Helm 包部署入口控制器使用 terraform

问题描述 投票:0回答:1

这是当前为 aks 集群创建 nginx 控制器的脚本,下面是代码

resource "azurerm_public_ip" "ingress" {
  name                = "AKS-Ingress-Controller"
  resource_group_name = var.resource_group_name
  location            = var.location
  allocation_method   = "Static"
}

resource "helm_release" "nginx_ingress" {
  name       = "ingress-nginx"
  namespace        = var.nginx_name
  create_namespace = true
  repository  = "https://kubernetes.github.io/ingress-nginx"
  chart      = "ingress-nginx"

  set {
    name  = "rbac.create"
    value = "false"
  }
  set {
    name  = "service.type"
    value = "ClusterIP"
  }
  set {
    name  = "controller.service.externalTrafficPolicy"
    value = "Local"
  }
  set {
    name  = "controller.replicaCount"
    value = "2"
  }
  set {
    name  = "controller.nodeSelector.kubernetes\\.io/os" 
    value = "linux"
  }
  set {
    name  = "defaultBackend.nodeSelector.kubernetes\\.io/os"
    value = "linux"
  }
  set {
    name = "controller.admissionWebhooks.patch.nodeSelector.kubernetes\\.io/os"
    value = "linux"
  }
  set {
      name= "controller.service.type"
      value= "LoadBalancer"
  } 
   set {
      name ="controller.service.loadBalancerIP"
      value= azurerm_public_ip.ingress.ip_address
  } 
  set {
      name ="controller.service.annotations.service.kubernetes\\.io/azure-load-balancer-resource-group"
      value= var.resource_group_name
  } 
}

我不确定我做错了什么?如果有人能指出我正确的方向,我将不胜感激。 脚本完成后,Pod 不会显示 CrashLoopBackOff

NAMESPACE                            NAME                                                              READY   STATUS             RESTARTS   AGE
aksns-eu2-siesmart-d-ngnix-ingress   ingress-nginx-controller-7fc74cf778-d8m7q                         0/1     CrashLoopBackOff   8          17m
aksns-eu2-siesmart-d-ngnix-ingress   ingress-nginx-controller-7fc74cf778-gj8rk                         0/1     CrashLoopBackOff   8          17m

我不知道错误在哪里..你能帮我吗?

azure-aks nginx-ingress terraform-provider-azure
1个回答
0
投票

经过几天的研究,我设法找到了解决方案。

本质上,问题在于,如果您在另一个资源组中拥有静态公共 IP,但它不在 MC 资源组中,则集群将处于挂起状态。

那么问题来了:我无法知道该资源组在创建时的名称,那么如何将静态 IP 放入该 RG 中?

答案是 Terraform Kubernetes 资源输出 RG 名称,并且还输出该 RG 内的集群的位置,因此您可以使用该信息并将 IP 地址放入 MC 组中,如下所示:

文档链接:https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#attributes-reference

resource "azurerm_public_ip" "publicIP" {
  name                = "AKSPubIP-${var.environment}"
  resource_group_name = azurerm_kubernetes_cluster.new_prod_kubernetes.node_resource_group
  location            = azurerm_kubernetes_cluster.new_prod_kubernetes.location
  allocation_method   = "Static"
  sku = "Standard"

  tags = {
    environment = var. environment
  }
}

您还必须确保 IP 地址属于标准 SKU,以匹配使用 Terraform 声明时 

Network Profile
中的 Kubernetes 负载均衡器声明。例如,如果您使用以下代码声明负载均衡器:

resource "azurerm_kubernetes_cluster" "new_prod_kubernetes" {
  name                = local.kubernetesclustername
  location            = azurerm_resource_group.new_prod_rg.location
  resource_group_name = azurerm_resource_group.new_prod_rg.name
  dns_prefix          = local.aksdnsprefix

  default_node_pool {
    name                = local.aksnodename
    vm_size             = local.aksnode_size
    enable_auto_scaling = true
    max_count           = local.aksnode_max
    min_count           = local.aksnode_min
    node_count          = local.aksnode_count
    os_sku              = "Ubuntu"
    os_disk_type        = "Managed"
    vnet_subnet_id      = azurerm_subnet.akssubnet.id
  }

  identity {
    type = "SystemAssigned"
  }

  network_profile {
    network_plugin    = "kubenet"
    load_balancer_sku = "standard"
  }

  tags = {
    Environment = var.environment
  }
}

完成这些操作后,您可以使用以下声明更改 Nginx 负载均衡器 IP:

 set {
    name  = "controller.service.loadBalancerIP"
    value = azurerm_public_ip.r21publicIP.ip_address
  }

我确实尝试使用 Microsoft 推荐的以下控制器 API:

service.beta.kubernetes.io/azure-load-balancer-ipv6
service.beta.kubernetes.io/azure-load-balancer-ipv4
service.beta.kubernetes.io/azure-pip-name
,但它们从未工作并且会出错。

我还尝试让集群访问创建集群的原始 RG。这是针对某些 GitHub 问题的建议,为集群提供对您在其中创建集群和其他资源的 RG(而不是 MC RG)的 

Network Contributor
权限。这样集群就可以读取公共 IP 资源并将 Terraform 给出的地址与该资源进行匹配。即使集群总是有正确的访问权限,但由于某种原因,它永远无法获得公共 IP,并且在一段时间后,它会创建一个随机的 Pub IP。

这是用于记录目的的完整舵图,它可能有助于理解要做什么:

# Install Nginx Ingress using Helm Chart
resource "helm_release" "ingress" {
  name             = "nginx-ingress"
  repository       = "https://kubernetes.github.io/ingress-nginx"
  chart            = "ingress-nginx"
  create_namespace = true
  namespace        = "nginx-ingress"
  depends_on = [azurerm_kubernetes_cluster.new_prod_kubernetes]

  set {
    name  = "rbac.create"
    value = "false"
  }
  set {
    name  = "controller.service.externalTrafficPolicy"
    value = "Local"
  }
  set {
    name  = "controller.service.loadBalancerIP"
    value = azurerm_public_ip.publicIP.ip_address
  }

  set {
    name  = "controller.replicaCount"
    value = "2"
  }
  set {
    name  = "controller.nodeSelector.kubernetes\\.io/os"
    value = "linux"
  }
  set {
    name  = "defaultBackend.nodeSelector.kubernetes\\.io/os"
    value = "linux"
  }
  set {
    name  = "controller.admissionWebhooks.patch.nodeSelector.kubernetes\\.io/os"
    value = "linux"
  }  
  set {
    name  = "controller.publishService.enabled"
    value = "true"
  }
  set {
    name  = "controller.service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path"
    value = "/healthz"
  }
  timeout = 900
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.