Before yesterday found that a mere nginx ingress controller actually two different implementations. Called kubernetes / Ingress-nginx , by kubernetes community maintenance, container corresponding image is quay.io/kubernetes-ingress-controller/nginx-ingress-controller
, namespace is ingress-nginx
; a man named nginxinc / kubernetes-Ingress , by nginx company and the community to jointly safeguard, the corresponding container mirror is nginx/nginx-ingress
, namespace is nginx-ingress
.
Before we use nginxinc/kubernetes-ingress
(see previous post ), I do not know there are two different implementations, when troubleshooting is sometimes check kubernetes/ingress-nginx
information, poles apart, was also puzzled by the document were clearly set, and why it does not work ?
The use of nginxinc/kubernetes-ingress
experienced after K8s in ASP.NET Core application client can not get the real IP address of the problem (the X-Forwarded-For
forwarding problem), then forced to try inconstant replaced kubernetes / ingress-nginx as nginx ingress controller.
Next is the kubernetes/ingress-nginx
deployment steps.
First, delete the previous nginxinc/kubernetes-ingress
deployment.
kubectl delete all --all -n nginx-ingress
kubectl delete namespace nginx-ingress
Next github to check out kubernetes/ingress-nginx
the warehouse, with deployed therein mandatory.yaml profile.
git clone https://github.com/kubernetes/ingress-nginx
cd deploy/static
kubectl apply -f mandatory.yaml
After the deployment is complete, view the deployment of resources:
$ kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/nginx-ingress-controller-6885bc7778-m62kv 1/1 Running 0 37m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-ingress-controller 1/1 1 1 37m
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-ingress-controller-6885bc7778 1 1 1 37m
Still less a service, we deployed here with nodePort way service, so the choice of deploy/static/provider/baremetal/service-nodeport.yaml
deploying file, add nodePort: 31080
the specified port.
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
nodePort: 31080
port: 80
targetPort: 80
protocol: TCP
# ....
Deployment of service
kubectl apply -f service-nodeport.yaml
View deployment results
$ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.96.151.144 <none> 80:31080/TCP,443:32428/TCP 9
Login worker node to verify nginx is working with the curl command
$ curl -i localhost:31080/healthz
HTTP/1.1 200 OK
Server: nginx/1.17.8
Return to 200, indicating nginx OK.
Note: kubernetes/ingress-nginx
The default implementation of the health check the address /healthz
, nginxinc/kubernetes-ingress
it did not materialize, so you need to achieve (see Bo asked ).
Login nginx-ingress-controller pod, see the nginx configuration.
kubectl exec -it deployment/nginx-ingress-controller -n ingress-nginx /bin/bash
We found kubernetes/ingress-nginx
based on ingress rules generated all on nginx configuration /etc/nginx/nginx.conf
, whereas nginxinc/kubernetes-ingress
in /etc/nginx/conf.d/
a special configuration file used to store directory, file name starts with the namespace name to ingress is located.
Finally, the most critical moment, to verify kubernetes/ingress-nginx
whether there is X-Forwarded-For
forwarding problem.
Add ConfigMap enabled use-forwarded-headers.
data:
use-forwarded-headers: "true"
kubernetes/ingress-nginx
Live up to expectations! No X-Forwarded-For
forwarding problems, normal applications can get to the real client IP addresses.
Compare the two treatment X-Forwarded-For
differences.
1) nginxinc/kubernetes-ingress
resulting configuration is nginx
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
X-Forwarded-For
Values are "116.62.124.68, 192.168.107.192"
.
2) kubernetes/ingress-nginx
the resulting configuration is nginx
proxy_set_header X-Forwarded-For $remote_addr;
X-Forwarded-For
Values are "116.62.124.68"
. kubernetes/ingress-nginx
Requests received are forwarded over by Ali cloud load balancing, the client real IP address is hidden in the X-Forwarded-For
middle, but it is resourceful, will X-Forwarded-For
IP address to pass $remote_addr
.
If you add the following configuration in ConfigMap, the kubernetes/ingress-nginx
performance on and nginxinc/kubernetes-ingress
the same.
data:
compute-full-forwarded-for: "true"
A successful inconstant, Love kubernetes/ingress-nginx
.