我使用nginx ingress为多个服务进行基于路径的路由。
我的服务输出
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
ingress-nginx-controller LoadBalancer X.X.X.33 X.X.X.112 80:30853/TCP,443:31386/TCP
ingress-nginx-controller-admission ClusterIP X.X.X.139 <none> 443/TCP
test1 ClusterIP X.X.X.197 <none> 9080/TCP
test2 ClusterIP X.X.X.30 <none> 9995/TCP
我的ingress.yaml文件
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-resource
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
spec:
rules:
- http:
paths:
- path: /test2
backend:
serviceName: test2
servicePort: 9995
- path: /test1
backend:
serviceName: test1
servicePort: 9080
和kubectl入口输出
NAME HOSTS ADDRESS PORTS AGE
ingress-resource * 80 45m
当我尝试从群集外部访问服务时-我得到404
-> http:// X.X.X.112/test1 return 404
-> http:// X.X.X.112/test2 return 404
Where X.X.X.112 is external ip of ingress-nginx-controller
->当我创建在8080端口上运行的服务入口时,它似乎工作得很好。什么问题?
我发现了这个问题。我错过了
annotations:
kubernetes.io/ingress.class: nginx
现在我有其他问题。当我使用时
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: test2
servicePort: 9995
我的http://X.X.X.112/运行良好,它指向serviceName-test2同样,它也适用于其他服务。
但是当我使用时
spec:
rules:
- http:
paths:
- path: /test2
backend:
serviceName: test2
servicePort: 9995
- path: /test1
backend:
serviceName: test1
servicePort: 9080
在进行时,我得到了不允许的405方法
-> http:// X.X.X.112/test1 return 405
-> http:// X.X.X.112/test2 return 405
我厌倦了再添加一些注释。
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE, PATCH
nginx.ingress.kubernetes.io/enable-cors: "true"
我还错过了什么?
我在GKE上尝试了您的示例(由于您没有提供所使用的部署,所以更改了部署(。
正如我在评论中提到的,要在GKE上强制Nginx Ingress,必须使用注释:
annotations:
kubernetes.io/ingress.class: nginx
否则GKE将使用不支持重写注释的默认gce入口。
apiVersion: apps/v1
kind: Deployment
metadata:
name: test1
spec:
replicas: 1
selector:
matchLabels:
key: test1
template:
metadata:
labels:
key: test1
spec:
containers:
- name: hello1
image: gcr.io/google-samples/hello-app:1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: test1
spec:
selector:
key: test1
ports:
- port: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: test2
labels:
app: mycha-app
spec:
replicas: 1
selector:
matchLabels:
app: test2
template:
metadata:
labels:
app: test2
spec:
containers:
- name: nginx2
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: test2
labels:
app: test2
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: test2
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /test1
backend:
serviceName: test1
servicePort: 80
- path: /test2
backend:
serviceName: test2
servicePort: 80
$ kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 7h59m
default test1 ClusterIP 10.0.14.220 <none> 80/TCP 9m18s
default test2 ClusterIP 10.0.0.243 <none> 80/TCP 9m16s
ingress-nginx ingress-nginx-controller LoadBalancer 10.0.7.75 35.228.2XX.XX 80:32643/TCP,443:32733/TCP 18m
$ curl 35.228.2XX.XX/test1
Hello, world!
Version: 1.0.0
Hostname: test1-5844dc9688-n95tj
$ curl 35.228.2XX.XX/test2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
...
如果此示例在您的集群上不起作用,则需要创建防火墙规则以允许流量。
如果此示例有效,则表示您的Deployment/Service中存在配置不匹配。
- 可能是
service和deployment之间的选择器配置错误(在第一个部署中是key: test1,在第二个部署中为app: test2( - 应用程序正在侦听
containerPort中设置的不同端口。如果仅在服务中设置port,则在containerPort中将设置相同的值。在test1部署中,它不会像hello-app:1.0那样仅在port 8080上侦听
你好吊舱
# netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::8080 :::* LISTEN 1/hello-app
Nginx吊舱
# netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx: master pro
如果您仍有问题,请发表评论。