使入口部署为侦听树莓派kubernetes集群上的端口80的必要条件 [英] What is necessary to make an ingress deployed as a demonset listening on port 80 on a raspberrypi kubernetes cluster

问题描述

您好kubernetes专家

Hello kubernetes experts,

我有一个在4个树莓pi上运行的kubernetes集群，使用docker 18.04ce和kubernetes 1.9.7.

I've a kubernetes cluster running on 4 raspberry pis with docker 18.04ce and kubernetes 1.9.7.

我部署了一项服务，可以通过集群IP从集群内部访问此服务. 我还按照 https://docs.traefik.io/user-guide中所述部署了一个入口/kubernetes/和

I deployed a service and this service can be accessed from within the cluster via the cluster IP. I also deployed an ingress as described in https://docs.traefik.io/user-guide/kubernetes/ and in How to get Kubernetes Ingress Port 80 working on baremetal single node cluster as a DaemonSet based on an ingress-controller-service. The DaemonSet also has NET_BIND_SERVICE set which should achieve that the host is listening on the same port as the service.

一切工作都与所描述的一样，但是我的入口未在主机端口80上侦听.某种程度上，NET_BIND_SERVICE设置无法按预期工作. 有谁知道该如何解决?

Everything works like described but my ingress doesn't listen on the hosts port 80. Somehow the setting NET_BIND_SERVICE doesn't work as intended. Does anyone know how to fix that?

如果我将入口控制器作为NodeNode部署而不是作为DaemonSet进行部署，则它可以工作，但将我限制为kubernetes允许为NodePort分配端口.

If I deploy the ingress-controller as a Deployment with NodePort instead of as a DaemonSet it works but that limits me to the ports kubernetes allows for assigns for NodePorts.

https://hackernoon.com/kubernetes-ingress-controllers-and -traefik-a32648a4ae95 告诉我们，入口DaemonSet的hostPort不适用于CNI网络插件(我已经通过法兰绒和编织进行了测试)，但是与Kubernetes @ RaspberryPI网站(例如://blog.hypriot.com/post/setup-kubernetes-raspberry-pi-cluster/)告诉它有效，因此应该解决此问题.

https://hackernoon.com/kubernetes-ingress-controllers-and-traefik-a32648a4ae95 tells that hostPort of an ingress DaemonSet doesn't work with a CNI networking plugin (I tested with flannel and weave) but the Kubernetes@RaspberryPI sites (like https://blog.hypriot.com/post/setup-kubernetes-raspberry-pi-cluster/) tell that it works so this issue should be solved.

先谢谢了 亨氏

推荐答案

我找到了一个配置，基于traefik的入口如何在具有docker 18.04CE，kubernetes 1.9.7和2018-06-27-raspbian的Raspberry Pi集群上工作-stretch-lite.img:

I found a configuration how the ingress based on traefik works on my Raspberry Pi cluster with docker 18.04CE, kubernetes 1.9.7 and 2018-06-27-raspbian-stretch-lite.img:

使用> https://docs.traefik.io/user-guide中的DaemonSet定义/kubernetes/，尤其是Yaml文件 https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-ds.yaml

Use the DaemonSet definition from https://docs.traefik.io/user-guide/kubernetes/ and in particular the yaml file https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-ds.yaml

但是 你必须添加 hostNetwork:符合DaemonSet的规范 和 类型:符合服务规格的ClusterIP.

but you have to add hostNetwork: true to the spec of the DaemonSet and type: ClusterIP to the spec of the Service.

我的工作Yaml如下:

My working yaml is as follows:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      containers:
      - image: traefik
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
          hostPort: 8080
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        args:
        - --api
        - --kubernetes
        - --logLevel=DEBUG
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  type: ClusterIP
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin

根据kubernetes文档，ClusterIP是服务类型的默认设置.但是，只有在我明确添加类型:ClusterIP到支持入口控制器的服务时，我的示例才起作用.

According to the kubernetes documentation ClusterIP is the default for the type of a service. But my sample only works if I explicitly add type: ClusterIP to the service that backs the ingress-controller.

我还检查了是否仅将"hostNetwork:true"添加到DeamonSet的spec.template.spec或将"type:ClusterIP"添加到服务的规范是否有效，但是仅当我将两者都添加时，它才有效.

I also checked whether it works if I only add either "hostNetwork: true" to the spec.template.spec of the DeamonSet or "type: ClusterIP" to the spec of the service but it only works if I add both.

这篇关于使入口部署为侦听树莓派kubernetes集群上的端口80的必要条件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！