基础版本与环境信息:
MacBook Pro Apple M2 Max
VMware Fusion Player 版本 13.0.2 (21581413)
ubuntu-22.04.2-live-server-arm64
k8s-v1.27.3
docker 24.0.2(containerd)
ingress-nginx/controller-v1.8.1
安装准备:
官方安装文档:Installation Guide - Ingress-Nginx Controller
ingress-nginx版本表
安装过程:
这里不采用helm的方式,而是采用YAML manifest的方式来安装。
下载ingress-nginx的https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml 重命名为 ingress-nginx-deploy.ymal
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml -O ingress-nginx-deploy.ymal
出现如下异常:
--2023-07-06 09:05:24-- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 0.0.0.0, ::
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|0.0.0.0|:443... failed: Connection refused.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|::|:443... failed: Connection refused.
可以通过科学上网来解决。
解决下载yaml文件的问题后,可以开始安装了。
kubectl apply -f ingress-nginx-deploy.ymal
安装日志如下:
zhangzk@test:~$ kubectl apply -f ingress-nginx-deploy.ymal
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
查看进度:
kubectl get pods -n ingress-nginx
会发现ingress-nginx- XX的POD处于ImagePullBackOff、ContainerCreating状态。
zhangzk@test:~$ kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-7lwzr 0/1 ImagePullBackOff 0 33m
ingress-nginx-admission-patch-9ghn2 0/1 ImagePullBackOff 0 33m
ingress-nginx-controller-7fcc694bd4-qgt6l 0/1 ContainerCreating 0 33m
查看pod有啥错误发生:
kubectl describe pod ingress-nginx-admission-create-7lwzr -n ingress-nginx
日志如下:
Name: ingress-nginx-admission-create-7lwzr
Namespace: ingress-nginx
Priority: 0
Service Account: ingress-nginx-admission
Node: zzk-2/192.168.19.130
Start Time: Thu, 06 Jul 2023 09:00:51 +0800
Status: Pending
IP: 10.244.2.7
......
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 39m default-scheduler Successfully assigned ingress-nginx/ingress-nginx-admission-create-7lwzr to zzk-2
Normal Pulling 34m (x4 over 39m) kubelet Pulling image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b"
Warning Failed 33m (x4 over 38m) kubelet Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": rpc error: code = DeadlineExceeded desc = failed to pull and unpack image "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": failed to resolve reference "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": failed to do request: Head "https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/ingress-nginx/kube-webhook-certgen/manifests/sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": dial tcp 142.251.8.82:443: i/o timeout
Warning Failed 33m (x4 over 38m) kubelet Error: ErrImagePull
Warning Failed 32m (x7 over 38m) kubelet Error: ImagePullBackOff
Normal BackOff 2m39s (x37 over 38m) kubelet Back-off pulling image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b"
发现是镜像获取失败:registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b
又回到老问题了,registry.k8s.io 镜像仓库由于墙的问题访问不了。
国内知名的k8s镜像有如下几个:
registry.lank8s.cn
registry.cn-hangzhou.aliyuncs.com/google_containers
gcr.azk8s.cn(2020年开始已经只限于Azure中国的IP使用了)
阿里云的镜像没有命令空间,有时候要变化路径,另外是定期同步的,所以有的时候要改名或者缺失。
比如安装ingress-nginx的时候,涉及2个镜像,需要如下方式来替换:
registry.k8s.io镜像地址 |
阿里云镜像地址 |
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407 |
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20230407 |
registry.k8s.io/ingress-nginx/controller:v1.8.0 |
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.8.0 |
lank8s的镜像是实时的,并且保持原样的命名空间,只需要更换前缀即可,很好用,这是一个个人支持的镜像,大家有余力可以多赞助一下。
比如安装ingress-nginx的时候,涉及2个镜像,需要如下方式来替换:
registry.k8s.io镜像地址 |
lank8s镜像地址 |
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407 |
registry.lank8s.cn/ingress-nginx/kube-webhook-certgen:v20230407 |
registry.k8s.io/ingress-nginx/controller:v1.8.0 |
registry.lank8s.cn/ingress-nginx/controller:v1.8.0 |
lank8s.cn是什么可以参考文档 lank8s.cn是什么
至于镜像的合法验证,可以参考如下 验证已签名容器镜像
将ingress-nginx-deploy.yaml文件中的镜像地址registry.k8s.io替换为 registry.lank8s.cn后再安装即可。
kubectl apply -f ingress-nginx-deploy.ymal
由于 registry.lank8s.cn只保证可靠性,不保证下载速度,所以可能需要等几分钟才能下载完镜像,所以也要等几分钟来查看ingress-nginx的controller状态。
zhangzk@test:~$ kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-2lz4v 0/1 Completed 0 5m46s
ingress-nginx-admission-patch-c6896 0/1 Completed 0 5m46s
ingress-nginx-controller-7575fb546-q29qn 1/1 Running 0 5m46s
至此ingress-nginx-controller创建成功,可以开始创建ingress规则开始飞了。