首页 > 其他分享 >k8s 1.23部署ingress

k8s 1.23部署ingress

时间:2023-04-21 13:11:24浏览次数:52  
标签:ingress created admission nginx controller 1.23 k8s

1. 安装部署ingress-nginx

前言:坑比较多,pod启动running成功也并不代表ingress就能使用,需要进去pod内查看logs还有pod的描述也要看看是否有报错。

文件地址:

# 1.替换镜像
sed -i s#k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660#registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1#g deploy.yaml
sed -i s#k8s.gcr.io/ingress-nginx/controller:v1.1.1@sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de#registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1#g deploy.yaml

# 2.部署
kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created

# 3.查看pod
kubectl get pod -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-6njdx        0/1     Completed   0          14m
ingress-nginx-admission-patch-ngp42         0/1     Completed   0          14m
ingress-nginx-controller-85bf97579b-zgvdh   1/1     Running     0          9m7s

# 4.查看pod运行情况
kubectl describe pod -n ingress-nginx ingress-nginx-controller-74c6bcdc65-dttbv
Events:
  Type     Reason       Age                  From                      Message
  ----     ------       ----                 ----                      -------
  Normal   Scheduled    115s                 default-scheduler         Successfully assigned ingress-nginx/ingress-nginx-controller-74c6bcdc65-dttbv to k8s-node02
  Warning  FailedMount  114s (x2 over 115s)  kubelet                   MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
  Normal   Pulled       112s                 kubelet                   Container image "registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1" already present on machine
  Normal   Created      112s                 kubelet                   Created container controller
  Normal   Started      112s                 kubelet                   Started container controller
  Normal   RELOAD       110s                 nginx-ingress-controller  NGINX reload triggered due to a change in configuration

日志报错信息:MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found。

参考文档:https://juejin.cn/post/7099413476967514125#heading-5

查看secret:

kubectl get secret -A|grep ingress
ingress-nginx     default-token-bk2hf                              kubernetes.io/service-account-token   3      10m
ingress-nginx     ingress-nginx-admission                          Opaque                                3      10m
ingress-nginx     ingress-nginx-admission-token-fg9jn              kubernetes.io/service-account-token   3      10m
ingress-nginx     ingress-nginx-token-qd9n9                        kubernetes.io/service-account-token   3      10m

修改如下:

vim deploy.yaml
404       terminationGracePeriodSeconds: 300
405       volumes:
406         - name: webhook-cert
407           secret:
408             secretName: ingress-nginx-admission-token-fg9jn # 修改成我们上面找到的secret

重新部署:

kubectl apply -f deploy.yaml
# 查看日志看有没有之前的报错
kubectl describe pod -n ingress-nginx ingress-nginx-controller-85bf97579b-zgvdh
Events:
  Type    Reason     Age   From                      Message
  ----    ------     ----  ----                      -------
  Normal  Scheduled  15m   default-scheduler         Successfully assigned ingress-nginx/ingress-nginx-controller-85bf97579b-zgvdh to k8s-node02
  Normal  Pulled     15m   kubelet                   Container image "registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1" already present on machine
  Normal  Created    15m   kubelet                   Created container controller
  Normal  Started    15m   kubelet                   Started container controller
  Normal  RELOAD     15m   nginx-ingress-controller  NGINX reload triggered due to a change in configuration

编辑Ingress的svc,改为NodePort:

kubectl edit svc ingress-nginx-controller -n ingress-nginx
#将type:LoadBalancer   -------->   改为type:NodePorts

 访问Ingress:

kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.100.92.223   <none>        80:30081/TCP,443:30728/TCP   16m
ingress-nginx-controller-admission   ClusterIP   10.102.32.53    <none>        443/TCP                      16m

http://192.168.80.45:30081

标签:ingress,created,admission,nginx,controller,1.23,k8s
From: https://www.cnblogs.com/-k8s/p/17339990.html

相关文章

  • k8s编写cronjob
    1.k8s编写cronjob的知识点:通过sed对cronjob的yaml文件中的image属性进行替换:seds/old/new/gfile当old和new均为变量的时候,书写方式如下:sed-i's#'''$old_image'''#'''$new_image'''#g'quota-cronjob.yaml 2.cron......
  • k3s 基础 —— 配置 traefik dashboard & k8s dashboard 域名访问
    配置k8sdashboard域名访问安装略①kubectl代理(只支持localhost或http):kubectlproxy--address='0.0.0.0'--accept-hosts='^*$'②若k8s在虚拟机中部署,局域网中临时访问,可使用端口转发:kubectlport-forward-nkubernetes-dashboardservice/kubernetes-dashboard......
  • ingress nginx精确匹配
    如果要精确匹配/third/factory/device/healthcheck路径,可以在rules.http.paths中直接配置如下:-path:/third/factory/device/healthcheckpathType:Exactbackend:service:name:test-blavaplus-api-serviceport:number:80这里的关键是将p......
  • ingress nginx匹配某个固定路径
    这个Ingress资源使用的是NginxIngressController,要将path配置为/third/factory/device/healthcheck的location,可以在annotations中添加如下配置:nginx.ingress.kubernetes.io/rewrite-target:/$2然后在rules.http.paths中使用以下方式配置:-path:/third(/factory/de......
  • k8s基于RBAC权限生成config和token
    一、背景Kubernetes主要通过APIServer对外提供服务,对于这样的系统来说,如果不加以安全限制,那么可能导致请求被滥用,甚至导致整个集群崩塌。Kubernetes中提供了良好的多租户认证管理机制,RBAC正式其中重要的一个,今天我们来详细聊聊K8s中的RBAC。二、相关概念2.1在RBAC模型里面......
  • k8s deployment资源部署java以及skywalking agent示例
    catdeploy.ymlapiVersion:apps/v1kind:Deploymentmetadata:name:app-namenamespace:your-namespaceannotations:kubernetes.io/change-cause:2.11.0-SNAPSHOT-20230420-46#版本说明-用于回滚等labels:app:app-namespec:replicas:1sel......
  • Ingress nginx配置同一个域名不同的path访问不同的service
    配置同一个域名,不同的path,访问不同的service  #重写URL  #当您访问http://<ingress_ip>/foo/bar时,nginxingresscontroller将把请求路由到foo-service的80端口,并将原始请求的路径/foo/bar重写为/bar。    #nginx.ingress.kubernetes.io/rewrite-ta......
  • k8s api
    kubectldescribesecretdashboard-admin-token-s2k99-nkube-systemcurl--cacert/etc/kubernetes/ssl/k8s-root-ca.pem-H"Authorization:BearereyJh94Xy44BpIMJYX1-FygIomSoOAdvi85WTaLLsy"https://00.100.85.167:6443{"paths":[&quo......
  • K8s为啥要启用bridge-nf-call-iptables内核参数?用案例给你讲明白
    使用kubernetes遇到最多的70%问题都可以归于网络问题,最近发现如果内核参数:bridge-nf-call-iptables设置不当的话会影响kubernetes中Node节点上的Pod通过ClusterIP去访问同Node上的其它pod时会有超时现象,复盘记录一下排查的前因后因。1、问题现象集群环境为K8sv......
  • k8s下prometheus启动node_exporter
    启动访问地址:IP:9090启动方式:./prometheus--web.enable-lifecycle:热更新,不用重启即生效加载方法有以下两种#1.kill-HUPpid#2.curl-XPOSThttp://IP/-/reload--storage.tsdb.path:数据存储位置,默认是data目录。--storage.tsdb.retention.time:保留时间,默认是15天,过15天之后,就删......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99