Nginx Daemonset-如何选择要绑定到的IP地址?

编程问答 2022-08-16

问题描述

我有一个在Centos8上运行的Docker Enterprise k8裸机集群,并按照官方文档使用来自GIT的清单文件安装NGINX:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/

吊舱似乎正在运行:

kubectl -n nginx-ingress describe pod nginx-ingress-fzr2j

Name:         nginx-ingress-fzr2j
Namespace:    nginx-ingress
Priority:     0
Node:         server.example.com/172.16.1.180
Start Time:   Sun,16 Aug 2020 16:48:49 -0400
Labels:       app=nginx-ingress
              controller-revision-hash=85879fb7bc
              pod-template-generation=2
Annotations:  kubernetes.io/psp: privileged
Status:       Running
IP:           192.168.225.27
IPs:
  IP:           192.168.225.27

但是我的问题是它选择的IP地址是192.168.225.27。这是该服务器上的第二个网络。如何告诉nginx使用Node:部分中具有的172.16.1.180地址? Daemset配置为:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
  selector:
    matchLabels:
      app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
     #annotations:
       #prometheus.io/scrape: "true"
       #prometheus.io/port: "9113"
    spec:
      serviceAccountName: nginx-ingress
      containers:
      - image: nginx/nginx-ingress:edge
        imagePullPolicy: Always
        name: nginx-ingress
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          containerPort: 443
          hostPort: 443
        - name: readiness-port
          containerPort: 8081
       #- name: prometheus
         #containerPort: 9113
        readinessProbe:
         httpGet:
           path: /nginx-ready
           port: readiness-port
         periodSeconds: 1
        securityContext:
          allowPrivilegeEscalation: true
          runAsUser: 101 #nginx
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        args:
          - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
          - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret

我看不到要绑定IP地址的任何配置选项。

解决方法

您可能想要的东西是hostNetwork: true,它是:

使用主机的网络名称空间。如果设置了此选项,则必须指定将使用的端口。默认为false 

spec:
  template:
    spec:
      hostNetwork: true
      containers:
      - image: nginx/nginx-ingress:edge
        name: nginx-ingress

然后,只有在您将Ingress控制器绑定到主机上的所有地址的情况下,才需要指定绑定地址。如果仍然有此要求,则可以通过valueFrom: mechanism注入节点的IP:

...
  containers:
  - env:
    - name: MY_NODE_IP
      valueFrom:
        fieldRef:
          status.hostIP
daemonsetdockerkubernetesnginx-ingress

相关问答

导入项目后报错问题
依赖报错 idea导入项目后依赖报错,解决方案:https://blog....
idea不能识别yaml文件
使用mybatis plus常见错误
错误1:代码生成器依赖和mybatis依赖冲突 启动项目时报错如下...
gradle常见问题与错误
错误1:gradle项目控制台输出为乱码 # 解决方案:https://bl...
Mybatis Plus传入参数0不起作用
错误还原:在查询的过程中,传入的workType为0时,该条件不起...
linux中make编译源码包失败
报错如下,gcc版本太低 ^ server.c:5346:31: 错误:‘struct...