NGINX 入口控制器无法在 Amazon EKS 上运行
NGINX Ingress Controller not working on Amazon EKS
NGINX 入口控制器无法在 Amazon EKS 上运行
我使用 eksctl 在私有子网上创建了一个 Amazon EKS 集群。
eksctl create cluster \
--name eks101 \
--version 1.18 \
--region af-south-1 \
--nodegroup-name standard-workers \
--node-type t3.medium \
--nodes 3 \
--nodes-min 1 \
--nodes-max 4 --managed \
--vpc-private-subnets=subnet-123,subnet-456,subnet-789 \
--node-private-networking
我必须标记私有子网,否则不会创建负载平衡器
aws ec2 create-tags \
--resources subnet-123 subnet-456 subnet-789 \
--tags Key=kubernetes.io/cluster/eks101,Value=owned Key=kubernetes.io/role/elb,Value=1
然后我使用以下安装说明安装了 NGINX Ingress Controller:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
我使用 Deployment 而非 DaemonSet 安装了 Ingress Controller
我必须将以下注释添加到 loadbalancer-aws-elb.yaml 以创建负载均衡器:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
Pods 和服务都是 运行:
# kubectl get pod -n nginx-ingress
NAME READY STATUS RESTARTS AGE
nginx-ingress-576565b59c-s9c6b 1/1 Running 0 3h15m
# kubectl get service -n nginx-ingress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress LoadBalancer 172.20.44.89 internal-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-123456789.af-south-1.elb.amazonaws.com 80:30694/TCP,443:31260/TCP 33s
当我连接到负载平衡器时,我收到 404 Not Found,这是正确的。
curl -k http://internal-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-123456789.af-south-1.elb.amazonaws.com/
然后我安装了一个示例应用程序
kubectl apply -f apache-app.yaml
# kubectl get pod
NAME READY STATUS RESTARTS AGE
apache-app-84f76964b5-9c4wc 1/1 Running 0 114s
apache-app-84f76964b5-xvmzx 1/1 Running 0 114s
# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apache-app ClusterIP 172.20.243.80 <none> 80/TCP 24s
# kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
apache-app <none> apache.mydomain.com 80 39s
curl -k -H "Host: apache.mydomain.com" http://internal-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-123456789.af-south-1.elb.amazonaws.com/
它没有路由到应用程序。
即使我添加 apache.mydomain.com 主机 header.
仍然得到 404 Not Found。
与在没有主机 header.
的情况下调用时的响应相同
当我查看 nginx-ingress pod 日志时,我看到的是:
kubectl get pod -n nginx-ingress
kubectl logs -f --tail 20 $(kubectl get pod -n nginx-ingress | grep Running | awk '{print }') -n nginx-ingress
10.249.225.11 - - [14/Dec/2020:11:53:41 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:11:54:31 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:11:58:03 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:12:01:08 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:12:01:11 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:12:01:16 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
我还能在哪里查找问题?
如果我将我的应用程序服务更改为 LoadBalancer 而不是使用入口,它会起作用。
---
apiVersion: v1
kind: Service
metadata:
name: apache-app
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
labels:
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: apache-app
即使入口 class 设置为默认值:
apiVersion: networking.k8s.io/v1beta1
kind: IngressClass
metadata:
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: nginx.org/ingress-controller
我仍然必须在我的应用程序入口中指定入口 class:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: apache-app
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
如果我将 apiVersion 升级到 apiVersion: networking.k8s.io/v1beta1,那么我不需要在我的应用程序入口中指定入口控制器。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: apache-app
namespace: default
NGINX 入口控制器无法在 Amazon EKS 上运行
我使用 eksctl 在私有子网上创建了一个 Amazon EKS 集群。
eksctl create cluster \
--name eks101 \
--version 1.18 \
--region af-south-1 \
--nodegroup-name standard-workers \
--node-type t3.medium \
--nodes 3 \
--nodes-min 1 \
--nodes-max 4 --managed \
--vpc-private-subnets=subnet-123,subnet-456,subnet-789 \
--node-private-networking
我必须标记私有子网,否则不会创建负载平衡器
aws ec2 create-tags \
--resources subnet-123 subnet-456 subnet-789 \
--tags Key=kubernetes.io/cluster/eks101,Value=owned Key=kubernetes.io/role/elb,Value=1
然后我使用以下安装说明安装了 NGINX Ingress Controller:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
我使用 Deployment 而非 DaemonSet 安装了 Ingress Controller
我必须将以下注释添加到 loadbalancer-aws-elb.yaml 以创建负载均衡器:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
Pods 和服务都是 运行:
# kubectl get pod -n nginx-ingress
NAME READY STATUS RESTARTS AGE
nginx-ingress-576565b59c-s9c6b 1/1 Running 0 3h15m
# kubectl get service -n nginx-ingress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress LoadBalancer 172.20.44.89 internal-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-123456789.af-south-1.elb.amazonaws.com 80:30694/TCP,443:31260/TCP 33s
当我连接到负载平衡器时,我收到 404 Not Found,这是正确的。
curl -k http://internal-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-123456789.af-south-1.elb.amazonaws.com/
然后我安装了一个示例应用程序
kubectl apply -f apache-app.yaml
# kubectl get pod
NAME READY STATUS RESTARTS AGE
apache-app-84f76964b5-9c4wc 1/1 Running 0 114s
apache-app-84f76964b5-xvmzx 1/1 Running 0 114s
# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apache-app ClusterIP 172.20.243.80 <none> 80/TCP 24s
# kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
apache-app <none> apache.mydomain.com 80 39s
curl -k -H "Host: apache.mydomain.com" http://internal-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-123456789.af-south-1.elb.amazonaws.com/
它没有路由到应用程序。
即使我添加 apache.mydomain.com 主机 header.
仍然得到 404 Not Found。
与在没有主机 header.
的情况下调用时的响应相同
当我查看 nginx-ingress pod 日志时,我看到的是:
kubectl get pod -n nginx-ingress
kubectl logs -f --tail 20 $(kubectl get pod -n nginx-ingress | grep Running | awk '{print }') -n nginx-ingress
10.249.225.11 - - [14/Dec/2020:11:53:41 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:11:54:31 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:11:58:03 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:12:01:08 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:12:01:11 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
10.249.225.11 - - [14/Dec/2020:12:01:16 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.58.0" "-"
我还能在哪里查找问题?
如果我将我的应用程序服务更改为 LoadBalancer 而不是使用入口,它会起作用。
---
apiVersion: v1
kind: Service
metadata:
name: apache-app
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
labels:
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: apache-app
即使入口 class 设置为默认值:
apiVersion: networking.k8s.io/v1beta1
kind: IngressClass
metadata:
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: nginx.org/ingress-controller
我仍然必须在我的应用程序入口中指定入口 class:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: apache-app
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
如果我将 apiVersion 升级到 apiVersion: networking.k8s.io/v1beta1,那么我不需要在我的应用程序入口中指定入口控制器。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: apache-app
namespace: default