Before yesterday found that a mere nginx ingress controller actually two different implementations. Called kubernetes / Ingress-nginx , by kubernetes community maintenance, container corresponding image is quay.io/kubernetes-ingress-controller/nginx-ingress-controller, namespace is ingress-nginx; a man named nginxinc / kubernetes-Ingress , by nginx company and the community to jointly safeguard, the corresponding container mirror is nginx/nginx-ingress, namespace is nginx-ingress.
Before we use nginxinc/kubernetes-ingress(see previous post ), I do not know there are two different implementations, when troubleshooting is sometimes check kubernetes/ingress-nginxinformation, poles apart, was also puzzled by the document were clearly set, and why it does not work ?
The use of nginxinc/kubernetes-ingressexperienced after K8s in ASP.NET Core application client can not get the real IP address of the problem (the X-Forwarded-Forforwarding problem), then forced to try inconstant replaced kubernetes / ingress-nginx as nginx ingress controller.
Next is the kubernetes/ingress-nginxdeployment steps.
First, delete the previous nginxinc/kubernetes-ingressdeployment.
kubectl delete all --all -n nginx-ingress
kubectl delete namespace nginx-ingressNext github to check out kubernetes/ingress-nginxthe warehouse, with deployed therein mandatory.yaml profile.
git clone https://github.com/kubernetes/ingress-nginx
cd deploy/static
kubectl apply -f mandatory.yamlAfter the deployment is complete, view the deployment of resources:
$ kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/nginx-ingress-controller-6885bc7778-m62kv 1/1 Running 0 37m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-ingress-controller 1/1 1 1 37m
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-ingress-controller-6885bc7778 1 1 1 37mStill less a service, we deployed here with nodePort way service, so the choice of deploy/static/provider/baremetal/service-nodeport.yamldeploying file, add nodePort: 31080the specified port.
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
nodePort: 31080
port: 80
targetPort: 80
protocol: TCP
# ....Deployment of service
kubectl apply -f service-nodeport.yamlView deployment results
$ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.96.151.144 <none> 80:31080/TCP,443:32428/TCP 9Login worker node to verify nginx is working with the curl command
$ curl -i localhost:31080/healthz
HTTP/1.1 200 OK
Server: nginx/1.17.8Return to 200, indicating nginx OK.
Note: kubernetes/ingress-nginxThe default implementation of the health check the address /healthz, nginxinc/kubernetes-ingressit did not materialize, so you need to achieve (see Bo asked ).
Login nginx-ingress-controller pod, see the nginx configuration.
kubectl exec -it deployment/nginx-ingress-controller -n ingress-nginx /bin/bashWe found kubernetes/ingress-nginxbased on ingress rules generated all on nginx configuration /etc/nginx/nginx.conf, whereas nginxinc/kubernetes-ingressin /etc/nginx/conf.d/a special configuration file used to store directory, file name starts with the namespace name to ingress is located.
Finally, the most critical moment, to verify kubernetes/ingress-nginxwhether there is X-Forwarded-Forforwarding problem.
Add ConfigMap enabled use-forwarded-headers.
data:
use-forwarded-headers: "true"kubernetes/ingress-nginxLive up to expectations! No X-Forwarded-Forforwarding problems, normal applications can get to the real client IP addresses.
Compare the two treatment X-Forwarded-Fordifferences.
1) nginxinc/kubernetes-ingressresulting configuration is nginx
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;X-Forwarded-ForValues are "116.62.124.68, 192.168.107.192".
2) kubernetes/ingress-nginxthe resulting configuration is nginx
proxy_set_header X-Forwarded-For $remote_addr;X-Forwarded-ForValues are "116.62.124.68". kubernetes/ingress-nginxRequests received are forwarded over by Ali cloud load balancing, the client real IP address is hidden in the X-Forwarded-Formiddle, but it is resourceful, will X-Forwarded-ForIP address to pass $remote_addr.
If you add the following configuration in ConfigMap, the kubernetes/ingress-nginxperformance on and nginxinc/kubernetes-ingressthe same.
data:
compute-full-forwarded-for: "true"A successful inconstant, Love kubernetes/ingress-nginx.