Kubernetes使用Nginx Ingress暴露Dashboard

Kubernetes使用Nginx Ingress暴露Dashboard

[TOC]

1. 環境說明

• 可用的kubernetes集羣
• 可用的nginx ingress controller
• 可用的dashboard

關於kubernetes、dashboard和nginx ingress在前面文章中，已有介紹。
《centos7使用kubeadm安裝kubernetes 1.11版本多主高可用》
《kubernetes 1.11配置使用nginx ingress》
也能夠使用helm快速搭建nginx ingress和dashboard。
stable/kubernetes-dashboard
stable/nginx-ingress

2. 成功要點

ingress配置啥的這裏不詳細介紹 。關於暴露dashboard成功的關鍵，在於新版本dashboard默認使用https提供服務。因此，在ingress中要配置以下annotations參數。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"

3. 爲何

而爲何是這個nginx.ingress.kubernetes.io前綴呢？

來查查nginx ingress的service，是否是有這個metadata：

[root@lab1 gitlab]# kubectl get svc -n nginx-ingress 
NAME                            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                   AGE
nginx-ingress-controller        ClusterIP   10.105.201.166   <none>        80/TCP,443/TCP,2222/TCP   23h
nginx-ingress-default-backend   ClusterIP   10.110.35.3      <none>        80/TCP                    23h
[root@lab1 gitlab]# kubectl get svc -n nginx-ingress  nginx-ingress-controller  -o yaml
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: 2018-09-19T09:54:51Z
  labels:
    app: nginx-ingress
    chart: nginx-ingress-0.9.5
    component: controller
    heritage: Tiller
    release: nginx-ingress
  name: nginx-ingress-controller
  namespace: nginx-ingress

那咱們想固然的嘗試加上kubernetes.io/ingress.class: nginx

[root@lab1 gitlab]# kubectl edit svc -n nginx-ingress  nginx-ingress-controller 
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx

再去dashboard的ingress配置修改爲這個：

[root@lab1 templates]# kubectl get ing -n kube-system
NAME                             HOSTS             ADDRESS   PORTS     AGE
dashboard-kubernetes-dashboard   k8s.linuxba.com             80, 443   48m
[root@lab1 templates]# kubectl edit ing -n kube-system dashboard-kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/secure-backends: "true"
    kubernetes.io/ssl-passthrough: "true"

而後發現，dashboard訪問不了了，說明annotations沒有生效。那看來service這裏的annotations不是決定性因素。

那咱們來分析下，最後生效的是nginx-ingress-controller裏的程序解析的，那試試查他的程序運行命令或者幫助：

[root@lab4 ~]# find /var/lib/docker -name nginx-ingress-controller
/var/lib/docker/overlay2/2744ab879932e0ebc522a5f2bdc78ab51742c88d13d1ba99fb1fa8601a07ea43/diff/nginx-ingress-controller
/var/lib/docker/overlay2/63d22e69065b1e49beb4ac91e91106c8e4bab204afc9912304204619cbe7e443/diff/nginx-ingress-controller
^C
[root@lab4 ~]# /var/lib/docker/overlay2/2744ab879932e0ebc522a5f2bdc78ab51742c88d13d1ba99fb1fa8601a07ea43/diff/nginx-ingress-controller --help|more
Usage of :
      --alsologtostderr                   log to standard error as well as files
      --annotations-prefix string         Prefix of the Ingress annotations specific to the NGINX controller. (default "nginx.ingress.kubernetes.io")

果真發現了決定性參數--annotations-prefix。

4. 小結

原來一直以來，我忽視掉了這個關鍵參數。固然，有人會說，像linux同樣，用到那麼多命令，那麼多參數，怎麼可能記得住，都看過。因此，我以爲一項很重要的習慣或者技能，是學會去摸索，去實踐排查，這樣咱們會的東西，其實比表面看起來要多得多。

參考資料：
[1] https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/