如何在 Kubernetes 中配置 ingress-nginx？

Question

I am testing a Kubernetes cluster version 1.11 and need to make POD to be accessed externally by the master server IP and by the POD port (in this case an nginx image through port 80) and I am trying to enable and configure ingress-nginx to get this access.

To run the tests, I added ingress-nginx to the cluster with the command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

Then I tried to create an ingress as described in this example: https://koudingspawn.de/install-kubernetes-ingress/ - I just did not do the LoadBalancer portion of Digital Ocean.

It happened that it did not work, I could not access the IP or host configured and because of this, I was in doubt if I made the right addition of ingress-nginx in the cluster, if the example has a failure or if I have to follow another path?

Answer 1

Neither of the canonical approaches will give you exactly what you want here.

The typical solution involves either using LoadBalancer service type or NodePort and manualy configuring your network LB to point to the ports of the NodePort service.

I will make 3 assumptions here :

• you have no LB service available so you want to connect with HTTP(S) to the IP of your master
• your master hosts kube api on port like 6443, or anything else but 80/443 that you want to use for web traffic
• you are talking about single master and using it for the traffic. It's an obvious SPOF, so I assume you do not care about HA that much

With that in mind, you need to adapt your ingress deployment to fit your needs.

Nginx ingress, within it's network namespace, listens on standard ports (80/443). If, instead of exposing it with a Service , you run tham with hostNetwork: true , you will see the ingress listening directly on 80/443. To be certain it's running on your master, you need to allow it to be scheduled on master (probably via tolerations) and make sure it is scheduled on master and not some other node (nodeSelector/NodeAffinity or DaemonSet to run it on ~every node in cluster)

Another solution can be to actually go the canonical way and have the ingress listening on some nodeports, and then have another piece of software act as loadbalancer deployed to master either by means of kube ( hostNetwork ) or by completely autonomous mechanism (ie. as systemd service unit), that would listen on 80/443 and tcp forward the traffic to the nodeports.

Answer 2

I'm not sure what errors you are seeing, and it would be helpful to post them, but starting with this is correct:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

as described in the main documentation page for the nginx ingress controller. If you are using Digital Ocean you can just follow the NodePort/Bare-metal instructions as there's no support for Digital Ocean load balancers yet.

After that, you want to check that your nginx ingress controller is running:

$ kubectl -n ingress-nginx get pods
NAME                                        READY     STATUS    RESTARTS   AGE
default-http-backend-xxxxxxxxxx-xxxxx       1/1       Running   0          1h
nginx-ingress-controller-xxxxxxxxxx-xxxxx   1/1       Running   0          1h

You can also check the logs:

$ kubectl -n ingress-nginx nginx-ingress-controller-xxxxxxxxxx-xxxxx

Then later you can create an Ingress and a Service that services that Ingress.

Then you can create whatever deployments and services that use that Ingress using the kubernetes.io/ingress.class: "nginx" annotation.