ingress-nginx控制器安装

基础版本与环境信息:

MacBook Pro Apple M2 Max

VMware Fusion Player 版本 13.0.2 (21581413)

ubuntu-22.04.2-live-server-arm64

k8s-v1.27.3

docker 24.0.2(containerd)

ingress-nginx/controller-v1.8.1

安装准备:

官方安装文档:Installation Guide - Ingress-Nginx Controller

ingress-nginx版本表

安装过程:

这里不采用helm的方式,而是采用YAML manifest的方式来安装。

下载ingress-nginx的https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml 重命名为 ingress-nginx-deploy.ymal

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml -O ingress-nginx-deploy.ymal

出现如下异常:

--2023-07-06 09:05:24--  https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 0.0.0.0, ::
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|0.0.0.0|:443... failed: Connection refused.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|::|:443... failed: Connection refused.

可以通过科学上网来解决。

解决下载yaml文件的问题后,可以开始安装了。

kubectl apply -f   ingress-nginx-deploy.ymal

安装日志如下:

zhangzk@test:~$ kubectl apply -f ingress-nginx-deploy.ymal

namespace/ingress-nginx created

serviceaccount/ingress-nginx created

serviceaccount/ingress-nginx-admission created

role.rbac.authorization.k8s.io/ingress-nginx created

role.rbac.authorization.k8s.io/ingress-nginx-admission created

clusterrole.rbac.authorization.k8s.io/ingress-nginx created

clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created

rolebinding.rbac.authorization.k8s.io/ingress-nginx created

rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created

clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created

clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created

configmap/ingress-nginx-controller created

service/ingress-nginx-controller created

service/ingress-nginx-controller-admission created

deployment.apps/ingress-nginx-controller created

job.batch/ingress-nginx-admission-create created

job.batch/ingress-nginx-admission-patch created

ingressclass.networking.k8s.io/nginx created

validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created

查看进度:

kubectl get pods -n ingress-nginx

会发现ingress-nginx- XX的POD处于ImagePullBackOff、ContainerCreating状态。

zhangzk@test:~$ kubectl get pods -n ingress-nginx
NAME                                        READY   STATUS              RESTARTS   AGE
ingress-nginx-admission-create-7lwzr        0/1     ImagePullBackOff    0          33m
ingress-nginx-admission-patch-9ghn2         0/1     ImagePullBackOff    0          33m
ingress-nginx-controller-7fcc694bd4-qgt6l   0/1     ContainerCreating   0          33m

查看pod有啥错误发生:

kubectl describe pod ingress-nginx-admission-create-7lwzr  -n ingress-nginx

 日志如下:

Name:             ingress-nginx-admission-create-7lwzr
Namespace:        ingress-nginx
Priority:         0
Service Account:  ingress-nginx-admission
Node:             zzk-2/192.168.19.130
Start Time:       Thu, 06 Jul 2023 09:00:51 +0800

Status:           Pending
IP:               10.244.2.7

......

Events:
  Type     Reason     Age                   From               Message
  ----     ------     ----                  ----               -------
  Normal   Scheduled  39m                   default-scheduler  Successfully assigned ingress-nginx/ingress-nginx-admission-create-7lwzr to zzk-2
  Normal   Pulling    34m (x4 over 39m)     kubelet            Pulling image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b"
  Warning  Failed     33m (x4 over 38m)     kubelet            Failed to pull image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": rpc error: code = DeadlineExceeded desc = failed to pull and unpack image "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": failed to resolve reference "registry.k8s.io/ingress-nginx/kube-webhook-certgen@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": failed to do request: Head "https://us-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/ingress-nginx/kube-webhook-certgen/manifests/sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b": dial tcp 142.251.8.82:443: i/o timeout
  Warning  Failed     33m (x4 over 38m)     kubelet            Error: ErrImagePull
  Warning  Failed     32m (x7 over 38m)     kubelet            Error: ImagePullBackOff
  Normal   BackOff    2m39s (x37 over 38m)  kubelet            Back-off pulling image "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b" 

发现是镜像获取失败:registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b

又回到老问题了,registry.k8s.io 镜像仓库由于墙的问题访问不了。

国内知名的k8s镜像有如下几个:

registry.lank8s.cn

registry.cn-hangzhou.aliyuncs.com/google_containers

gcr.azk8s.cn(2020年开始已经只限于Azure中国的IP使用了)

阿里云的镜像没有命令空间,有时候要变化路径,另外是定期同步的,所以有的时候要改名或者缺失。

比如安装ingress-nginx的时候,涉及2个镜像,需要如下方式来替换:

registry.k8s.io镜像地址

阿里云镜像地址

registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407

registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20230407

registry.k8s.io/ingress-nginx/controller:v1.8.0

registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.8.0

lank8s的镜像是实时的,并且保持原样的命名空间,只需要更换前缀即可,很好用,这是一个个人支持的镜像,大家有余力可以多赞助一下。

比如安装ingress-nginx的时候,涉及2个镜像,需要如下方式来替换:

registry.k8s.io镜像地址

lank8s镜像地址

registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407

registry.lank8s.cn/ingress-nginx/kube-webhook-certgen:v20230407

registry.k8s.io/ingress-nginx/controller:v1.8.0

registry.lank8s.cn/ingress-nginx/controller:v1.8.0

lank8s.cn是什么可以参考文档 lank8s.cn是什么

至于镜像的合法验证,可以参考如下 验证已签名容器镜像

将ingress-nginx-deploy.yaml文件中的镜像地址registry.k8s.io替换为 registry.lank8s.cn后再安装即可。

kubectl apply -f ingress-nginx-deploy.ymal 

由于 registry.lank8s.cn只保证可靠性,不保证下载速度,所以可能需要等几分钟才能下载完镜像,所以也要等几分钟来查看ingress-nginx的controller状态。

zhangzk@test:~$ kubectl get pods -n ingress-nginx
NAME                                       READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-2lz4v       0/1     Completed   0          5m46s
ingress-nginx-admission-patch-c6896        0/1     Completed   0          5m46s
ingress-nginx-controller-7575fb546-q29qn   1/1     Running     0          5m46s

至此ingress-nginx-controller创建成功,可以开始创建ingress规则开始飞了。

你可能感兴趣的:(kubernetes,kubernetes,ingres,ingres-nginx)