Nginx入口会忽略ConfigMap和注释 [英] Nginx ingress ignores ConfigMap and annotations
问题描述
我已经建立了一个k8s集群(目前有1个裸机节点,既是主节点又是工作节点).我还按如下所述设置了Nginx入口控制器:https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/以下是确切步骤:
I've set up a k8s cluster (1 bare metal node for now, which is both master and worker). I've also set up Nginx ingress controller as described here: https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/ Below are the exact steps:
-
kubectl apply -f common/ns-and-sa.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/rbac/rbac.yaml (无修改) -
kubectl apply -f common/default-server-secret.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/nginx-config.yaml 修改文件:
kubectl apply -f common/ns-and-sa.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/ns-and-sa.yaml (no modifications)kubectl apply -f rbac/rbac.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/rbac/rbac.yaml (no modifications)kubectl apply -f common/default-server-secret.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/default-server-secret.yaml (no modifications)kubectl apply -f common/nginx-config.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/nginx-config.yaml Modified file:
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config
namespace: nginx-ingress
data:
ignore-invalid-headers: "false"
use-forwarded-headers: "true"
forwarded-for-header: "CF-Connecting-IP"
proxy-real-ip-cidr: "...IPs go here..."
kubectl apply -f common/ingress-class.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/ingress-class.yaml Modified file:
apiVersion: networking.k8s.io/v1beta1
kind: IngressClass
metadata:
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: nginx.org/ingress-controller
- 这些命令:
kubectl apply -f common/crds/k8s.nginx.org_virtualservers.yaml
kubectl apply -f common/crds/k8s.nginx.org_virtualserverroutes.yaml
kubectl apply -f common/crds/k8s.nginx.org_transportservers.yaml
kubectl apply -f common/crds/k8s.nginx.org_policies.yaml
没有修改,链接:
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_virtualservers.yaml
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_virtualserverroutes.yaml
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_transportservers.yaml
- https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/common/crds/k8s.nginx.org_policies.yaml
kubectl apply -f daemon-set/nginx-ingress.yaml
https://github.com/nginxinc/kubernetes-ingress/blob/release-1.11/deployments/daemon-set/nginx-ingress.yaml (no modifications)
我还设置了cert-manager,它工作正常(很确定这没关系).
I've also set up cert-manager, which works fine (pretty sure this does not matter much).
现在,当我创建一些Ingress资源时,它几乎可以正常工作.我可以从外部Internet访问它,也可以颁发证书,等等.但是ConfigMap(common/nginx-config.yaml)没有应用,并且像 nginx.org/rewrite-target这样的注释:/$ 1
也没有应用.
Now, when I create some Ingress resource, it almost works. I can access it from the outer Internet, certificate issuing works, etc. But ConfigMap (common/nginx-config.yaml) is not applied, and annotations like nginx.org/rewrite-target: /$1
are not applied, too.
示例:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-com
namespace: example-com
annotations:
nginx.org/rewrite-target: /$1
spec:
ingressClassName: nginx
tls:
- hosts:
- example.com
secretName: example-com-tls
rules:
- host: example.com
http:
paths:
- path: /api/(.*)
pathType: ImplementationSpecific
backend:
service:
name: api
port:
number: 80
- path: /(.*)
pathType: ImplementationSpecific
backend:
service:
name: frontend
port:
number: 80
当然使用真实域名.在此示例中,我收到404 nginx错误.在其他Ingress中,我传递了/proxy-body-size
注释,该注释也不起作用(无法上传大文件).
Real domain names are used, of course. I get 404 nginx error in this example. In other Ingress I pass /proxy-body-size
annotation, which does not work also (can not upload large files).
我已经使用 kubectl -n nginx-ingress exec -it nginx-ingress-snjjp bash
exec
进入了入口控制器容器,并查看了中的文件/etc/nginx/conf.d
.没有文件包含ConfigMap或批注中指定的配置.
I've exec
ed into ingress controller pod with kubectl -n nginx-ingress exec -it nginx-ingress-snjjp bash
and looked at files in /etc/nginx/conf.d
. None of the files contained configuration specified in ConfigMap or annotations.
这是它的样子(我删除了多余的空行并替换了域名):
This is what it look like (I removed extra blank lines and replaced domain names):
# configuration for example-com/example-com
upstream example-com-example-com-example.com-api-80 {
zone example-com-example-com-example.com-api-80 256k;
random two least_conn;
server 10.32.0.4:80 max_fails=1 fail_timeout=10s max_conns=0;
}
upstream example-com-example-com-example.com-frontend-80 {
zone example-com-example-com-example.com-frontend-80 256k;
random two least_conn;
server 10.32.0.27:80 max_fails=1 fail_timeout=10s max_conns=0;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/secrets/example-com-example-com-tls;
ssl_certificate_key /etc/nginx/secrets/example-com-example-com-tls;
server_tokens on;
server_name example.com;
set $resource_type "ingress";
set $resource_name "example-com";
set $resource_namespace "example-com";
if ($scheme = http) {
return 301 https://$host:443$request_uri;
}
location /api/(.*) {
set $service "api";
proxy_http_version 1.1;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_max_body_size 1m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering on;
proxy_pass http://example-com-example-com-example.com-api-80;
}
location /(.*) {
set $service "frontend";
proxy_http_version 1.1;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_max_body_size 1m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering on;
proxy_pass http://example-com-example-com-example.com-frontend-80;
}
}
我还尝试了 nginx.ingress.kubernetes.io/
批注(如您所见,我不是专业人士,这是我用Google搜索的内容).没有成功.
I also tried nginx.ingress.kubernetes.io/
annotations (I'm not a pro as you can see, and it was what I googled). No success.
我正在更新群集,并且使用较早版本的k8s(我认为是1.15),几天前一切正常.当然,除了入口控制器外,我对所有服务都使用完全相同的配置.
I am updating my cluster, and with the older version of k8s (1.15 I think it was) everything worked a couple of days ago. I used the exact same configuration for every service, except ingress controller, of course.
有什么想法吗?
推荐答案
我发现了什么地方不对.我正在使用Kubernetes Nginx Ingress Controller https://kubernetes.github.io/ingress-nginx/使用我的旧设置,现在我正在使用Nginx Ingress Controller https://www.nginx.com/products/nginx-ingress-controller/这些实现具有不同的注释(后者缺少许多有用的注释).这真的很令人困惑,因为配置是相似的,并且可能会认为它们是相同的.
I've found out what is wrong. I was using Kubernetes Nginx Ingress Controller https://kubernetes.github.io/ingress-nginx/ with my old setup, and now I am using Nginx Ingress Controller https://www.nginx.com/products/nginx-ingress-controller/ These implementations have different annotations (the latter is missing many useful annotations). This is really very confusing, as configuration is similar and one may think these are the same.
这篇关于Nginx入口会忽略ConfigMap和注释的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!