Baremetal Kubernetes 集群上的 Nginx Ingress Controller 问题

Baremetal Kubernetes 集群上的 Nginx Ingress Controller 问题

因此,我正在建立一个可用于生产的集群,以利用本地资源。我们在集群中安装了一个 MetalLB 负载均衡器,其 IP 地址池范围为 10.100.7.150-10.100.7.160,可供出租。我已经安装了 Nginx Ingress Controller Helm Chart,并将服务设置为 LoadBalancer 类型,它将 10.100.7.150 的 IP 分配给该服务。从那里,我的理解是,我可以为其他服务创建入口资源,NGINX 将处理到相应服务的路由。当前 DNS 无法解析。如果我将单独的服务设置为 LoadBalancer 类型,则我能够通过 IP 访问该站点。但是,使用 Ingress 时,当我尝试为 ArgoCD 设置入口时,我会从 Nginx 收到 404 未找到响应。我想要实现的是拥有一个通配符 DNSentry“*.apps.prod.lh2”,NGINX 可以解析该 DNSentry 并将其路由到相应的服务。我已经创建了自己的默认/通配符 TLS 密钥供 Nginx 使用,但我仍然不明白 DNS 为何无法解析。我不太了解这个过程应该如何工作,所以如果有人可以提供一些见解,我将不胜感激,详情请参阅下文

请参阅 STACKOVER FLOW 上的问题链接以获取更多图片

无法在此处发布图片,因此在 stackoverflow 上提出的问题包含与此问题相关的图片

https://stackoverflow.com/questions/78355239/nginx-ingress-controller-on-baremetal-kubernetes-cluster-issues

请参阅以下链接,了解 MetalLB 使用的清单

https://raw.githubusercontent.com/metallb/metallb/v0.14.4/config/manifests/metallb-native.yaml


请参阅以下链接,了解 NGINX 使用的 HELM CHART

https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.1/deployments/helm-chart


笔记

  • 我创建了一个 defaultTLS 密钥并将其应用于 NGINX Helm Chart 的 values.yaml,该密钥包含“apps.prod.lh2”的证书
  • 我创建了一个 wildcardTLS 密钥并将其应用于 NGINX Helm Chart 的 values.yaml,该密钥包含“*.apps.prod.lh2”的证书
  • 我创建的任何其他入口服务都会返回以下内容

MetalLB IP地址池

apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: primary-pool
  namespace: metallb-system
spec:
  addresses:
  - 10.100.7.150-10.100.7.160

MetalLB L2广告

apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: primary-pool-advertisement
  namespace: metallb-system
spec:
  ipAddressPools:
  - primary-pool

NGINX 入口控制器服务

kubectl describe svc nginx-nginx-ingress-controller --namespace ingress-nginx
Name:                     nginx-nginx-ingress-controller
Namespace:                ingress-nginx
Labels:                   app.kubernetes.io/instance=nginx
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=nginx-ingress
                          app.kubernetes.io/version=3.2.1
                          helm.sh/chart=nginx-ingress-0.18.1
Annotations:              field.cattle.io/publicEndpoints:
                        [{"addresses": 
["10.100.7.150"],"port":80,"protocol":"TCP","serviceName":"ingress-nginx:nginx-nginx- 
ingress-controller","allNodes":false},{...
                          metallb.universe.tf/ip-allocated-from-pool: primary-pool
Selector:                 
app.kubernetes.io/instance=nginx,app.kubernetes.io/name=nginx-ingress
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.43.182.167
IPs:                      10.43.182.167
LoadBalancer Ingress:     10.100.7.150
Port:                     http  80/TCP
TargetPort:               80/TCP
NodePort:                 http  31541/TCP
Endpoints:                10.42.0.84:80
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  31790/TCP
Endpoints:                10.42.0.84:443
Session Affinity:         None
External Traffic Policy:  Local
HealthCheck NodePort:     32304
Events:
  Type    Reason        Age                   From             Message
  ----    ------        ----                  ----             -------
  Normal  nodeAssigned  22m (x62 over 2d11h)  metallb-speaker  announcing from node 
"vbp-k8p-03" with protocol "layer2"

ARGOCD 服务

kubectl describe svc argocd-server --namespace argocd
Name:              argocd-server
Namespace:         argocd
Labels:            app.kubernetes.io/component=server
                   app.kubernetes.io/name=argocd-server
                   app.kubernetes.io/part-of=argocd
                   k8slens-edit-resource-version=v1
Annotations:       field.cattle.io/publicEndpoints: null
Selector:          app.kubernetes.io/name=argocd-server
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.43.239.52
IPs:               10.43.239.52
Port:              http  80/TCP
TargetPort:        8080/TCP
Endpoints:         10.42.0.22:8080
Port:              https  443/TCP
TargetPort:        8080/TCP
Endpoints:         10.42.0.22:8080
Session Affinity:  None
Events:            <none>

阿尔戈CD 入口

kubectl describe ingress argocd-ingress --namespace argocd
Name:             argocd-ingress
Labels:           <none>
Namespace:        argocd
Address:          10.100.7.150
Ingress Class:    nginx
Default backend:  argocd-server:80 (10.42.0.22:8080)
Rules:
  Host                  Path  Backends
  ----                  ----  --------
  argocd.apps.prod.lh2
                        /   argocd-server:80 (10.42.0.22:8080)
Annotations:            field.cattle.io/publicEndpoints:
                          [{"addresses":["10.100.7.150"],"port":80,"protocol":"HTTP","serviceName":"argocd:argocd-server","ingressName":"argocd:argocd-ingress","hos...
Events:
  Type    Reason          Age                From                      Message
  ----    ------          ----               ----                      -------
  Normal  AddedOrUpdated  18m (x3 over 19m)  nginx-ingress-controller  Configuration for argocd/argocd-ingress was added or updated

相关内容