Installing NGINX Ingress Controller on bare metal environments

Jinwook · January 24, 2019, 4:49am

I Installed NGINX Ingress Controller on bare metal environments. It worked very well when I tested it.
I have 1 mater node and 4 worker nodes.
I refered to this url

github.com

nginxinc/kubernetes-ingress/blob/master/docs/installation.md

# Installing the Ingress Controller

## Prerequisites

Make sure you have access to the Ingress controller image:

* For NGINX Ingress controller, use the image `nginx/nginx-ingress` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/).
* For NGINX Plus Ingress controller, build your own image and push it to your private Docker registry by following the instructions from [here](../build/README.md).

The installation manifests are located in the [deployments](../deployments) folder. In the steps below we assume that you will be running the commands from that folder.

## 1. Create a Namespace, a SA, the Default Secret and the Customization Config Map.

1. Create a namespace and a service account for the Ingress controller:
    ```
    kubectl apply -f common/ns-and-sa.yaml
    ```

1. Create a secret with a TLS certificate and a key for the default server in NGINX:
    ```

This file has been truncated. show original

I used a DaemonSet for deploying the Ingress controller on every node.

The manual said that “If you created a daemonset, ports 80 and 443 of the Ingress controller container are mapped to the same ports of the node where the container is running. To access the Ingress controller, use those ports and an IP address of any node of the cluster where the Ingress controller is running.”
So I checked 80 and 443 port on my master and worker node.
but there are no listening port.
here is output of netstat.

[tc@master1 ~] netstat -an|grep 443|grep -i listen tcp6 0 0 :::6443 :::* LISTEN [tc@master1 ~]
[tc@master1 ~]$ netstat -an|grep 80|grep -i listen
tcp 0 0 16.171.7.61:2380 0.0.0.0:* LISTEN
tcp6 0 0 :::30880 :::* LISTEN

[tc@worker1 ~] netstat -an|grep 443|grep -i listen [tc@worker1 ~] netstat -an|grep 80|grep -i listen
tcp6 0 0 :::30880 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 343895514 @/containerd-shim/moby/c73de23c17990dd4610fe83082f7dc5682e1bd69380937099309a9c57a042e3b/shim.sock
unix 2 [ ACC ] STREAM LISTENING 82745 @/containerd-shim/moby/cb9555232504e3411ba88ca5569c79d98803cd06946114f0658a9ae04054ec3a/shim.sock
unix 2 [ ACC ] STREAM LISTENING 343914870 @/containerd-shim/moby/663b73c613b363635d5430789936638dd8025f710e922f6bcaf25c739f85a247/shim.sock
[tc@worker1 ~]$

<1st question>
How can I find port 80 and 443 that is listening?

I did ps -ef|grep kube-proxy.
[tc@master1 ~]$ ps -ef|grep kube-proxy
root 418 32744 0 Jan21 ? 00:15:35 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=master1
tc 29446 17854 0 13:27 pts/0 00:00:00 grep --color=auto kube-proxy

So I checked kube-proxy and config.conf file. but there are no files below.

[tc@master1 ~] ls /usr/local/bin/kube-proxy ls: cannot access /usr/local/bin/kube-proxy: No such file or directory [tc@master1 ~] ls /var/lib/kube-proxy/config.conf
ls: cannot access /var/lib/kube-proxy/config.conf: No such file or directory
[tc@master1 ~]$

<2nd question>
Where are /usr/local/bin/kube-proxy and /var/lib/kube-proxy/config.conf

=============================
As I understand kubernetes network flow is like this.

Client request (from outside of k8s cluster) -> Ingress controller(port443, port80) -> Service (cluster IP)-> Iptables -> pod (in same worker node) or pod in different worker node)

<3rd question>
**Do I understand right? **
Can someone explain network flow with ingress controller , service, iptables, pod, flanneld?

Thanks,
Jinwook

Dmytro_Boiko · January 24, 2019, 5:26pm

Hi Jinwook

This is the ip address and port on which your Kube cluster listens to incoming traffic. You can telnet there and see something like

telnet 192.168.99.100 2380
Trying 192.168.99.100…
Connected to minikube.local.
Escape character is ‘^]’.

In my case it is just Minikube installation, with same ingress/nginx installed. Then traffic routes to nginx service which, in its turn, routes it to Deployment/Pod.

In general topic about Kubernetes networking “under the hood” is very broad, deep and sophisticated.
If you need just nginx perhaps it is easier to use Helm tool.

llarsson · January 25, 2019, 10:10am

Give us the output from kubectl describe on the DeamonSet in question, and one of the Pods in it.

It’s probably something wrong there, and maybe possible to spot this way.

Topic		Replies	Views
NGINX Ingress Controller Not Working Properly in Kubernetes Cluster General Discussions	4	4887	September 2, 2021
No nginx ingress service after setting up ingress controller as daemonset General Discussions	1	748	January 20, 2020
Debug Nginx Ingress Controller General Discussions	0	1169	March 30, 2022
Nginx-ingress-controller no access to all nodes General Discussions	1	560	May 31, 2023
Ingress resources not working properly General Discussions	0	3885	December 30, 2020

Installing NGINX Ingress Controller on bare metal environments

<1st question> How can I find port 80 and 443 that is listening?

Related topics

<1st question>
How can I find port 80 and 443 that is listening?