由于Kubernetes 1.22升级,我最近升级了入口和外部dns。我在你可以在这里看到的地方做了更改。
现在nginx控制器在k8s上运行,没有错误,但我无法从笔记本电脑上获取URL来访问服务。
我尝试过的:
nslookup grafana.shaungc.com或nslookup code-server.shaungc.com给出结果。这意味着外部dns正在工作。我正在使用Route53。我注意到所有的微服务端点都指向同一个公共IP地址10.245.215.152,但我想这很正常,因为我使用的是clusterIP- 查看入口控制器日志(我跳过了一些似乎不相关的部分(
(initially)
...
I1023 11:30:24.114812 6 controller.go:648] Replacing location "/" for server "code-server.shaungc.com" with upstream "upstream-default-backend" to use upstream "code-server-code-server-service-8003" (Ingress "code-server/code-server-ingress-resource")
I1023 11:30:24.114828 6 controller.go:648] Replacing location "/" for server "*.shaungc.com" with upstream "upstream-default-backend" to use upstream "cert-manager-dummy-svc-dummy-port" (Ingress "cert-manager/tls-wildcard-cert-ingress-resource")
I1023 11:30:24.114841 6 controller.go:648] Replacing location "/" for server "*.api.shaungc.com" with upstream "upstream-default-backend" to use upstream "cert-manager-dummy-svc-dummy-port" (Ingress "cert-manager/tls-wildcard-cert-ingress-resource")
I1023 11:30:24.114854 6 controller.go:648] Replacing location "/" for server "*.812c211c-6cbb-79e3-420e-92502524c690.shaungc.com" with upstream "upstream-default-backend" to use upstream "cert-manager-dummy-svc-dummy-port" (Ingress "cert-manager/tls-wildcard-cert-ingress-resource")
I1023 11:30:24.114874 6 controller.go:303] Obtaining information about TCP stream services from ConfigMap "kube-system/nginx-ingress-controller-ingress-nginx-tcp"
...
I1023 11:30:24.124150 6 template.go:914] empty byte size, hence it will not be set
I1023 11:30:24.198254 6 main.go:101] "successfully validated configuration, accepting" ingress="tls-wildcard-cert-ingress-resource/cert-manager"
I1023 11:30:24.203337 6 store.go:741] updating annotations information for ingress cert-manager/tls-wildcard-cert-ingress-resource
I1023 11:30:24.203620 6 main.go:187] "No default affinity found" ingress="tls-wildcard-cert-ingress-resource"
I1023 11:30:24.204116 6 store.go:775] updating references to secrets for ingress cert-manager/tls-wildcard-cert-ingress-resource
I1023 11:30:24.204362 6 backend_ssl.go:41] "Syncing Secret" name="cert-manager/wilcard-tls-ing-certificate-secret"
I1023 11:30:24.203428 6 event.go:282] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"cert-manager", Name:"tls-wildcard-cert-ingress-resource", UID:"a1a81692-9205-4abe-95e7-c4c0a865a49b", APIVersion:"networking.k8s.io/v1", ResourceVersion:"110423110", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
I1023 11:30:24.204981 6 ssl.go:111] "parsing ssl certificate extensions"
I1023 11:30:24.205151 6 backend_ssl.go:145] "Configuring Secret "cert-manager/wilcard-tls-ing-certificate-secret" for TLS encryption ...
...
I1023 11:30:24.208957 6 endpoints.go:129] Endpoints found for Service "code-server/code-server-service": [{10.244.0.160 8003 &ObjectReference{Kind:Pod,Namespace:code-server,Name:code-server-deployment-5445c4587-64bj6,UID:b28da30d-43dd-4cf4-b365-b90e8ab0668c,APIVersion:,ResourceVersion:110407594,FieldPath:,}}]
I1023 11:30:24.209142 6 controller.go:1262] Host "grafana.shaungc.com" is listed in the TLS section but secretName is empty. Using default certificate
I1023 11:30:24.209310 6 controller.go:1262] Host "api.shaungc.com" is listed in the TLS section but secretName is empty. Using default certificate
I1023 11:30:24.209447 6 controller.go:1262] Host "appl-tracky.api.shaungc.com" is listed in the TLS section but secretName is empty. Using default certificate
I1023 11:30:24.209899 6 controller.go:1262] Host "code-server.shaungc.com" is listed in the TLS section but secretName is empty. Using default certificate
...
I1023 11:30:37.447833 6 status.go:276] "skipping update of Ingress (no change)" namespace="appl-tracky-api" ingress="appl-tracky-api-ingress-resource"
I1023 11:30:37.447842 6 status.go:276] "skipping update of Ingress (no change)" namespace="cert-manager" ingress="tls-wildcard-cert-ingress-resource"
I1023 11:30:37.447850 6 status.go:276] "skipping update of Ingress (no change)" namespace="code-server" ingress="code-server-ingress-resource"
(end of log)
- 在K8s的面板中,我没有看到任何失败的pod或资源,都是绿色的
它以前工作过。但随着1.22 k8s的升级和我的PR的更改,我无法从浏览器或cURL访问集群上的任何网站/微服务。
此时,我还可以尝试调试什么?
原来我使用的传统Helm chartnginx-ingress与kubernetes/nginx ingress chart不同,它们是nginx ingress控制器的不同替代品-以前它们的开发同时共存,是不同的nginx ingress解决方案。在我看来,遗留的Helm图表README弃用注释仅指向kubernetes/nginx-ingress是次优的。这不会是线性升级,它们在许多默认图表行为中都有所不同。我浏览了他们的版本历史,调整了语法,甚至让它在没有错误的情况下完美运行nginx ingress,但我的外部流量仍然无法到达我的集群服务,甚至没有得到正确的集群公共IP。它只是不适用于我的用例。
解决方案?看起来Bitnami nginx控制器实际上是传统舵图的继任者。虽然语法不同,但实际上只是控制器级别的配置被拉到了第一/全局级别,其他默认行为与传统的helm非常相似,因此它适用于我的设置。事实上,我能够升级到Bitnami图表9.3.18的最新版本。我在这里进一步解释了我的用例。我整个周末都在这上面!