
  annotations:
    nginx.ingress.kubernetes.io/proxy-send-timeout: '200'
    nginx.ingress.kubernetes.io/proxy-read-timeout: '200'
    nginx.ingress.kubernetes.io/proxy-connect-timeout: '200'
    # cert-manager.io/cluster-issuer: lets-encrypt-stag
spec:
  ingressClassName: nginx
  rules:
    - host: 
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: metrodash-service
                port:
                  number: 8000