Kubernetes使用Nginx Ingress暴露Dashboard
[TOC]
1. 环境说明
- 可用的kubernetes集群
- 可用的nginx ingress controller
- 可用的dashboard
关于kubernetes、dashboard和nginx ingress在前面文章中,已有介绍。
《centos7使用kubeadm安装kubernetes 1.11版本多主高可用》
《kubernetes 1.11配置使用nginx ingress》
也可以使用helm快速搭建nginx ingress和dashboard。 stable/kubernetes-dashboard
stable/nginx-ingress
2. 成功要点
ingress配置啥的这里不详细介绍 。关于暴露dashboard成功的关键,在于新版本dashboard默认使用https提供服务。所以,在ingress中要配置如下annotations
参数。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
3. 为什么
而为什么是这个nginx.ingress.kubernetes.io
前缀呢?
来查查nginx ingress的service,是不是有这个metadata
:
[[email protected] gitlab]# kubectl get svc -n nginx-ingress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller ClusterIP 10.105.201.166 <none> 80/TCP,443/TCP,2222/TCP 23h
nginx-ingress-default-backend ClusterIP 10.110.35.3 <none> 80/TCP 23h
[[email protected] gitlab]# kubectl get svc -n nginx-ingress nginx-ingress-controller -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2018-09-19T09:54:51Z
labels:
app: nginx-ingress
chart: nginx-ingress-0.9.5
component: controller
heritage: Tiller
release: nginx-ingress
name: nginx-ingress-controller
namespace: nginx-ingress
那我们想当然的尝试加上kubernetes.io/ingress.class: nginx
[[email protected] gitlab]# kubectl edit svc -n nginx-ingress nginx-ingress-controller
# Please edit the object below. Lines beginning with a ‘#‘ will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
kubernetes.io/ingress.class: nginx
再去dashboard的ingress配置修改成这个:
[[email protected] templates]# kubectl get ing -n kube-system
NAME HOSTS ADDRESS PORTS AGE
dashboard-kubernetes-dashboard k8s.linuxba.com 80, 443 48m
[[email protected] templates]# kubectl edit ing -n kube-system dashboard-kubernetes-dashboard
# Please edit the object below. Lines beginning with a ‘#‘ will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/secure-backends: "true"
kubernetes.io/ssl-passthrough: "true"
然后发现,dashboard访问不了了,说明annotations
没有生效。那看来service
这里的annotations
不是决定性因素。
那我们来分析下,最后生效的是nginx-ingress-controller里的程序解析的,那试试查他的程序运行命令或者帮助:
[[email protected] ~]# find /var/lib/docker -name nginx-ingress-controller
/var/lib/docker/overlay2/2744ab879932e0ebc522a5f2bdc78ab51742c88d13d1ba99fb1fa8601a07ea43/diff/nginx-ingress-controller
/var/lib/docker/overlay2/63d22e69065b1e49beb4ac91e91106c8e4bab204afc9912304204619cbe7e443/diff/nginx-ingress-controller
^C
[[email protected] ~]# /var/lib/docker/overlay2/2744ab879932e0ebc522a5f2bdc78ab51742c88d13d1ba99fb1fa8601a07ea43/diff/nginx-ingress-controller --help|more
Usage of :
--alsologtostderr log to standard error as well as files
--annotations-prefix string Prefix of the Ingress annotations specific to the NGINX controller. (default "nginx.ingress.kubernetes.io")
果然发现了决定性参数--annotations-prefix
。
4. 小结
原来一直以来,我忽视掉了这个关键参数。当然,有人会说,像linux一样,用到那么多命令,那么多参数,怎么可能记得住,都看过。所以,我觉得一项很重要的习惯或者技能,是学会去摸索,去实践排查,这样我们会的东西,其实比表面看起来要多得多。
参考资料:
[1] https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
原文地址:http://blog.51cto.com/ygqygq2/2177778