我有一个服务(作为另一个应用程序的Helm子部分安装),它在Minikube环境中可以正确访问,但在远程Kubernetes集群上部署时无法访问。
服务应可通过入口访问。
入口:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-0.2.3"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
annotations:
# These annotations don't seem to make any difference
# traefik.ingress.kubernetes.io/ingress.class: traefik
# traefik.ingress.kubernetes.io/ssl-proxy-headers: X-Forwarded-Proto:https
# traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: "helper-service.example.com"
http:
paths:
- path: /
backend:
serviceName: helper-service
servicePort: service-port
服务
apiVersion: v1
kind: Service
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.13.1"
app.kubernetes.io/managed-by: "Helm"
spec:
selector:
app.kubernetes.io/name: "helper-service"
type: ClusterIP
ports:
- port: 8080
name: service-port
targetPort: 8080
protocol: TCP
部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
spec:
replicas: 1
revisionHistoryLimit: 3
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: "helper-service"
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/name: "helper-service"
spec:
containers:
- name: helper-service
image: "myregistry/myimage:myversion"
env:
- name: HELPER-SERVICE_BIND
value: ":8080"
ports:
- containerPort: 8080
向helper-service.example.com发送请求总是从Nginx返回404 not found错误。给定响应,看起来Nginx是可访问的,但无法提供对Ingress中指定的服务的访问。
然而,位于同一集群/命名空间上的父chart Helm应用程序可以通过NodePort服务上的Ingress访问,并且在访问时没有问题。
两项服务都正常运行:
$ k get all
NAME READY STATUS RESTARTS AGE
pod/myapp-645cd66d9-g84vm 2/2 Running 0 51m
pod/myapp-helper-service-fbc6bb4d8-zklf2 1/1 Running 0 4d19h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/myapp NodePort 10.10.10.11 <none> 8080:31033/TCP 110d
service/myapp-helper-service ClusterIP 10.10.10.61 <none> 8080/TCP 110d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/myapp 1/1 1 1 110d
deployment.apps/myapp-helper-service 1/1 1 1 110d
入侵看起来是正确的:
$ k get ingresses
NAME HOSTS ADDRESS PORTS AGE
myapp myapp.example.com 37.44.1.172 80, 443 116d
myapp-helper-service myapp-helper-service.example.com 80 116d
入口详细信息为:
$ k describe ingress/myapp-helper-service
Name: myapp-helper-service
Namespace: my-namespace
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" is forbidden: User cannot get resource "endpoints" in API group "" in the namespace "kube-system">)
Rules:
Host Path Backends
---- ---- --------
myapp-helper-service.example.com
/ myapp-helper-service:service-port (172.25.0.207:8080)
Events: <none>
部署的服务为:
$ k describe service/myapp-helper-service
Name: myapp-helper-service
Namespace: mynamespace
Labels: app.kubernetes.io/instance=myapp
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=helper-service
app.kubernetes.io/version=2.1
helm.sh/chart=helper-service-0.2.3
Annotations: meta.helm.sh/release-name: myapp
meta.helm.sh/release-namespace: mynamespace
Selector: app.kubernetes.io/instance=myapp,app.kubernetes.io/name=helper-service
Type: ClusterIP
IP: 10.10.10.61
Port: service-port 8080/TCP
TargetPort: 8080/TCP
Endpoints: 172.25.0.207:8080
Port: metrics-port 8081/TCP
TargetPort: 8081/TCP
Endpoints: 172.25.0.207:8081
Session Affinity: None
Events: <none>
我试图启用/禁用add Traefikannotations,看看是否有任何变化,但结果是一样的(仍然是来自Nginx的404♂️).
- 为什么相同的配置在Minikube上正确工作
- 404 http状态在这里表明了什么?(入口可访问,但找不到服务?)
- 如何从集群内部调试可达性
- 如何从集群/入口外部调试可达性
- 如果这里的设置是正确的,我还应该检查什么
我找到了解决方案。
尽管正在创建入口,但显然它实际上并没有起作用(或者得到了一些非更好指定的其他默认类)。
ingress需要一个缺失的显式注释,指定ingress类:
annotations:
kubernetes.io/ingress.class: nginx-external
在添加并重新部署之后,ingress开始正确地捕获我的请求,并将它们重定向到helper-service!
备注
如果你知道,请写一条评论:
当没有指定时,默认类是什么
如何计算集群上已经运行的入口使用的类