我的两个域one.example.com
和two.example.com
连接超时。
我已经使用kops在AWS上设置了集群。
入口在默认命名空间中,被代理的服务也在默认命名空间中。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service-api
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
certmanager.k8s.io/cluster-issuer: "letsencrypt-example-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- one.example.in
secretName: api-example-in
rules:
- host: one.example.in
http:
paths:
- path: /customer/?(.*)
pathType: Prefix
backend:
service:
name: customer-srv
port:
number: 3000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service-monitor
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
certmanager.k8s.io/cluster-issuer: "letsencrypt-example-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- two.example.in
secretName: api-example-in
rules:
- host: two.example.in
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kube-prometheus-grafana
port:
number: 80
$ kubectl describe ingress ingress-service-monitor
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Name: ingress-service-monitor
Namespace: default
Address: dns.elb.ap-south-1.amazonaws.com
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
api-example-in terminates two.example.in
Rules:
Host Path Backends
---- ---- --------
monitor.example.in
/ kube-prometheus-grafana:80 (100.96.4.3:3000)
Annotations: certmanager.k8s.io/cluster-issuer: letsencrypt-example-prod
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: true
nginx.ingress.kubernetes.io/use-regex: true
为了安装控制器,我遵循了这个文档。我只运行了这个命令
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/aws/deploy.yaml
我在这里列出了关于入口部署的其他信息
[ec2-user@ip ~]$ kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-5wpwn 0/1 Completed 0 3h39m
pod/ingress-nginx-admission-patch-6z2wx 0/1 Completed 2 3h39m
pod/ingress-nginx-controller-7fc74cf778-64vk2 1/1 Running 0 91m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller LoadBalancer 100.68.82.233 5e06c70e0a8b9d4b.elb.ap-south-1.amazonaws.com 80:31336/TCP,443:30936/TCP 3h39m
service/ingress-nginx-controller-admission ClusterIP 100.64.118.59 <none> 443/TCP 3h39m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 91m
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-7fc74cf778 1 1 1 91m
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 10s 3h39m
job.batch/ingress-nginx-admission-patch 1/1 21s 3h39m
[ec2-user@ip ~]$
尝试检查您正在运行的API版本或您的入口是否支持
kubectl api-resources -o wide检查您的网络支持的API版本。如果它支持extensions/v1beta1
,你可以使用它,示例如下。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: secret
cert-manager.io/cluster-issuer: secret
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/websocket-services: core
nginx.org/websocket-services: core
name: service-ingress
namespace: default
spec:
rules:
- host: app.example.io
http:
paths:
- backend:
serviceName: core
servicePort: 80
tls:
- hosts:
- app.example.io
secretName: secret