Installing NGINX Ingress Controller on bare metal environments


#1

I Installed NGINX Ingress Controller on bare metal environments. It worked very well when I tested it.
I have 1 mater node and 4 worker nodes.
I refered to this url


I used a DaemonSet for deploying the Ingress controller on every node.

The manual said that “If you created a daemonset, ports 80 and 443 of the Ingress controller container are mapped to the same ports of the node where the container is running. To access the Ingress controller, use those ports and an IP address of any node of the cluster where the Ingress controller is running.”
So I checked 80 and 443 port on my master and worker node.
but there are no listening port.
here is output of netstat.

[tc@master1 ~] netstat -an|grep 443|grep -i listen tcp6 0 0 :::6443 :::* LISTEN [tc@master1 ~]
[tc@master1 ~]$ netstat -an|grep 80|grep -i listen
tcp 0 0 16.171.7.61:2380 0.0.0.0:* LISTEN
tcp6 0 0 :::30880 :::* LISTEN

[tc@worker1 ~] netstat -an|grep 443|grep -i listen [tc@worker1 ~] netstat -an|grep 80|grep -i listen
tcp6 0 0 :::30880 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 343895514 @/containerd-shim/moby/c73de23c17990dd4610fe83082f7dc5682e1bd69380937099309a9c57a042e3b/shim.sock
unix 2 [ ACC ] STREAM LISTENING 82745 @/containerd-shim/moby/cb9555232504e3411ba88ca5569c79d98803cd06946114f0658a9ae04054ec3a/shim.sock
unix 2 [ ACC ] STREAM LISTENING 343914870 @/containerd-shim/moby/663b73c613b363635d5430789936638dd8025f710e922f6bcaf25c739f85a247/shim.sock
[tc@worker1 ~]$

<1st question>
How can I find port 80 and 443 that is listening?

I did ps -ef|grep kube-proxy.
[tc@master1 ~]$ ps -ef|grep kube-proxy
root 418 32744 0 Jan21 ? 00:15:35 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=master1
tc 29446 17854 0 13:27 pts/0 00:00:00 grep --color=auto kube-proxy

So I checked kube-proxy and config.conf file. but there are no files below.

[tc@master1 ~] ls /usr/local/bin/kube-proxy ls: cannot access /usr/local/bin/kube-proxy: No such file or directory [tc@master1 ~] ls /var/lib/kube-proxy/config.conf
ls: cannot access /var/lib/kube-proxy/config.conf: No such file or directory
[tc@master1 ~]$

<2nd question>
Where are /usr/local/bin/kube-proxy and /var/lib/kube-proxy/config.conf

=============================
As I understand kubernetes network flow is like this.

Client request (from outside of k8s cluster) -> Ingress controller(port443, port80) -> Service (cluster IP)-> Iptables -> pod (in same worker node) or pod in different worker node)

<3rd question>
**Do I understand right? **
Can someone explain network flow with ingress controller , service, iptables, pod, flanneld?

Thanks,
Jinwook


#2

Hi Jinwook

This is the ip address and port on which your Kube cluster listens to incoming traffic. You can telnet there and see something like

telnet 192.168.99.100 2380
Trying 192.168.99.100…
Connected to minikube.local.
Escape character is ‘^]’.

In my case it is just Minikube installation, with same ingress/nginx installed. Then traffic routes to nginx service which, in its turn, routes it to Deployment/Pod.

In general topic about Kubernetes networking “under the hood” is very broad, deep and sophisticated.
If you need just nginx perhaps it is easier to use Helm tool.


#3

Give us the output from kubectl describe on the DeamonSet in question, and one of the Pods in it.

It’s probably something wrong there, and maybe possible to spot this way.