65 lines
1.8 KiB
Markdown
65 lines
1.8 KiB
Markdown
# 02-03 Nginx + 工作节点 + Ingress(M3)
|
||
|
||
> 场景:nginx 随机一台工作节点(`nodeSelector: node-role.kubernetes.io/worker: ""`),跨节点 Ingress 暴露 `/demo-m3`。整合于 `02-05-nginx-验证矩阵-一键部署.md`。
|
||
|
||
|
||
## TL;DR
|
||
|
||
- **自动化验收**:`./scripts/verify.sh run 02-03`
|
||
- **关键前置**:按本文「前置条件」准备环境变量/Secret/入口 IP
|
||
- **成功判据**:达到本文「预期」且 playbook 断言通过
|
||
- **排障**:见本文「排障」
|
||
|
||
## 前置条件
|
||
|
||
- 已完成 `01-02-k3s-工作节点.md`
|
||
- 工作节点有 `node-role.kubernetes.io/worker` 标签
|
||
- 工作节点网络连通(8472/udp、firewalld 基线)
|
||
|
||
## 操作步骤
|
||
|
||
1. 部署 nginx Deployment(nodeSelector 工作节点标签,随机调度)+ Service
|
||
2. 创建 Middleware + Ingress(`/demo-m3` -> nginx-m3:80)
|
||
3. 等待资源就绪
|
||
|
||
示例 YAML 见 `ansible/files/02-05/03-worker-ingress.yaml`。
|
||
|
||
## 部署命令
|
||
|
||
```bash
|
||
kubectl apply -f ansible/files/02-05/03-worker-ingress.yaml
|
||
```
|
||
|
||
## 验证命令
|
||
|
||
```bash
|
||
kubectl get pod,svc,ing -n default -o wide
|
||
curl -i --max-time 3 http://<入口节点IP>/demo-m3/
|
||
```
|
||
|
||
## 预期
|
||
|
||
- 返回 200,页面包含 Welcome to nginx!
|
||
- Pod 落在任一工作节点(随机调度)
|
||
|
||
## 删除
|
||
|
||
```bash
|
||
kubectl delete -f ansible/files/02-05/03-worker-ingress.yaml
|
||
```
|
||
|
||
## 失败排查
|
||
|
||
- 检查 8472/udp、firewalld 转发(flannel.1/cni0 trusted)
|
||
- 参考 `06-01-k3s-networkpolicy-故障排查.md`
|
||
|
||
## 下一步
|
||
|
||
- 返回 `02-05-nginx-验证矩阵-一键部署.md` 或 `00-00-构建总览.md`
|
||
|
||
## 排障
|
||
|
||
- **先看 playbook 输出**:失败时先定位是 deploy/wait/http_check 哪一步。
|
||
- **集群侧总览**:`kubectl get nodes -o wide`、`kubectl -n kube-system get pods -o wide`。
|
||
- **事件与日志**:`kubectl -n <ns> describe ...`、`kubectl -n <ns> logs ... --tail=200`。
|