Microk8s,MetalLB,入口-nginx-如何安排外部交通?
Microk8s,MetalLB,入口-nginx-如何安排外部交通?
提问于 2020-09-20 01:54:26
库伯奈特斯/乌本图新手来了!
我正在使用一个Raspberry来建立一个k8s集群(希望将来有更多的)。我正在使用microk8s v1.18.8和Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1018-raspi aarch64)。
我正在尝试在端口k8s上访问我的一个80服务,但是我未能正确地设置它。我还设置了访问服务的静态IP地址,并将流量从路由器路由到服务的IP地址。
我想知道我做错了什么,或者是否有更好的方法来做我想做的事情!
我所遵循的步骤:
- 我运行过
microk8s enable dns metallb。我给出了DHPC服务器(192.168.0.90-192.168.0.99)没有处理的DHPC IP地址。 - 我通过运行
ingress-nginx安装了kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.35.0/deploy/static/provider/baremetal/deploy.yaml。这将为ingress-nginx-controller创建一个ingress-nginx-controller服务,该服务不适用于MetalLB。正如前面提到的,我通过运行这里将服务的spec.type从NodePort编辑到LoadBalancer。然后MetalLB将IP192.168.0.90分配给该服务。 - 然后应用以下配置文件:
apiVersion: v1
kind: Service
metadata:
name: wow-ah-api-service
namespace: develop
spec:
selector:
app: wow-ah-api
ports:
- protocol: TCP
port: 80
targetPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
# Unique key of the Deployment instance
name: wow-ah-api
namespace: develop
spec:
# 3 Pods should exist at all times.
replicas: 3
selector:
matchLabels:
app: wow-ah-api
template:
metadata:
namespace: develop
labels:
# Apply this label to pods and default
# the Deployment label selector to this value
app: wow-ah-api
spec:
imagePullSecrets:
- name: some-secret
containers:
- name: wow-ah-api
# Run this image
image: some-image
imagePullPolicy: Always
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: wow-ah-api-ingress
namespace: develop
spec:
backend:
serviceName: wow-ah-api-service
servicePort: 3000以下是我看到的一些成果:
microk8s kubectl get all --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
develop pod/wow-ah-api-6c4bff88f9-2x48v 1/1 Running 4 4h21m
develop pod/wow-ah-api-6c4bff88f9-ccw9z 1/1 Running 4 4h21m
develop pod/wow-ah-api-6c4bff88f9-rd6lp 1/1 Running 4 4h21m
ingress-nginx pod/ingress-nginx-admission-create-mnn8g 0/1 Completed 0 4h27m
ingress-nginx pod/ingress-nginx-admission-patch-x5r6d 0/1 Completed 1 4h27m
ingress-nginx pod/ingress-nginx-controller-7896b4fbd4-nglsd 1/1 Running 4 4h27m
kube-system pod/coredns-588fd544bf-576x5 1/1 Running 4 4h26m
metallb-system pod/controller-5f98465b6b-hcj9g 1/1 Running 4 4h23m
metallb-system pod/speaker-qc9pc 1/1 Running 4 4h23m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 21h
develop service/wow-ah-api-service ClusterIP 10.152.183.88 <none> 80/TCP 4h21m
ingress-nginx service/ingress-nginx-controller LoadBalancer 10.152.183.216 192.168.0.90 80:32151/TCP,443:30892/TCP 4h27m
ingress-nginx service/ingress-nginx-controller-admission ClusterIP 10.152.183.41 <none> 443/TCP 4h27m
kube-system service/kube-dns ClusterIP 10.152.183.10 <none> 53/UDP,53/TCP,9153/TCP 4h26m
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
metallb-system daemonset.apps/speaker 1 1 1 1 1 beta.kubernetes.io/os=linux 4h23m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
develop deployment.apps/wow-ah-api 3/3 3 3 4h21m
ingress-nginx deployment.apps/ingress-nginx-controller 1/1 1 1 4h27m
kube-system deployment.apps/coredns 1/1 1 1 4h26m
metallb-system deployment.apps/controller 1/1 1 1 4h23m
NAMESPACE NAME DESIRED CURRENT READY AGE
develop replicaset.apps/wow-ah-api-6c4bff88f9 3 3 3 4h21m
ingress-nginx replicaset.apps/ingress-nginx-controller-7896b4fbd4 1 1 1 4h27m
kube-system replicaset.apps/coredns-588fd544bf 1 1 1 4h26m
metallb-system replicaset.apps/controller-5f98465b6b 1 1 1 4h23m
NAMESPACE NAME COMPLETIONS DURATION AGE
ingress-nginx job.batch/ingress-nginx-admission-create 1/1 27s 4h27m
ingress-nginx job.batch/ingress-nginx-admission-patch 1/1 29s 4h27mmicrok8s kubectl get ingress --all-namespaces
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
develop wow-ah-api-ingress <none> * 192.168.0.236 80 4h23m我一直在想,这可能与我的iptables配置有关,但我不知道如何配置它们来使用microk8s。
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
KUBE-FIREWALL all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
KUBE-FORWARD all -- anywhere anywhere /* kubernetes forwarding rules */
KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
ACCEPT all -- 10.1.0.0/16 anywhere /* generated for MicroK8s pods */
ACCEPT all -- anywhere 10.1.0.0/16 /* generated for MicroK8s pods */
ACCEPT all -- 10.1.0.0/16 anywhere
ACCEPT all -- anywhere 10.1.0.0/16
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
KUBE-FIREWALL all -- anywhere anywhere
Chain KUBE-EXTERNAL-SERVICES (1 references)
target prot opt source destination
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
DROP all -- !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT all -- anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000
ACCEPT all -- anywhere anywhere /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination
Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination
Chain KUBE-SERVICES (3 references)
target prot opt source destination 更新#1
metallb ConfigMap (microk8s kubectl edit ConfigMap/config -n metallb-system)
apiVersion: v1
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.0.90-192.168.0.99
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"config":"address-pools:\n- name: default\n protocol: layer2\n addresses:\n - 192.168.0.90-192.168.0.99\n"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"config","namespace":"metallb-system"}}
creationTimestamp: "2020-09-19T21:18:45Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:config: {}
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
manager: kubectl
operation: Update
time: "2020-09-19T21:18:45Z"
name: config
namespace: metallb-system
resourceVersion: "133422"
selfLink: /api/v1/namespaces/metallb-system/configmaps/config
uid: 774f6a73-b1e1-4e26-ba73-ef71bc2e1060我很感激你能帮我的忙!
回答 2
Stack Overflow用户
发布于 2020-10-23 16:14:54
简短答覆:
- 您只需要(而且可能有)一个IP地址。您必须可以从外部的Microk8s机器点击它。
- 这是错误。删除此步骤
举个例子来回答:
清洁Microk8s。只有一个公共IP (或本地机器IP )。在您的用例中,我将使用192.168.0.90)。
你怎么测试?例如
curl -H "Host: blue.nginx.example.com" http://PUBLIC_IP从机器外面。
做个测试。一定会失败的。
启用microk8s dns和入口
microk8s.enable dns ingress做个测试。失败了?
,如果是相同的错误,那么:您需要金属
- 使用Internet公共IP microk8s.enable金属:$(curl ipinfo.io/ip)-$(curl ipinfo.io/ip)
- 使用LAN IP 192.168.0.90 metallb:192.168.0.90-192.168.0.90 microk8s.enable
再次运行测试
如果Test返回503或404,那么:您不能执行下一步。可能您有网络问题或防火墙过滤器。
侵入层
我们的测试到达了Microk8s入侵控制器。他不知道该怎么做,并返回404错误(有时503)。
没关系。下一个!
我将使用PjjCM1eLA?t=984 16:24中的一个例子
Kube 32在kubernetes裸金属团簇上建立Traefik入侵
set kubectl别名
alias kubectl=microk8s.kubectl部署应用程序
kubectl create -f https://raw.githubusercontent.com/justmeandopensource/kubernetes/master/yamls/ingress-demo/nginx-deploy-main.yaml
kubectl create -f https://raw.githubusercontent.com/justmeandopensource/kubernetes/master/yamls/ingress-demo/nginx-deploy-blue.yaml
kubectl create -f https://raw.githubusercontent.com/justmeandopensource/kubernetes/master/yamls/ingress-demo/nginx-deploy-green.yaml在内部集群网络中公开应用程序。默认情况下是ClusterIP。
kubectl expose deploy nginx-deploy-main --port 80
kubectl expose deploy nginx-deploy-blue --port 80
kubectl expose deploy nginx-deploy-green --port 80运行测试。不管用..。目前还没有。
入口规则示例:如何通过主机名传递
配置主机nginx.example.com、blue.nginx.example.com和green.nginx.example.com,并将请求分发给公开的部署:
kubectl create -f https://raw.githubusercontent.com/justmeandopensource/kubernetes/master/yamls/ingress-demo/ingress-resource-2.yaml运行以下测试:
curl -H "Host: blue.nginx.example.com" http://PUBLIC_IP现在你会有这样的回应
<h1>I am <font color=blue>BLUE</font></h1>你可以玩
curl -H "Host: nginx.example.com" http://PUBLIC_IP
curl -H "Host: blue.nginx.example.com" http://PUBLIC_IP
curl -H "Host: green.nginx.example.com" http://PUBLIC_IP结论:
- 我们只有一个IP地址和多个主机。
- 我们使用同一个端口有3种不同的服务。
- 请求分发是使用Ingress完成的。
Stack Overflow用户
发布于 2021-05-06 16:50:48
刚从MicroK8s开始--它似乎有很大的希望。在对信息站点和文档进行了梳理之后,能够用Traefik info控制器(使用自定义资源定义和入侵路由)、Linkerd服务网格和金属负载均衡器实现裸金属演示。这是在运行Ubuntu20.04的VirtualBox Guest上完成的;这个github链接也包含了“方法”来公开Guest外部metallb提供的外部IP。见https://github.com/msb1/microk8s-traefik-linkerd-whoami。
与Youtube链接中显示的实现相比,它更喜欢这种实现,因为它包括工作服务网格,并使用自定义的Ingress资源定义(它是Traefik特有的,也是处理Traefik的原因之一,而不是其他Ingress控制器)。
希望这会对其他人有所帮助--应该能够在这个演示(这是当前的焦点)的基础上,用MicroK8s构建非常棒的部署。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/63974879
复制相关文章
相似问题
腾讯云开发者
