因此,我正在建立一个可用于生产的集群,以利用本地资源。我们在集群中安装了一个 MetalLB 负载均衡器,其 IP 地址池范围为 10.100.7.150-10.100.7.160,可供出租。我已经安装了 Nginx Ingress Controller Helm Chart,并将服务设置为 LoadBalancer 类型,它将 10.100.7.150 的 IP 分配给该服务。从那里,我的理解是,我可以为其他服务创建入口资源,NGINX 将处理到相应服务的路由。当前 DNS 无法解析。如果我将单独的服务设置为 LoadBalancer 类型,则我能够通过 IP 访问该站点。但是,使用 Ingress 时,当我尝试为 ArgoCD 设置入口时,我会从 Nginx 收到 404 未找到响应。我想要实现的是拥有一个通配符 DNSentry“*.apps.prod.lh2”,NGINX 可以解析该 DNSentry 并将其路由到相应的服务。我已经创建了自己的默认/通配符 TLS 密钥供 Nginx 使用,但我仍然不明白 DNS 为何无法解析。我不太了解这个过程应该如何工作,所以如果有人可以提供一些见解,我将不胜感激,详情请参阅下文
请参阅 STACKOVER FLOW 上的问题链接以获取更多图片
无法在此处发布图片,因此在 stackoverflow 上提出的问题包含与此问题相关的图片
请参阅以下链接,了解 MetalLB 使用的清单
https://raw.githubusercontent.com/metallb/metallb/v0.14.4/config/manifests/metallb-native.yaml
请参阅以下链接,了解 NGINX 使用的 HELM CHART
https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.1/deployments/helm-chart
笔记:
- 我创建了一个 defaultTLS 密钥并将其应用于 NGINX Helm Chart 的 values.yaml,该密钥包含“apps.prod.lh2”的证书
- 我创建了一个 wildcardTLS 密钥并将其应用于 NGINX Helm Chart 的 values.yaml,该密钥包含“*.apps.prod.lh2”的证书
- 我创建的任何其他入口服务都会返回以下内容
MetalLB IP地址池
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: primary-pool
namespace: metallb-system
spec:
addresses:
- 10.100.7.150-10.100.7.160
MetalLB L2广告
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: primary-pool-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- primary-pool
NGINX 入口控制器服务
kubectl describe svc nginx-nginx-ingress-controller --namespace ingress-nginx
Name: nginx-nginx-ingress-controller
Namespace: ingress-nginx
Labels: app.kubernetes.io/instance=nginx
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=nginx-ingress
app.kubernetes.io/version=3.2.1
helm.sh/chart=nginx-ingress-0.18.1
Annotations: field.cattle.io/publicEndpoints:
[{"addresses":
["10.100.7.150"],"port":80,"protocol":"TCP","serviceName":"ingress-nginx:nginx-nginx-
ingress-controller","allNodes":false},{...
metallb.universe.tf/ip-allocated-from-pool: primary-pool
Selector:
app.kubernetes.io/instance=nginx,app.kubernetes.io/name=nginx-ingress
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.43.182.167
IPs: 10.43.182.167
LoadBalancer Ingress: 10.100.7.150
Port: http 80/TCP
TargetPort: 80/TCP
NodePort: http 31541/TCP
Endpoints: 10.42.0.84:80
Port: https 443/TCP
TargetPort: 443/TCP
NodePort: https 31790/TCP
Endpoints: 10.42.0.84:443
Session Affinity: None
External Traffic Policy: Local
HealthCheck NodePort: 32304
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal nodeAssigned 22m (x62 over 2d11h) metallb-speaker announcing from node
"vbp-k8p-03" with protocol "layer2"
ARGOCD 服务
kubectl describe svc argocd-server --namespace argocd
Name: argocd-server
Namespace: argocd
Labels: app.kubernetes.io/component=server
app.kubernetes.io/name=argocd-server
app.kubernetes.io/part-of=argocd
k8slens-edit-resource-version=v1
Annotations: field.cattle.io/publicEndpoints: null
Selector: app.kubernetes.io/name=argocd-server
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.43.239.52
IPs: 10.43.239.52
Port: http 80/TCP
TargetPort: 8080/TCP
Endpoints: 10.42.0.22:8080
Port: https 443/TCP
TargetPort: 8080/TCP
Endpoints: 10.42.0.22:8080
Session Affinity: None
Events: <none>
阿尔戈CD 入口
kubectl describe ingress argocd-ingress --namespace argocd
Name: argocd-ingress
Labels: <none>
Namespace: argocd
Address: 10.100.7.150
Ingress Class: nginx
Default backend: argocd-server:80 (10.42.0.22:8080)
Rules:
Host Path Backends
---- ---- --------
argocd.apps.prod.lh2
/ argocd-server:80 (10.42.0.22:8080)
Annotations: field.cattle.io/publicEndpoints:
[{"addresses":["10.100.7.150"],"port":80,"protocol":"HTTP","serviceName":"argocd:argocd-server","ingressName":"argocd:argocd-ingress","hos...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal AddedOrUpdated 18m (x3 over 19m) nginx-ingress-controller Configuration for argocd/argocd-ingress was added or updated