当前位置: 首页 > 知识库问答 >
问题:

未找到Nginx-Inete Helm部署--tcp-services-configmap参数

戚兴思
2023-03-14

我正在尝试使用入口进行TCP/UDP端口转发。

以下文档:https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

它说要设置:--tcp服务配置映射,但没有告诉您在哪里设置它。我假设这是命令行参数。然后我在google上搜索了nginx入口的命令行参数列表

https://kubernetes.github.io/ingress-nginx/user-guide/cli-arguments/

在这里,您可以清楚地看到它是控制器的参数:

--tcp services configmap包含要公开的tcp服务的定义的configmap的名称。地图中的键指示要使用的外部端口。该值是对“名称空间/名称:端口”形式的服务的引用,其中“端口”可以是端口号或名称。TCP端口80和443由控制器保留,用于服务HTTP流量。

第一个问题:如何动态添加到nginx-ingress helm图表的容器参数中,我在任何地方都没有看到记录?

第二个问题:在当前版本的nginx入口中设置此选项的正确方法是什么,因为设置命令行参数会导致容器启动失败,因为二进制文件没有该参数选项。

此处为默认舵图值。yaml关于为tcp服务的configmap设置名称空间,有一些选项,但鉴于文档说我必须将其设置为参数,但该参数无法启动,我不确定您实际是如何设置的。

https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml

我手动编辑了部署并在容器参数上设置了标志:

      - args:
    - -nginx-plus=false
    - -nginx-reload-timeout=60000
    - -enable-app-protect=false
    - -nginx-configmaps=$(POD_NAMESPACE)/emoney-nginx-controller-nginx-ingress
    - -default-server-tls-secret=$(POD_NAMESPACE)/emoney-nginx-controller-nginx-ingress-default-server-tls
    - -ingress-class=emoney-ingress
    - -health-status=false
    - -health-status-uri=/nginx-health
    - -tcp-services-configmap=emoney-node/tcp-services-configmap
    - -nginx-debug=false
    - -v=1
    - -nginx-status=true
    - -nginx-status-port=8080
    - -nginx-status-allow-cidrs=127.0.0.1
    - -report-ingress-status
    - -external-service=emoney-nginx-controller-nginx-ingress
    - -enable-leader-election=true
    - -leader-election-lock-name=emoney-nginx-controller-nginx-ingress-leader-election
    - -enable-prometheus-metrics=true
    - -prometheus-metrics-listen-port=9113
    - -prometheus-tls-secret=
    - -enable-custom-resources=true
    - -enable-tls-passthrough=false
    - -enable-snippets=false
    - -enable-preview-policies=false
    - -ready-status=true
    - -ready-status-port=8081
    - -enable-latency-metrics=false
    env:

当我像文档所说的那样设置时,pod无法启动,因为它错误地说参数不是二进制的选项。

kubectl logs emoney-nginx-controller-nginx-ingress-5769565cc7-vmgrf -n emoney-node
flag provided but not defined: -tcp-services-configmap
Usage of /nginx-ingress:
  -alsologtostderr
        log to standard error as well as files
  -default-server-tls-secret string
        A Secret with a TLS certificate and key for TLS termination of the default server. Format: <namespace>/<name>.
            If not set, than the certificate and key in the file "/etc/nginx/secrets/default" are used.
            If "/etc/nginx/secrets/default" doesn't exist, the Ingress Controller will configure NGINX to reject TLS connections to the default server.
            If a secret is set, but the Ingress controller is not able to fetch it from Kubernetes API or it is not set and the Ingress Controller
            fails to read the file "/etc/nginx/secrets/default", the Ingress controller will fail to start.
  -enable-app-protect
        Enable support for NGINX App Protect. Requires -nginx-plus.
  -enable-custom-resources
        Enable custom resources (default true)
  -enable-internal-routes
        Enable support for internal routes with NGINX Service Mesh. Requires -spire-agent-address and -nginx-plus. Is for use with NGINX Service Mesh only.
  -enable-latency-metrics
        Enable collection of latency metrics for upstreams. Requires -enable-prometheus-metrics
  -enable-leader-election
        Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress, VirtualServer and VirtualServerRoute resources -- only one replica will report status (default true). See -report-ingress-status flag. (default true)
  -enable-preview-policies
        Enable preview policies
  -enable-prometheus-metrics
        Enable exposing NGINX or NGINX Plus metrics in the Prometheus format
  -enable-snippets
        Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources.
  -enable-tls-passthrough
        Enable TLS Passthrough on port 443. Requires -enable-custom-resources
  -external-service string
        Specifies the name of the service with the type LoadBalancer through which the Ingress controller pods are exposed externally.
            The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. For Ingress resources only: Requires -report-ingress-status.
  -global-configuration string
        The namespace/name of the GlobalConfiguration resource for global configuration of the Ingress Controller. Requires -enable-custom-resources. Format: <namespace>/<name>
  -health-status
        Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
            Useful for external health-checking of the Ingress controller
  -health-status-uri string
        Sets the URI of health status location in the default server. Requires -health-status (default "/nginx-health")
  -ingress-class string
        A class of the Ingress controller.
        
            An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start.
            The Ingress controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
        
            The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. (default "nginx")
  -ingress-template-path string
        Path to the ingress NGINX configuration template for an ingress resource.
            (default for NGINX "nginx.ingress.tmpl"; default for NGINX Plus "nginx-plus.ingress.tmpl")
  -ingresslink string
        Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system.
            The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. For Ingress resources only: Requires -report-ingress-status.
  -leader-election-lock-name string
        Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. Requires -enable-leader-election. (default "nginx-ingress-leader-election")
  -log_backtrace_at value
        when logging hits line file:N, emit a stack trace
  -log_dir string
        If non-empty, write log files in this directory
  -logtostderr
        log to standard error instead of files
  -main-template-path string
        Path to the main NGINX configuration template. (default for NGINX "nginx.tmpl"; default for NGINX Plus "nginx-plus.tmpl")
  -nginx-configmaps string
        A ConfigMap resource for customizing NGINX configuration. If a ConfigMap is set,
            but the Ingress controller is not able to fetch it from Kubernetes API, the Ingress controller will fail to start.
            Format: <namespace>/<name>
  -nginx-debug
        Enable debugging for NGINX. Uses the nginx-debug binary. Requires 'error-log-level: debug' in the ConfigMap.
  -nginx-plus
        Enable support for NGINX Plus
  -nginx-reload-timeout int
        The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. (default 60000) (default 60000)
  -nginx-status
        Enable the NGINX stub_status, or the NGINX Plus API. (default true)
  -nginx-status-allow-cidrs string
        Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. (default "127.0.0.1")
  -nginx-status-port int
        Set the port where the NGINX stub_status or the NGINX Plus API is exposed. [1024 - 65535] (default 8080)
  -prometheus-metrics-listen-port int
        Set the port where the Prometheus metrics are exposed. [1024 - 65535] (default 9113)
  -prometheus-tls-secret string
        A Secret with a TLS certificate and key for TLS termination of the prometheus endpoint.
  -proxy string
        Use a proxy server to connect to Kubernetes API started by "kubectl proxy" command. For testing purposes only.
            The Ingress controller does not start NGINX and does not write any generated NGINX configuration files to disk
  -ready-status
        Enables the readiness endpoint '/nginx-ready'. The endpoint returns a success code when NGINX has loaded all the config after the startup (default true)
  -ready-status-port int
        Set the port where the readiness endpoint is exposed. [1024 - 65535] (default 8081)
  -report-ingress-status
        Updates the address field in the status of Ingress resources. Requires the -external-service or -ingresslink flag, or the 'external-status-address' key in the ConfigMap.
  -spire-agent-address string
        Specifies the address of the running Spire agent. Requires -nginx-plus and is for use with NGINX Service Mesh only. If the flag is set,
                    but the Ingress Controller is not able to connect with the Spire Agent, the Ingress Controller will fail to start.
  -stderrthreshold value
        logs at or above this threshold go to stderr
  -transportserver-template-path string
        Path to the TransportServer NGINX configuration template for a TransportServer resource.
            (default for NGINX "nginx.transportserver.tmpl"; default for NGINX Plus "nginx-plus.transportserver.tmpl")
  -v value
        log level for V logs
  -version
        Print the version, git-commit hash and build date and exit
  -virtualserver-template-path string
        Path to the VirtualServer NGINX configuration template for a VirtualServer resource.
            (default for NGINX "nginx.virtualserver.tmpl"; default for NGINX Plus "nginx-plus.virtualserver.tmpl")
  -vmodule value
        comma-separated list of pattern=N settings for file-filtered logging
  -watch-namespace string
        Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces
  -wildcard-tls-secret string
        A Secret with a TLS certificate and key for TLS termination of every Ingress host for which TLS termination is enabled but the Secret is not specified.
                Format: <namespace>/<name>. If the argument is not set, for such Ingress hosts NGINX will break any attempt to establish a TLS connection.
                If the argument is set, but the Ingress controller is not able to fetch the Secret from Kubernetes API, the Ingress controller will fail to start.

配置映射

apiVersion: v1
data:
  "1317": emoney-node/emoney-api:1317
  "9090": emoney-node/emoney-grpc:9090
  "26656": emoney-node/emoney:26656
  "26657": emoney-node/emoney-rpc:26657
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: emoney
    meta.helm.sh/release-namespace: emoney-node
  creationTimestamp: "2021-11-01T18:06:49Z"
  labels:
    app.kubernetes.io/managed-by: Helm
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:1317: {}
        f:9090: {}
        f:26656: {}
        f:26657: {}
      f:metadata:
        f:annotations:
          .: {}
          f:meta.helm.sh/release-name: {}
          f:meta.helm.sh/release-namespace: {}
        f:labels:
          .: {}
          f:app.kubernetes.io/managed-by: {}
    manager: helm
    operation: Update
    time: "2021-11-01T18:06:49Z"
  name: tcp-services-configmap
  namespace: emoney-node
  resourceVersion: "2056146"
  selfLink: /api/v1/namespaces/emoney-node/configmaps/tcp-services-configmap
  uid: 188f5dc8-02f9-4ee5-a5e3-819d00ff8b67






Name:              emoney
Namespace:         emoney-node
Labels:            app.kubernetes.io/instance=emoney
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=ibcnode
                   app.kubernetes.io/version=1.16.0
                   helm.sh/chart=ibcnode-0.1.0
Annotations:       meta.helm.sh/release-name: emoney
                   meta.helm.sh/release-namespace: emoney-node
Selector:          app.kubernetes.io/instance=emoney,app.kubernetes.io/name=ibcnode
Type:              ClusterIP
IP:                172.20.30.240
Port:              p2p  26656/TCP
TargetPort:        26656/TCP
Endpoints:         10.0.36.192:26656
Session Affinity:  None
Events:            <none>


Name:              emoney-api
Namespace:         emoney-node
Labels:            app.kubernetes.io/instance=emoney
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=ibcnode
                   app.kubernetes.io/version=1.16.0
                   helm.sh/chart=ibcnode-0.1.0
Annotations:       meta.helm.sh/release-name: emoney
                   meta.helm.sh/release-namespace: emoney-node
Selector:          app.kubernetes.io/instance=emoney,app.kubernetes.io/name=ibcnode
Type:              ClusterIP
IP:                172.20.166.97
Port:              api  1317/TCP
TargetPort:        1317/TCP
Endpoints:         10.0.36.192:1317
Session Affinity:  None
Events:            <none>


Name:              emoney-grpc
Namespace:         emoney-node
Labels:            app.kubernetes.io/instance=emoney
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=ibcnode
                   app.kubernetes.io/version=1.16.0
                   helm.sh/chart=ibcnode-0.1.0
Annotations:       meta.helm.sh/release-name: emoney
                   meta.helm.sh/release-namespace: emoney-node
Selector:          app.kubernetes.io/instance=emoney,app.kubernetes.io/name=ibcnode
Type:              ClusterIP
IP:                172.20.136.177
Port:              grpc  9090/TCP
TargetPort:        9090/TCP
Endpoints:         10.0.36.192:9090
Session Affinity:  None
Events:            <none>


Name:                     emoney-nginx-controller-nginx-ingress
Namespace:                emoney-node
Labels:                   app.kubernetes.io/instance=emoney-nginx-controller
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=emoney-nginx-controller-nginx-ingress
                          helm.sh/chart=nginx-ingress-0.11.3
Annotations:              meta.helm.sh/release-name: emoney-nginx-controller
                          meta.helm.sh/release-namespace: emoney-node
Selector:                 app=emoney-nginx-controller-nginx-ingress
Type:                     LoadBalancer
IP:                       172.20.16.202
LoadBalancer Ingress:     lb removed
Port:                     http  80/TCP
TargetPort:               80/TCP
NodePort:                 http  32250/TCP
Endpoints:                10.0.43.32:80
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  32375/TCP
Endpoints:                10.0.43.32:443
Session Affinity:         None
External Traffic Policy:  Local
HealthCheck NodePort:     30904
Events:                   <none>


Name:              emoney-rpc
Namespace:         emoney-node
Labels:            app.kubernetes.io/instance=emoney
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=ibcnode
                   app.kubernetes.io/version=1.16.0
                   helm.sh/chart=ibcnode-0.1.0
Annotations:       meta.helm.sh/release-name: emoney
                   meta.helm.sh/release-namespace: emoney-node
Selector:          app.kubernetes.io/instance=emoney,app.kubernetes.io/name=ibcnode
Type:              ClusterIP
IP:                172.20.42.163
Port:              rpc  26657/TCP
TargetPort:        26657/TCP
Endpoints:         10.0.36.192:26657
Session Affinity:  None
Events:            <none>





  helm repo add nginx-stable https://helm.nginx.com/stable --kubeconfig=./kubeconfig || echo "helm repo already added"

  helm repo update --kubeconfig=./kubeconfig || echo "helm repo already updated"

  helm upgrade ${app_name}-nginx-controller -n ${app_namespace} nginx-stable/nginx-ingress \
  --install \
  --kubeconfig=./kubeconfig \
  --create-namespace \
  --set controller.service.type=LoadBalancer \
  --set controller.tcp.configMapNamespace=${app_namespace} \
  --set controller.ingressClass="${app_name}-ingress"

  kubectl rollout status -w deployment/${app_name} --kubeconfig=./kubeconfig -n ${app_namespace}


  #- --tcp-services-configmap=emoney-node/tcp-services-configmap

共有1个答案

满伟彦
2023-03-14
匿名用户

你可以说helm图表有偏见,因为它没有公开将这些参数设置为图表值的选项。当需要根据值时,它会根据条件逻辑自行设置它们。

当我在repo中检查nginx模板时,我看到从params helper文件中的模板传递了其他参数。这些似乎是动态生成的。即。

{{- if .Values.tcp }}
- --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp
{{- end }}

因此,似乎只有当tcp值不为空时,它才会使用此标志。在相同的条件下,它将创建配置图。

此外,tcp值允许您设置键configMapNamespace。因此,如果您仅设置此键,则该标志将作为参数助手使用。现在,您只需要在提供的命名空间中创建配置图,并让它与名称{{include"ingress-nginx.fullname " . }}-tcp匹配。

因此,您可以在default命名空间中创建配置图并将其命名为ingress-nginx-tcp或类似名称,具体取决于您如何设置发布名称。

kubectl create configmap ingress-nginx-tcp --from-literal 1883=mqtt/emqx:1883 -n default
helm install --set controller.tcp.configMapNamespace=default ingress-nginx ingress-nginx/ingress-nginx

我认为唯一的问题是你不能在<代码>中创建它。释放命名空间,因为当tcp不为空时,它将尝试自己在那里创建configmap,这将导致冲突。至少我是这样解释图表回购中的模板的。

我个人已经通过值文件配置了TCP,我将该文件传递给helm,并使用-f。

helm install -f values.yaml ingress-nginx ingress-nginx/ingress-nginx
# configure the tcp configmap
tcp:
  1883: mqtt/emqx:1883
  8883: mqtt/emqx:8883

# enable the service and expose the tcp ports.
# be careful as this will pontentially make them 
# availble on the public web
controller:
  service:
    enabled: true
    ports:
      http: 80
      https: 443
      mqtt: 1883
      mqttssl: 8883
    targetPorts:
      http: http
      https: https
      mqtt: mqtt
      mqttssl: mqttssl

 类似资料:
  • 我有一个没有集成api的NextJS应用程序,我想部署到Vercel。当我在本地运行它时,它工作得很好。,而且我也可以在没有任何错误的情况下构建它。。然而,当我在Vercel部署它时,我收到一个。 以下是我的文件夹结构: 我正在使用NextJs 10.0.3。 以下是已部署应用的链接。 我没有nextjs配置文件。我的假设是,错误是由动态路径引起的,但我找不到我的错误。此外,部署应用程序时没有页面

  • Go 是一个独立的 HTTP 服务器,但是我们有些时候为了 nginx 可以帮我做很多工作,例如访问日志,cc 攻击,静态服务等,nginx 已经做的很成熟了,Go 只要专注于业务逻辑和功能就好,所以通过 nginx 配置代理就可以实现多应用同时部署,如下就是典型的两个应用共享 80 端口,通过不同的域名访问,反向代理到不同的应用。 server { listen 80;

  • 我正在尝试实现对我的 DEV Azure 应用服务的持续集成和持续部署。我正在使用可视化工作室团队服务上的托管代理。我的发布定义上的“将网站部署到 Azure”步骤一直失败,并显示错误“找不到具有指定模式的包”。有什么想法吗?

  • 在Tomcat服务器中部署代码后,我在浏览器中查看所有页面时都收到一条找不到的错误消息。 例如:- 未找到 /BOOKS/web/Index.html。 我在网络文件夹下有Index.html的文件。这是一个Spring-MVC框架应用程序。 下面是错误日志详细信息。 错误日志 请帮帮忙。

  • 这是我的nginx配置文件。 默认情况下。conf,第一个位置用于访问/usr/share/nginx/html目录,当我访问http://47.91.152.99.但是,当我为目录/usr/share/nginx/public directory添加一个新位置时,nginx会在我访问时返回404页http://47.91.152.99/test. 那么,到底是怎么回事呢?我误用nginx的指令吗

  • 我正在尝试修复glassfish警告:上下文路径与bundle不同,但至少通过IDE无法创建glassfish-web.xml文件: 找不到此项目的部署配置。无法正确设置部署描述符版本。