这是当前为 aks 集群创建 nginx 控制器的脚本,下面是代码
resource "azurerm_public_ip" "ingress" {
name = "AKS-Ingress-Controller"
resource_group_name = var.resource_group_name
location = var.location
allocation_method = "Static"
}
resource "helm_release" "nginx_ingress" {
name = "ingress-nginx"
namespace = var.nginx_name
create_namespace = true
repository = "https://kubernetes.github.io/ingress-nginx"
chart = "ingress-nginx"
set {
name = "rbac.create"
value = "false"
}
set {
name = "service.type"
value = "ClusterIP"
}
set {
name = "controller.service.externalTrafficPolicy"
value = "Local"
}
set {
name = "controller.replicaCount"
value = "2"
}
set {
name = "controller.nodeSelector.kubernetes\\.io/os"
value = "linux"
}
set {
name = "defaultBackend.nodeSelector.kubernetes\\.io/os"
value = "linux"
}
set {
name = "controller.admissionWebhooks.patch.nodeSelector.kubernetes\\.io/os"
value = "linux"
}
set {
name= "controller.service.type"
value= "LoadBalancer"
}
set {
name ="controller.service.loadBalancerIP"
value= azurerm_public_ip.ingress.ip_address
}
set {
name ="controller.service.annotations.service.kubernetes\\.io/azure-load-balancer-resource-group"
value= var.resource_group_name
}
}
我不确定我做错了什么?如果有人能指出我正确的方向,我将不胜感激。 脚本完成后,Pod 不会显示 CrashLoopBackOff
NAMESPACE NAME READY STATUS RESTARTS AGE
aksns-eu2-siesmart-d-ngnix-ingress ingress-nginx-controller-7fc74cf778-d8m7q 0/1 CrashLoopBackOff 8 17m
aksns-eu2-siesmart-d-ngnix-ingress ingress-nginx-controller-7fc74cf778-gj8rk 0/1 CrashLoopBackOff 8 17m
我不知道错误在哪里..你能帮我吗?
经过几天的研究,我设法找到了解决方案。
本质上,问题在于,如果您在另一个资源组中拥有静态公共 IP,但它不在 MC 资源组中,则集群将处于挂起状态。
那么问题来了:我无法知道该资源组在创建时的名称,那么如何将静态 IP 放入该 RG 中?
答案是 Terraform Kubernetes 资源输出 RG 名称,并且还输出该 RG 内的集群的位置,因此您可以使用该信息并将 IP 地址放入 MC 组中,如下所示:
resource "azurerm_public_ip" "publicIP" {
name = "AKSPubIP-${var.environment}"
resource_group_name = azurerm_kubernetes_cluster.new_prod_kubernetes.node_resource_group
location = azurerm_kubernetes_cluster.new_prod_kubernetes.location
allocation_method = "Static"
sku = "Standard"
tags = {
environment = var. environment
}
}
您还必须确保 IP 地址属于标准 SKU,以匹配使用 Terraform 声明时
Network Profile
中的 Kubernetes 负载均衡器声明。例如,如果您使用以下代码声明负载均衡器:
resource "azurerm_kubernetes_cluster" "new_prod_kubernetes" {
name = local.kubernetesclustername
location = azurerm_resource_group.new_prod_rg.location
resource_group_name = azurerm_resource_group.new_prod_rg.name
dns_prefix = local.aksdnsprefix
default_node_pool {
name = local.aksnodename
vm_size = local.aksnode_size
enable_auto_scaling = true
max_count = local.aksnode_max
min_count = local.aksnode_min
node_count = local.aksnode_count
os_sku = "Ubuntu"
os_disk_type = "Managed"
vnet_subnet_id = azurerm_subnet.akssubnet.id
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "kubenet"
load_balancer_sku = "standard"
}
tags = {
Environment = var.environment
}
}
完成这些操作后,您可以使用以下声明更改 Nginx 负载均衡器 IP:
set {
name = "controller.service.loadBalancerIP"
value = azurerm_public_ip.r21publicIP.ip_address
}
我确实尝试使用 Microsoft 推荐的以下控制器 API:
service.beta.kubernetes.io/azure-load-balancer-ipv6
、service.beta.kubernetes.io/azure-load-balancer-ipv4
或 service.beta.kubernetes.io/azure-pip-name
,但它们从未工作并且会出错。
我还尝试让集群访问创建集群的原始 RG。这是针对某些 GitHub 问题的建议,为集群提供对您在其中创建集群和其他资源的 RG(而不是 MC RG)的
Network Contributor
权限。这样集群就可以读取公共 IP 资源并将 Terraform 给出的地址与该资源进行匹配。即使集群总是有正确的访问权限,但由于某种原因,它永远无法获得公共 IP,并且在一段时间后,它会创建一个随机的 Pub IP。
这是用于记录目的的完整舵图,它可能有助于理解要做什么:
# Install Nginx Ingress using Helm Chart
resource "helm_release" "ingress" {
name = "nginx-ingress"
repository = "https://kubernetes.github.io/ingress-nginx"
chart = "ingress-nginx"
create_namespace = true
namespace = "nginx-ingress"
depends_on = [azurerm_kubernetes_cluster.new_prod_kubernetes]
set {
name = "rbac.create"
value = "false"
}
set {
name = "controller.service.externalTrafficPolicy"
value = "Local"
}
set {
name = "controller.service.loadBalancerIP"
value = azurerm_public_ip.publicIP.ip_address
}
set {
name = "controller.replicaCount"
value = "2"
}
set {
name = "controller.nodeSelector.kubernetes\\.io/os"
value = "linux"
}
set {
name = "defaultBackend.nodeSelector.kubernetes\\.io/os"
value = "linux"
}
set {
name = "controller.admissionWebhooks.patch.nodeSelector.kubernetes\\.io/os"
value = "linux"
}
set {
name = "controller.publishService.enabled"
value = "true"
}
set {
name = "controller.service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path"
value = "/healthz"
}
timeout = 900
}