I have a standalone Kubernetes cluster:
plane node - hostname kubernetes1 - 192.168.1.126
work node - hostname kubernetes2 - 192.168.1.138
I deployed this private repository:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv1
spec:
capacity:
storage: 5Gi # specify your own size
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain
local:
path: /opt/registry # can be any path
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- kubernetes2
accessModes:
- ReadWriteMany # only 1 node will read/write on the path.
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv1-claim
spec: # should match specs added in the PersistenVolume
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: private-repository-k8s
labels:
app: private-repository-k8s
spec:
replicas: 1
selector:
matchLabels:
app: private-repository-k8s
template:
metadata:
labels:
app: private-repository-k8s
spec:
volumes:
- name: certs-vol
hostPath:
path: /opt/certs
type: Directory
- name: task-pv-storage
persistentVolumeClaim:
claimName: pv1-claim # specify the PVC that you've created. PVC and Deployment must be in same namespace.
containers:
- image: registry:2
name: private-repository-k8s
imagePullPolicy: IfNotPresent
env:
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: "/opt/certs/registry.crt"
- name: REGISTRY_HTTP_TLS_KEY
value: "/opt/certs/registry.key"
ports:
- containerPort: 5000
volumeMounts:
- name: certs-vol
mountPath: /opt/certs
- name: task-pv-storage
mountPath: /opt/registry
Service is deployed on the work node:
kubernetes@kubernetes1:/opt/registry$ kubectl get pods
NAME READY STATUS RESTARTS AGE
private-repository-k8s-6d5d954b4f-ldwd6 1/1 Running 0 153m
kubernetes@kubernetes1:/opt/registry$
I tried to create a ingress access because I want to access this pod from the outside:
kubectl create namespace test
service controller:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: test
name: private-repository-service-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- host: kubernetes2
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: private-repository-service
port:
number: 5000
service-load-balancer:
apiVersion: v1
kind: Service
metadata:
namespace: test
name: private-repository-service
spec:
#type: NodePort
selector:
app: private-repository-k8s
ports:
# By default and for convenience, the `targetPort` is set to the same value as the `port` field.
- port: 5000
targetPort: 5000
# Optional field
# By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767)
#nodePort: 30007
When I run curl 192.168.1.138:5000 there is no response.
Do you know where I might be wrong?
EDIT:
kubernetes@kubernetes1:~$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d20h
private-registry-service ClusterIP 10.103.148.234 <none> 5000/TCP 6h34m
kubernetes@kubernetes1:~$
CodePudding user response:
Looks like you don't have an ingress-controller of any kind and just want to access the registry directly. In that case you need to create a service of type NodePort.
apiVersion: v1
kind: Service
metadata:
namespace: test
name: private-repository-service
spec:
type: NodePort # Added
selector:
app: private-repository-k8s
ports:
- port: 5000
targetPort: 5000
nodePort: 30123 # Added
This will bind the service port 5000 to the host's port 30123.
If you run kubectl get svc this will than give you a slightly different output.
kubernetes@kubernetes1:~$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d20h
private-registry-service ClusterIP 10.103.148.234 <none> 5000:30123/TCP 6h34m
Notice the mapping 30312:5000. Now you can send a request to the registry on that port: curl 192.168.1.138:30312. You can also omit the nodePort field, kubernetes will then choose a random one in the range between 3000 and 32767 for you. It will be displayed in the kubectl get svc command as shown above. The Ingress is not needed and can be removed.
If you want to use an Ingress as you provided you need to use an ingress-controller, like nginx or traefik, see also kubernetes docs on that topic.
[...] An Ingress controller is responsible for fulfilling the Ingress, usually with a load balancer, though it may also configure your edge router or additional frontends to help handle the traffic.
CodePudding user response:
Can you please make this change in the ingress.yaml and then apply this ingress.Also please post the output of kubectl get ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-private-registry-service
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: kubernetes2
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: private-registry-service
port:
number: 5000