LoginSignup
19

More than 1 year has passed since last update.

オンプレでもIngressする

Last updated at Posted at 2019-10-08

L7のロードバランサをオンプレ(ベアメタル)のk8sで使うには、いろいろ設定せねばならぬ。k8s本体にはそんな機能はないんだよ。
CNIにCanal, metallb(L2 modeとして), L7LBにnginx-ingress-controllerを使う。

nginx-ingress-controllerを入れて設定しておかないとKind Ingressのyamlを食わせてもうまく動かないので注意。
※クラウドとかでEKSやGKEなどを使っている場合には良しなにやってくれるので必要なし。
※minikubeの人はアドオンがあるので別途ググってください。簡単です。

TL;DR

v1.19.2で試しています。
Calico for policy and flannel (aka Canal), metal-lb をインストールして Ingress nginxを設定して動作確認しています。

初期セットアップ

https://qiita.com/murata-tomohide/items/be2171ac459f8f7d54f0 を参考にセットアップしておきます。 https://qiita.com/murata-tomohide/items/be2171ac459f8f7d54f0#%E5%8B%95%E4%BD%9C%E7%A2%BA%E8%AA%8D この辺りまでできていればおk。

Canalまで終わったところだとこんな感じ。

murata:~ $ kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:41:02Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:32:58Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}


murata:~ $ kubectl get all -A
NAMESPACE     NAME                                                    READY   STATUS    RESTARTS   AGE
kube-system   pod/calico-kube-controllers-c9784d67d-49g6t             1/1     Running   0          2m20s
kube-system   pod/canal-wwmvf                                         2/2     Running   0          2m20s
kube-system   pod/coredns-f9fd979d6-ccgm5                             1/1     Running   0          7m43s
kube-system   pod/coredns-f9fd979d6-ztwgs                             1/1     Running   0          7m43s
kube-system   pod/etcd-k8s-tmp.dev.deroris.local                      1/1     Running   0          7m53s
kube-system   pod/kube-apiserver-k8s-tmp.dev.deroris.local            1/1     Running   0          7m53s
kube-system   pod/kube-controller-manager-k8s-tmp.dev.deroris.local   1/1     Running   0          7m53s
kube-system   pod/kube-proxy-rfd7c                                    1/1     Running   0          7m43s
kube-system   pod/kube-scheduler-k8s-tmp.dev.deroris.local            1/1     Running   0          7m53s

NAMESPACE     NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP                  8m2s
kube-system   service/kube-dns     ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   8m

NAMESPACE     NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
kube-system   daemonset.apps/canal        1         1         1       1            1           kubernetes.io/os=linux   2m21s
kube-system   daemonset.apps/kube-proxy   1         1         1       1            1           kubernetes.io/os=linux   8m

NAMESPACE     NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   deployment.apps/calico-kube-controllers   1/1     1            1           2m21s
kube-system   deployment.apps/coredns                   2/2     2            2           8m

NAMESPACE     NAME                                                DESIRED   CURRENT   READY   AGE
kube-system   replicaset.apps/calico-kube-controllers-c9784d67d   1         1         1       2m21s
kube-system   replicaset.apps/coredns-f9fd979d6                   2         2         2       7m43s

corednsのPodが動いていることと、ホストのNICが増えていることを確認します。(CanalはFlannnelとcaricoを使うらしい(よくわかってない)

murata:~ $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:81:7f:82 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 172.30.203.203/24 brd 172.30.203.255 scope global noprefixroute ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe81:7f82/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ec:bb:c4:47 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
    link/ether ca:7e:00:d4:d8:c7 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::c87e:ff:fed4:d8c7/64 scope link
       valid_lft forever preferred_lft forever
7: cali700ca5a0c12@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::ecee:eeff:feee:eeee/64 scope link
       valid_lft forever preferred_lft forever
8: cali70c270b17c5@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::ecee:eeff:feee:eeee/64 scope link
       valid_lft forever preferred_lft forever
9: cali7867aceb346@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::ecee:eeff:feee:eeee/64 scope link
       valid_lft forever preferred_lft forever

MetalLB インストール

MetalLBについてはこちら
KubernetesロードバランサーのMetalLBを導入した話(Necoプロジェクト体験入部)

要するにTypeがLoadBalancerの場合にIPアドレスを付与してくれるやつ。

https://metallb.universe.tf/installation/
の通りにやっていきます。

kube-proxyの設定を変える

editで変えても下にあるシェルを流してもOKっぽいです。今回はシェルを流しました。

murata:~ $ # see what changes would be made, returns nonzero returncode if different
ube-system -o yaml | \
sed -e "s/strictARP: false/strictARP: true/" | \
kubectl diff -f - -n kube-systemmurata:~ $ kubectl get configmap kube-proxy -n kube-system -o yaml | \
> sed -e "s/strictARP: false/strictARP: true/" | \
> kubectl diff -f - -n kube-system
diff -u -N /tmp/LIVE-375254102/v1.ConfigMap.kube-system.kube-proxy /tmp/MERGED-128212413/v1.ConfigMap.kube-system.kube-proxy
--- /tmp/LIVE-375254102/v1.ConfigMap.kube-system.kube-proxy     2020-10-05 16:55:11.169956454 +0900
+++ /tmp/MERGED-128212413/v1.ConfigMap.kube-system.kube-proxy   2020-10-05 16:55:11.175956620 +0900
@@ -30,7 +30,7 @@
       excludeCIDRs: null
       minSyncPeriod: 0s
       scheduler: ""
-      strictARP: false
+      strictARP: true
       syncPeriod: 0s
       tcpFinTimeout: 0s
       tcpTimeout: 0s
@@ -79,7 +79,6 @@
     fieldsV1:
       f:data:
         .: {}
-        f:config.conf: {}
         f:kubeconfig.conf: {}
       f:metadata:
         f:annotations:
@@ -91,6 +90,14 @@
     manager: kubeadm
     operation: Update
     time: "2020-10-05T07:44:04Z"
+  - apiVersion: v1
+    fieldsType: FieldsV1
+    fieldsV1:
+      f:data:
+        f:config.conf: {}
+    manager: kubectl-client-side-apply
+    operation: Update
+    time: "2020-10-05T07:55:11Z"
   name: kube-proxy
   namespace: kube-system
   resourceVersion: "191"
murata:~ $ kubectl get configmap kube-proxy -n kube-system -o yaml | \
> sed -e "s/strictARP: false/strictARP: true/" | \
> kubectl apply -f - -n kube-system
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
configmap/kube-proxy configured

マニフェストを食う

完全にコピペです。

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
# On first install only
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"

こんな感じです。

murata:~ $ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml
y -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
# On first install only
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
namespace/metallb-system created
murata:~ $ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
podsecuritypolicy.policy/controller created
podsecuritypolicy.policy/speaker created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
role.rbac.authorization.k8s.io/pod-lister created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
rolebinding.rbac.authorization.k8s.io/pod-lister created
daemonset.apps/speaker created
deployment.apps/controller created
murata:~ $ # On first install only
murata:~ $ kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
secret/memberlist created

利用するIPアドレスのconfigmapを作ります。

https://metallb.universe.tf/configuration/#layer-2-configuration
Layer 2 Configuration の部分を行います。

addressの部分は設定時にバインドできるIPアドレスにします。今回はノードのIPアドレスの帯域で空いているところ。
※そのIPアドレスでクライアントPCからアクセスします。

この場合ノードサーバのIPアドレスは172.30.203.203なので、空いていた172.30.203.203-172.30.203.205を設定しました。(必ず使っていないことを確認すること!&自分自身はいけるみたい?
アドレスのところ、うまくバリデーションしてくれないので注意してください。変にコメント入れると動かない気がします。

cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 172.30.203.203-172.30.203.205

EOF

現段階ではこんな感じになる。

murata:~ $ kubectl get all,configmaps -A
NAMESPACE        NAME                                                    READY   STATUS    RESTARTS   AGE
kube-system      pod/calico-kube-controllers-c9784d67d-49g6t             1/1     Running   0          14m
kube-system      pod/canal-wwmvf                                         2/2     Running   0          14m
kube-system      pod/coredns-f9fd979d6-ccgm5                             1/1     Running   0          19m
kube-system      pod/coredns-f9fd979d6-ztwgs                             1/1     Running   0          19m
kube-system      pod/etcd-k8s-tmp.dev.deroris.local                      1/1     Running   0          19m
kube-system      pod/kube-apiserver-k8s-tmp.dev.deroris.local            1/1     Running   0          19m
kube-system      pod/kube-controller-manager-k8s-tmp.dev.deroris.local   1/1     Running   0          19m
kube-system      pod/kube-proxy-rfd7c                                    1/1     Running   0          19m
kube-system      pod/kube-scheduler-k8s-tmp.dev.deroris.local            1/1     Running   0          19m
metallb-system   pod/controller-fb659dc8-75t6h                           1/1     Running   0          6m18s
metallb-system   pod/speaker-jb8rb                                       1/1     Running   0          6m18s

NAMESPACE     NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP                  19m
kube-system   service/kube-dns     ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   19m

NAMESPACE        NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
kube-system      daemonset.apps/canal        1         1         1       1            1           kubernetes.io/os=linux        14m
kube-system      daemonset.apps/kube-proxy   1         1         1       1            1           kubernetes.io/os=linux        19m
metallb-system   daemonset.apps/speaker      1         1         1       1            1           beta.kubernetes.io/os=linux   6m18s

NAMESPACE        NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
kube-system      deployment.apps/calico-kube-controllers   1/1     1            1           14m
kube-system      deployment.apps/coredns                   2/2     2            2           19m
metallb-system   deployment.apps/controller                1/1     1            1           6m18s

NAMESPACE        NAME                                                DESIRED   CURRENT   READY   AGE
kube-system      replicaset.apps/calico-kube-controllers-c9784d67d   1         1         1       14m
kube-system      replicaset.apps/coredns-f9fd979d6                   2         2         2       19m
metallb-system   replicaset.apps/controller-fb659dc8                 1         1         1       6m18s

NAMESPACE        NAME                                           DATA   AGE
kube-public      configmap/cluster-info                         2      19m
kube-system      configmap/canal-config                         6      14m
kube-system      configmap/coredns                              1      19m
kube-system      configmap/extension-apiserver-authentication   6      19m
kube-system      configmap/kube-proxy                           2      19m
kube-system      configmap/kubeadm-config                       2      19m
kube-system      configmap/kubelet-config-1.19                  1      19m
metallb-system   configmap/config                               1      2m37s

nginx-ingress-controller インストール

下記のマニフェストを利用します。BareMetal用だとNordPortになってしまうためちゃんと動きません。
https://kubernetes.github.io/ingress-nginx/deploy/#docker-for-mac

murata:~ $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.40.1/deploy/static/provider/cloud/deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created

Ingressが産まれています。
Serviceの ingress-nginx service/ingress-nginx-controller LoadBalancer 10.99.216.235 172.30.203.203 80:31980/TCP,443:32708/TCP 30s
でEXTERNAL-IPにちゃんとIPアドレスが入っているかを確認してください。

murata:~ $ kubectl get all,ing,configmaps -A
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAMESPACE        NAME                                                    READY   STATUS      RESTARTS   AGE
ingress-nginx    pod/ingress-nginx-admission-create-hfs2f                0/1     Completed   0          30s
ingress-nginx    pod/ingress-nginx-admission-patch-xdg52                 0/1     Completed   1          30s
ingress-nginx    pod/ingress-nginx-controller-59859f77c7-xnvcf           1/1     Running     0          30s
kube-system      pod/calico-kube-controllers-c9784d67d-49g6t             1/1     Running     0          16m
kube-system      pod/canal-wwmvf                                         2/2     Running     0          16m
kube-system      pod/coredns-f9fd979d6-ccgm5                             1/1     Running     0          22m
kube-system      pod/coredns-f9fd979d6-ztwgs                             1/1     Running     0          22m
kube-system      pod/etcd-k8s-tmp.dev.deroris.local                      1/1     Running     0          22m
kube-system      pod/kube-apiserver-k8s-tmp.dev.deroris.local            1/1     Running     0          22m
kube-system      pod/kube-controller-manager-k8s-tmp.dev.deroris.local   1/1     Running     0          22m
kube-system      pod/kube-proxy-rfd7c                                    1/1     Running     0          22m
kube-system      pod/kube-scheduler-k8s-tmp.dev.deroris.local            1/1     Running     0          22m
metallb-system   pod/controller-fb659dc8-75t6h                           1/1     Running     0          8m56s
metallb-system   pod/speaker-jb8rb                                       1/1     Running     0          8m56s

NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
default         service/kubernetes                           ClusterIP      10.96.0.1       <none>           443/TCP                      22m
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.99.216.235   172.30.203.203   80:31980/TCP,443:32708/TCP   30s
ingress-nginx   service/ingress-nginx-controller-admission   ClusterIP      10.99.223.96    <none>           443/TCP                      30s
kube-system     service/kube-dns                             ClusterIP      10.96.0.10      <none>           53/UDP,53/TCP,9153/TCP       22m

NAMESPACE        NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
kube-system      daemonset.apps/canal        1         1         1       1            1           kubernetes.io/os=linux        16m
kube-system      daemonset.apps/kube-proxy   1         1         1       1            1           kubernetes.io/os=linux        22m
metallb-system   daemonset.apps/speaker      1         1         1       1            1           beta.kubernetes.io/os=linux   8m56s

NAMESPACE        NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
ingress-nginx    deployment.apps/ingress-nginx-controller   1/1     1            1           30s
kube-system      deployment.apps/calico-kube-controllers    1/1     1            1           16m
kube-system      deployment.apps/coredns                    2/2     2            2           22m
metallb-system   deployment.apps/controller                 1/1     1            1           8m56s

NAMESPACE        NAME                                                  DESIRED   CURRENT   READY   AGE
ingress-nginx    replicaset.apps/ingress-nginx-controller-59859f77c7   1         1         1       30s
kube-system      replicaset.apps/calico-kube-controllers-c9784d67d     1         1         1       16m
kube-system      replicaset.apps/coredns-f9fd979d6                     2         2         2       22m
metallb-system   replicaset.apps/controller-fb659dc8                   1         1         1       8m56s

NAMESPACE       NAME                                       COMPLETIONS   DURATION   AGE
ingress-nginx   job.batch/ingress-nginx-admission-create   1/1           2s         30s
ingress-nginx   job.batch/ingress-nginx-admission-patch    1/1           4s         30s

NAMESPACE        NAME                                           DATA   AGE
ingress-nginx    configmap/ingress-controller-leader-nginx      0      17s
ingress-nginx    configmap/ingress-nginx-controller             0      30s
kube-public      configmap/cluster-info                         2      22m
kube-system      configmap/canal-config                         6      16m
kube-system      configmap/coredns                              1      22m
kube-system      configmap/extension-apiserver-authentication   6      22m
kube-system      configmap/kube-proxy                           2      22m
kube-system      configmap/kubeadm-config                       2      22m
kube-system      configmap/kubelet-config-1.19                  1      22m
metallb-system   configmap/config                               1      5m15s

動作確認

試しにこんな感じのマニフェストを食わせる。
/apacheでapacheに、/nginxでnginxに行く。

※ Kubernetes 1.19からIngressAPIがGAとなりました。併せて書式がちょっと変わっているので注意してください。
https://qiita.com/tkusumi/items/ee1e100d34465ff2d764#whats-new-%E6%96%B0%E6%83%85%E5%A0%B1

↓は1.18までのものです。

cat <<EOF | kubectl apply -f -

# namespace
apiVersion: v1
kind: Namespace
metadata:
  name: ns-test
---
# ingress
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: lb
  namespace: ns-test
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
    - host: ns-test.172.30.203.203.nip.io
      http:
        paths:
          - path: /apache
            backend:
              serviceName: apache-svc
              servicePort: 80
          - path: /nginx
            backend:
              serviceName: nginx-svc
              servicePort: 80
          - path: /
            backend:
              serviceName: blackhole
              servicePort: 80
---
# apache
apiVersion: v1
kind: Service
metadata:
  name: apache-svc
  namespace: ns-test
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: httpd
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpd
  namespace: ns-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpd
  template:
    metadata:
      labels:
        app: httpd
    spec:
      containers:
      - image: httpd:alpine
        name: httpd
        ports:
        - containerPort: 80
---
# nginx
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
  namespace: ns-test
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: ns-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:alpine
        name: nginx
        ports:
        - containerPort: 80

EOF

ServiceとIngressのところにIPアドレスが入っています。

murata:~ $ kubectl get all,ing -A
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAMESPACE        NAME                                                    READY   STATUS      RESTARTS   AGE
ingress-nginx    pod/ingress-nginx-admission-create-hfs2f                0/1     Completed   0          5m28s
ingress-nginx    pod/ingress-nginx-admission-patch-xdg52                 0/1     Completed   1          5m28s
ingress-nginx    pod/ingress-nginx-controller-59859f77c7-xnvcf           1/1     Running     0          5m28s
kube-system      pod/calico-kube-controllers-c9784d67d-49g6t             1/1     Running     0          21m
kube-system      pod/canal-wwmvf                                         2/2     Running     0          21m
kube-system      pod/coredns-f9fd979d6-ccgm5                             1/1     Running     0          27m
kube-system      pod/coredns-f9fd979d6-ztwgs                             1/1     Running     0          27m
kube-system      pod/etcd-k8s-tmp.dev.deroris.local                      1/1     Running     0          27m
kube-system      pod/kube-apiserver-k8s-tmp.dev.deroris.local            1/1     Running     0          27m
kube-system      pod/kube-controller-manager-k8s-tmp.dev.deroris.local   1/1     Running     0          27m
kube-system      pod/kube-proxy-rfd7c                                    1/1     Running     0          27m
kube-system      pod/kube-scheduler-k8s-tmp.dev.deroris.local            1/1     Running     0          27m
metallb-system   pod/controller-fb659dc8-75t6h                           1/1     Running     0          13m
metallb-system   pod/speaker-jb8rb                                       1/1     Running     0          13m
ns-test          pod/httpd-6cd65b68c6-r4cpx                              1/1     Running     0          2m17s
ns-test          pod/nginx-7fb7fd49b4-wq7zl                              1/1     Running     0          2m17s

NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
default         service/kubernetes                           ClusterIP      10.96.0.1       <none>           443/TCP                      27m
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.99.216.235   172.30.203.203   80:31980/TCP,443:32708/TCP   5m28s
ingress-nginx   service/ingress-nginx-controller-admission   ClusterIP      10.99.223.96    <none>           443/TCP                      5m28s
kube-system     service/kube-dns                             ClusterIP      10.96.0.10      <none>           53/UDP,53/TCP,9153/TCP       27m
ns-test         service/apache-svc                           NodePort       10.103.168.10   <none>           80:32324/TCP                 2m17s
ns-test         service/nginx-svc                            NodePort       10.104.26.107   <none>           80:32278/TCP                 2m17s

NAMESPACE        NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
kube-system      daemonset.apps/canal        1         1         1       1            1           kubernetes.io/os=linux        21m
kube-system      daemonset.apps/kube-proxy   1         1         1       1            1           kubernetes.io/os=linux        27m
metallb-system   daemonset.apps/speaker      1         1         1       1            1           beta.kubernetes.io/os=linux   13m

NAMESPACE        NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
ingress-nginx    deployment.apps/ingress-nginx-controller   1/1     1            1           5m28s
kube-system      deployment.apps/calico-kube-controllers    1/1     1            1           21m
kube-system      deployment.apps/coredns                    2/2     2            2           27m
metallb-system   deployment.apps/controller                 1/1     1            1           13m
ns-test          deployment.apps/httpd                      1/1     1            1           2m17s
ns-test          deployment.apps/nginx                      1/1     1            1           2m17s

NAMESPACE        NAME                                                  DESIRED   CURRENT   READY   AGE
ingress-nginx    replicaset.apps/ingress-nginx-controller-59859f77c7   1         1         1       5m28s
kube-system      replicaset.apps/calico-kube-controllers-c9784d67d     1         1         1       21m
kube-system      replicaset.apps/coredns-f9fd979d6                     2         2         2       27m
metallb-system   replicaset.apps/controller-fb659dc8                   1         1         1       13m
ns-test          replicaset.apps/httpd-6cd65b68c6                      1         1         1       2m17s
ns-test          replicaset.apps/nginx-7fb7fd49b4                      1         1         1       2m17s

NAMESPACE       NAME                                       COMPLETIONS   DURATION   AGE
ingress-nginx   job.batch/ingress-nginx-admission-create   1/1           2s         5m28s
ingress-nginx   job.batch/ingress-nginx-admission-patch    1/1           4s         5m28s

NAMESPACE   NAME                    CLASS    HOSTS                           ADDRESS          PORTS   AGE
ns-test     ingress.extensions/lb   <none>   ns-test.172.30.203.203.nip.io   172.30.203.203   80      2m17s

ほかのPCから動作確認。

murata:~ $ curl http://ns-test.172.30.203.203.nip.io/apache
<html><body><h1>It works!</h1></body></html>
murata:~ $ curl http://ns-test.172.30.203.203.nip.io/nginx
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>

apacheはapacheに、nginxはnginxにバランシングされています。(ヘッダーはIngressのものになってしまうのでペイロード部分で確認した

まとめ

nginx-ingress-controllerはDaemonSetでありServiceでもIngressでもないので気を付けて。
複数台のノードでクラスタを組んでいる場合には特定のノード(router node)にIngressコントローラーを配置したかったりするかもしれません。その場合にはyamlファイルを編集すればOKみたいです。(Router Node)
SSL設定などもありますので、↑をそのまま使うのはまだまだかな。

それでは!

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
19