Kubernetes使用Nginx Ingress暴露Dashboard

发布时间：2023-09-06 02:15责任编辑：顾先生关键词：暂无标签

[TOC]

1. 环境说明

可用的kubernetes集群
可用的nginx ingress controller
可用的dashboard

关于kubernetes、dashboard和nginx ingress在前面文章中，已有介绍。 ???
《centos7使用kubeadm安装kubernetes 1.11版本多主高可用》 ???
《kubernetes 1.11配置使用nginx ingress》 ???
也可以使用helm快速搭建nginx ingress和dashboard。 ???????
stable/kubernetes-dashboard ???
stable/nginx-ingress ???

2. 成功要点

ingress配置啥的这里不详细介绍。关于暴露dashboard成功的关键，在于新版本dashboard默认使用https提供服务。所以，在ingress中要配置如下annotations参数。

apiVersion: extensions/v1beta1kind: Ingressmetadata: ?annotations: ???nginx.ingress.kubernetes.io/ingress.class: nginx ???nginx.ingress.kubernetes.io/secure-backends: "true" ???nginx.ingress.kubernetes.io/ssl-passthrough: "true"

3. 为什么

而为什么是这个nginx.ingress.kubernetes.io前缀呢？ ???

来查查nginx ingress的service，是不是有这个metadata：

[root@lab1 gitlab]# kubectl get svc -n nginx-ingress NAME ???????????????????????????TYPE ???????CLUSTER-IP ??????EXTERNAL-IP ??PORT(S) ??????????????????AGEnginx-ingress-controller ???????ClusterIP ??10.105.201.166 ??<none> ???????80/TCP,443/TCP,2222/TCP ??23hnginx-ingress-default-backend ??ClusterIP ??10.110.35.3 ?????<none> ???????80/TCP ???????????????????23h[root@lab1 gitlab]# kubectl get svc -n nginx-ingress ?nginx-ingress-controller ?-o yamlapiVersion: v1kind: Servicemetadata: ?creationTimestamp: 2018-09-19T09:54:51Z ?labels: ???app: nginx-ingress ???chart: nginx-ingress-0.9.5 ???component: controller ???heritage: Tiller ???release: nginx-ingress ?name: nginx-ingress-controller ?namespace: nginx-ingress

那我们想当然的尝试加上kubernetes.io/ingress.class: nginx

[root@lab1 gitlab]# kubectl edit svc -n nginx-ingress ?nginx-ingress-controller # Please edit the object below. Lines beginning with a ‘#‘ will be ignored,# and an empty file will abort the edit. If an error occurs while saving this file will be# reopened with the relevant failures.#apiVersion: v1kind: Servicemetadata: ?annotations: ???kubernetes.io/ingress.class: nginx

再去dashboard的ingress配置修改成这个：

[root@lab1 templates]# kubectl get ing -n kube-systemNAME ????????????????????????????HOSTS ????????????ADDRESS ??PORTS ????AGEdashboard-kubernetes-dashboard ??k8s.linuxba.com ????????????80, 443 ??48m[root@lab1 templates]# kubectl edit ing -n kube-system dashboard-kubernetes-dashboard# Please edit the object below. Lines beginning with a ‘#‘ will be ignored,# and an empty file will abort the edit. If an error occurs while saving this file will be# reopened with the relevant failures.#apiVersion: extensions/v1beta1kind: Ingressmetadata: ?annotations: ???kubernetes.io/ingress.class: nginx ???kubernetes.io/secure-backends: "true" ???kubernetes.io/ssl-passthrough: "true"

然后发现，dashboard访问不了了，说明annotations没有生效。那看来service这里的annotations不是决定性因素。 ???

那我们来分析下，最后生效的是nginx-ingress-controller里的程序解析的，那试试查他的程序运行命令或者帮助：

[root@lab4 ~]# find /var/lib/docker -name nginx-ingress-controller/var/lib/docker/overlay2/2744ab879932e0ebc522a5f2bdc78ab51742c88d13d1ba99fb1fa8601a07ea43/diff/nginx-ingress-controller/var/lib/docker/overlay2/63d22e69065b1e49beb4ac91e91106c8e4bab204afc9912304204619cbe7e443/diff/nginx-ingress-controller^C[root@lab4 ~]# /var/lib/docker/overlay2/2744ab879932e0ebc522a5f2bdc78ab51742c88d13d1ba99fb1fa8601a07ea43/diff/nginx-ingress-controller --help|moreUsage of : ?????--alsologtostderr ??????????????????log to standard error as well as files ?????--annotations-prefix string ????????Prefix of the Ingress annotations specific to the NGINX controller. (default "nginx.ingress.kubernetes.io")

果然发现了决定性参数--annotations-prefix。 ???

4. 小结

原来一直以来，我忽视掉了这个关键参数。当然，有人会说，像linux一样，用到那么多命令，那么多参数，怎么可能记得住，都看过。所以，我觉得一项很重要的习惯或者技能，是学会去摸索，去实践排查，这样我们会的东西，其实比表面看起来要多得多。

参考资料：
[1] https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

Kubernetes使用Nginx Ingress暴露Dashboard

原文地址：http://blog.51cto.com/ygqygq2/2177778

Kubernetes使用Nginx Ingress暴露Dashboard

1. 环境说明

2. 成功要点

3. 为什么

4. 小结

知识推荐