kubernetes 创建ingress不生效

kubernetes创建ingress不生效,ingress-controller中的nginx.conf没有更新配置问题发现通过查看ingress-controller-pod的的日志发现，not valid ingress calss-------------------------------------------------------------------------------NG

Kerry___

12315人浏览 · 2022-03-31 12:57:53

Kerry___ · 2022-03-31 12:57:53 发布

kubernetes 创建ingress不生效,ingress-controller中的nginx.conf没有更新配置

问题发现

通过查看ingress-controller-pod的的日志发现，not valid ingress calss

 -------------------------------------------------------------------------------

 NGINX Ingress controller

   Release:       v1.1.1

   Build:         a17181e43ec85534a6fea968d95d019c5a4bc8cf

   Repository:    https://github.com/kubernetes/ingress-nginx

   nginx version: nginx/1.19.9

 

 -------------------------------------------------------------------------------

 

 W0331 03:40:59.739303       7 client_config.go:615] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.

 I0331 03:40:59.739681       7 main.go:223] "Creating API client" host="https://10.255.0.1:443"

 I0331 03:40:59.751791       7 main.go:267] "Running in Kubernetes cluster" major="1" minor="23" git="v1.23.0" state="clean" commit="ab69524f795c42094a6630298ff53f3c3ebab7f4" platform="linux/amd64"

 I0331 03:41:00.032465       7 main.go:104] "SSL fake certificate created" file="/etc/ingress-controller/ssl/default-fake-certificate.pem"

 I0331 03:41:00.060152       7 ssl.go:531] "loading tls certificate" path="/usr/local/certificates/cert" key="/usr/local/certificates/key"

 I0331 03:41:00.078813       7 nginx.go:255] "Starting NGINX Ingress controller"

 I0331 03:41:00.114633       7 event.go:282] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"ingress-nginx-controller", UID:"95ae9898-ba27-4e5f-979a-ee6cada05cbc", APIVersion:"v1", ResourceVersion:"20934889", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/ingress-nginx-controller

 I0331 03:41:01.280539       7 nginx.go:297] "Starting NGINX process"

 I0331 03:41:01.280897       7 leaderelection.go:248] attempting to acquire leader lease ingress-nginx/ingress-controller-leader...

 I0331 03:41:01.280947       7 nginx.go:317] "Starting validation webhook" address=":8443" certPath="/usr/local/certificates/cert" keyPath="/usr/local/certificates/key"

 I0331 03:41:01.281539       7 controller.go:155] "Configuration changes detected, backend reload required"

 I0331 03:41:01.295503       7 leaderelection.go:258] successfully acquired lease ingress-nginx/ingress-controller-leader

 I0331 03:41:01.295585       7 status.go:84] "New leader elected" identity="ingress-nginx-controller-55d8c764c-rfk5l"

 I0331 03:41:01.340753       7 controller.go:172] "Backend successfully reloaded"

 I0331 03:41:01.340930       7 controller.go:183] "Initial sync, sleeping for 1 second"

 I0331 03:41:01.341017       7 event.go:282] Event(v1.ObjectReference{Kind:"Pod", Namespace:"ingress-nginx", Name:"ingress-nginx-controller-55d8c764c-rfk5l", UID:"ae8c531d-79e8-4aeb-8e14-1d979c413bff", APIVersion:"v1", ResourceVersion:"20935351", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration

 I0331 03:46:13.931663       7 admission.go:149] processed ingress via admission controller {testedIngressLength:1 testedIngressTime:0.049s renderingIngressLength:1 renderingIngressTime:0s admissionTime:18.0kBs testedConfigurationSize:0.049}

 I0331 03:46:13.931739       7 main.go:101] "successfully validated configuration, accepting" ingress="dmp/dmpweb-ingress"

 I0331 03:46:13.942863       7 store.go:420] "Ignoring ingress because of error while validating ingress class" ingress="dmp/dmpweb-ingress" error="ingress does not contain a valid IngressClass"

 I0331 04:22:17.728669       7 admission.go:149] processed ingress via admission controller {testedIngressLength:1 testedIngressTime:0.036s renderingIngressLength:1 renderingIngressTime:0.001s admissionTime:18.0kBs testedConfigurationSize:0.037}

 I0331 04:22:17.728731       7 main.go:101] "successfully validated configuration, accepting" ingress="dmp/dmpweb-ingress"

 I0331 04:23:53.130892       7 admission.go:149] processed ingress via admission controller {testedIngressLength:1 testedIngressTime:0.052s renderingIngressLength:1 renderingIngressTime:0s admissionTime:25.3kBs testedConfigurationSize:0.052}

 I0331 04:23:53.130962       7 main.go:101] "successfully validated configuration, accepting" ingress="dmp/dmpweb-ingress"

 I0331 04:26:14.219353       7 store.go:390] "Ignoring ingress because of error while validating ingress class" ingress="dmp/dmpweb-ingress" error="ingress does not contain a valid IngressClass"

除了可能会有多个不同类型的 Ingress Controller 之外，还可能存在多个相同类型的 Ingress Controller，比如部署了两个 NGINX Ingress Controller，一个负责处理外网访问，一个负责处理内网访问。

此时也可以通过上面的方式，为每个 Controller 设定唯一的一个 class。

当多个 controller 的 class 不唯一，或者 controller 和 Ingress 都没有指定 class 又没有默认的 class 时，会导致所有符合条件的 Ingress Controller 竞争满足 Ingress 配置，可能会导致不可预测的结果。

解决方法一：

查看已创建的ingressclass

[root@k8s]# kubectl get ingressclass
NAME    CONTROLLER             PARAMETERS   AGE
nginx   k8s.io/ingress-nginx   <none>       64m

已创建ingress 添加 IngressClass属性

修改ingress资源添加spec.ingressClassName: nginx

kubectl edit ingress dmpweb-ingress

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: dmpweb-ingress
  namespace: dmp
  annotations:
    kubesphere.io/creator: admin
spec:
  ingressClassName: nginx
  rules:
    - host: wuhan.idss.com
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: dmpweb-svc
                port:
                  number: 9999

解决方法二：

设置默认的 IngressClass 注意：修改后必须新创建的ingress才会默认使用

在集群中，我们可以设定一个默认的 Ingress Class，以便处理所有没有指定 Ingress Class 的 Ingress 资源。

在 IngressClass 资源上，我们可以通过将 ingressclass.kubernetes.io/is-default-class 注解的值设定为 true，来使没有设置 ingressClassName 的 Ingress 使用此默认的 IngressClass。

[root@k8s]# kubectl get ingressclass
NAME    CONTROLLER             PARAMETERS   AGE
nginx   k8s.io/ingress-nginx   <none>       68m

[root@sjzt-wuhan-1 k8s-yaml]# kubectl edit ingressclass nginx

annotations里加上

ingressclass.kubernetes.io/is-default-class: "true"

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.k8s.io/v1","kind":"IngressClass","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"ingress-nginx","app.kubernetes.io/version":"1.1.1","helm.sh/chart":"ingress-nginx-4.0.15"},"name":"nginx"},"spec":{"controller":"k8s.io/ingress-nginx"}}
  creationTimestamp: "2022-03-31T03:39:24Z"
  generation: 1
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/version: 1.1.1
    helm.sh/chart: ingress-nginx-4.0.15
  name: nginx
  resourceVersion: "20944816"
  selfLink: /apis/networking.k8s.io/v1/ingressclasses/nginx
  uid: e5a52f22-671e-4e82-87f3-0cee446ffa88
spec:
  controller: k8s.io/ingress-nginx

然后重新创新ingress资源，访问测试通过