Fatal编程技术网
  • kubernetes/
  • Kubernetes nginx入口未转发到仪表板

Kubernetes nginx入口未转发到仪表板

kubernetes

Kubernetes nginx入口未转发到仪表板,kubernetes,kubernetes-ingress,nginx-ingress,kubernetes-dashboard,Kubernetes,Kubernetes Ingress,Nginx Ingress,Kubernetes Dashboard,您好,感谢您抽出时间阅读我的问题 首先,我有一个EKS集群设置来使用公共和私有子网 我使用cloudformation生成集群,如中所述 然后,我通过kubectl apply-f(以下文件)为tiller创建一个服务帐户来初始化helm: 然后helminit--service account=tiller 然后是helm repo更新 然后,我使用helm通过以下方式安装nginx入口控制器: helm install --name nginx-ingress \ --nam

您好,感谢您抽出时间阅读我的问题

首先,我有一个EKS集群设置来使用公共和私有子网

我使用cloudformation生成集群,如中所述

然后,我通过
kubectl apply-f(以下文件)
为tiller创建一个服务帐户来初始化helm:

然后
helminit--service account=tiller
然后是
helm repo更新

然后,我使用helm通过以下方式安装nginx入口控制器:

helm install --name nginx-ingress \
        --namespace nginx-project \
        stable/nginx-ingress \
        -f nginx-ingress-values.yaml
其中,我的nginx-ingres-values.yaml是:

controller:
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: "60"
      service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: "abc-us-west-2-elb-access-logs"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: "vault-cluster/nginx"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:123456789:certificate/bb35b4c4-..."
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dashboard
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
  namespace: kube-system
spec:
#  tls:
#  - hosts:
#    - abc.def.com
  rules:
  - host: abc.def.com
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 8443

ingress:
  enabled: true
  hosts: [abc.def.com]
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  paths: [/dashboard(/|$)(.*)]
到目前为止,一切看起来都很好,我看到ELB被创建并连接起来使用acm for https

然后,我通过以下方式安装kubernetes仪表板:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

helm install --name kubernetes-dashboard \
    --namespace kube-system \
    stable/kubernetes-dashboard \
    -f kubernetes-dashboard-values.yaml
我可以通过
kubectl proxy

但当我通过以下方式为仪表板添加入口规则时: 
kubectl应用-f仪表板入口.yaml
其中dashboard-ingress.yaml为:

controller:
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: "60"
      service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: "abc-us-west-2-elb-access-logs"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: "vault-cluster/nginx"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:123456789:certificate/bb35b4c4-..."
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dashboard
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
  namespace: kube-system
spec:
#  tls:
#  - hosts:
#    - abc.def.com
  rules:
  - host: abc.def.com
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 8443

ingress:
  enabled: true
  hosts: [abc.def.com]
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  paths: [/dashboard(/|$)(.*)]
然后,当我试图去,我陷入了无限重定向循环

同样适用于 和

我是库伯内特斯的新手,非常喜欢这个。任何帮助都将不胜感激

更新-2019年9月5日: 当我从入口取出tls块时,我得到

到nginx后端,但将我转发到,我从openresty/1.15.8.1获得一个502坏网关

当我试着去

我得到了“404页面未找到”,据我所知,这是来自nginx入口控制器的响应

更新-2019年9月6日: 非常感谢mk_sta给出了下面的答案,这帮助我理解了我遗漏了什么

对于将来阅读本文的人来说,我通过helm安装的nginx ingress工作正常,但我的kubernetes仪表板安装缺少一些关键注释。最后,我能够通过以下方式配置helm以安装kubernetes仪表板:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

helm install --name kubernetes-dashboard \
    --namespace kube-system \
    stable/kubernetes-dashboard \
    -f kubernetes-dashboard-values.yaml
其中kubernetes-dashboard-values.yaml是:

controller:
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: "60"
      service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: "abc-us-west-2-elb-access-logs"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: "vault-cluster/nginx"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:123456789:certificate/bb35b4c4-..."
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dashboard
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
  namespace: kube-system
spec:
#  tls:
#  - hosts:
#    - abc.def.com
  rules:
  - host: abc.def.com
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 8443

ingress:
  enabled: true
  hosts: [abc.def.com]
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  paths: [/dashboard(/|$)(.*)]
然后,我可以访问位于和的仪表板

出于某种原因,如果我去掉尾部的斜杠,它就不起作用了

目前这对我来说已经足够了。

如果集群没有将
nginx
作为默认入口类,并且入口清单没有指定一个入口类,则可能发生这种情况

您可以尝试以下操作之一: -使用
控制器升级您的NGINX ingress安装。ingressClass
设置为
NGINX
(这样,创建的所有入口默认使用NGINX ingress)
-将
kubernetes.io/ingres.class:nginx
注释添加到您的ingress yaml中,以指定您希望nginx ingress处理它。

在我看来,您在源
ingress
配置中使用了错误的位置路径
/dashboard
,如果您没有自定义此设置,则默认情况下,相关UI端点会在相应的K8s资源的
443
端口上公开

ports:
- port: 443
  protocol: TCP
  targetPort: 8443
为了获得正确的基于路径的参数,请使用以下参数覆盖现有参数:

paths:
- path: /
  backend:
    serviceName: kubernetes-dashboard
    servicePort: 443
一旦您决定通过间接路径持有者URL()访问K8s仪表板UI,您就可以管理应用规则,以便透明地更改真实URL的一部分,并将请求传输到忠实的目标路径。实际上,Ingress controller通过特定的
nginx.Ingress.kubernetes.io/rewrite target添加了此功能:


谢谢你的建议,但我检查了,这是舵图中的默认设置: