如何通过 ConfigMap 使用单个 IP 调试入口控制器连接
[英]How to debug ingress-controller connections with a single IP by ConfigMap
问题描述
We are trying to edit our ingress-nginx.yml to make ingress-controllers pods debug traffic coming from a specific source IP .
我们正在尝试编辑我们的ingress-nginx.yml以使 ingress-controllers pod 调试来自特定源 IP 的流量。 Our setup is:我们的设置是:
- Kubernetes v1.13 Kubernetes v1.13
- Ingress-Controller v0.24.1入口控制器 v0.24.1
From NGINX and Kubernetes DOCs it appears there is no very easy way to debug traffic from a single ip (you cannot edit the nginx config directly). From NGINX and Kubernetes DOCs it appears there is no very easy way to debug traffic from a single ip (you cannot edit the nginx config directly). So, we would like to add the debug_connection directive to appear like this:所以,我们想添加debug_connection指令,如下所示:
error_log /path/to/log;
...
events {
debug_connection 192.168.1.1;
}
The correct way to do it shall be through CustomAnnotations in a ConfigMap + a new ingress to enable the CustomAnnotation, so we tried this: 正确的做法是通过 ConfigMap 中的 CustomAnnotations + 一个新的入口来启用 CustomAnnotation,所以我们尝试了这个:
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
ingress-template: |
#Creating the custom annotation to make debug_connection on/off
{if index $.Ingress.Annotations "custom.nginx.org/debug_connection"}
{$ip := index $.Ingress.Annotations "custom.nginx.org/ip"}
{end}
{range $events := .Events}
events {
# handling custom.nginx.org/debug_connection
{if index $.Ingress.Annotations "custom.nginx.org/debug_connection"}
{end}
And:和:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: debugenabler
annotations:
kubernetes.io/ingress.class: "nginx"
custom.nginx.org/debug_connection: "on"
custom.nginx.org/ip: "192.168.1.1"
spec:
rules:
- host: "ourhostname"
http:
paths:
- path: /tea
backend:
serviceName: tea-svc
servicePort: 80
- path: /coffee
backend:
serviceName: coffee-svc
servicePort: 80
We applied ingress-nginx.yml with no errors.我们应用了ingress-nginx.yml没有错误。 We see new lines in the nginx conf:我们在 nginx conf 中看到了新行:
location /coffee {
set $namespace "test";
set $ingress_name "debugenabler";
set $service_name "coffee-svc";
set $service_port "80";
set $location_path "/coffee";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = true,
use_port_in_redirects = false,
})
balancer.rewrite()
But still nothing as regard the debug_connection in the events block:但是关于events块中的 debug_connection 仍然没有:
events {
multi_accept on;
worker_connections 16384;
use epoll;
}
How to insert debug_connection in the events context?如何在事件上下文中插入 debug_connection?
1 个解决方案
解决方案1
1 已采纳 2020-06-01 10:21:48
For those who may face similar challenges, I actually managed to do it by:对于那些可能面临类似挑战的人,我实际上是通过以下方式做到的:
- Creating a ConfigMap with a new ingress-controller template file (
nginx.tmpl) containing thedebug_connectionline (double check your ingress-controller version here, the file changes dramatically)使用包含debug_connection行的新入口控制器模板文件 (nginx.tmpl) 创建一个 ConfigMap(在此处仔细检查您的入口控制器版本,该文件会发生巨大变化) - Creating a Volume which links at the Configmap (specifying Volume and Volumemount)创建一个在 Configmap 链接的卷(指定卷和卷挂载)
- Creating a InitContainer which copy the content of the volume inside the /etc/nginx/template (this was needed to overcome probably permission-related issues) before the container start.创建一个 InitContainer,它在容器启动之前复制 /etc/nginx/template 中的卷内容(这是为了克服可能与权限相关的问题所需要的)。
For point 2 and 3 you can add the relevant code at the end of a deployment or a pod code, I share an example:对于第 2 点和第 3 点,您可以在deployment或pod代码的末尾添加相关代码,我分享一个示例:
volumes:
- name: nginxconf2
configMap:
name: nginxconf2
items:
- key: nginx.tmpl
path: nginx.tmpl
initContainers:
- name: copy-configs
image: {{ kubernetes.ingress_nginx.image }}
volumeMounts:
- mountPath: /nginx
name: nginxconf2
command: ['sh', '-c', 'cp -R /nginx/ /etc/nginx/template/']
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.