我正在尝试kubernetes,我已经在默认命名空间中部署了我的Nginx,我正在尝试创建一个虚拟服务器来路由仪表板。
nginx:默认命名空间dashboard:kubernetes dashboard命名空间
但是,当我尝试创建虚拟服务器时,它会警告我virtualserverroute不存在或无效?据我所知,如果我想路由到不同的命名空间,我可以通过将命名空间放在服务前面来实现。
nginx-ingress-dashboard.yaml
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: kubernetes-dashboard
spec:
host: k8.test.com
tls:
secret: nginx-tls-secret
# basedOn: scheme
redirect:
enable: true
code: 301
upstreams:
- name: kubernetes-dashboard
service: kubernetes-dashboard
port: 8443
routes:
- path: /
route: kubernetes-dashboard/kubernetes-dashboard
kubernetes仪表板
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
有没有迹象表明我做错了什么?提前谢谢。
192.168.254.9 - - [27/Apr/2021:07:14:43 +0000] "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0" 400 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36" "-"2021/04/27 07:14:43 [error] 137#137: *106 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.254.9, server: k8.test.com, request: "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0", upstream: "http://192.168.253.130:8443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/", host: "k8.test.com"
192.168.254.9 - - [27/Apr/2021:07:14:43 +0000] "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0" 400 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36" "-" 2021/04/27 07:14:43 [error] 137#137: *106 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.254.9, server: k8.test.com, request: "GET /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ HTTP/2.0", upstream: "http://192.168.253.130:8443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/", host: "k8.test.com"
secret.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
您不需要定义路由,而是需要使用action.pass,因为您希望将请求直接重定向到服务。
此外,我对VirtualServer资源没有太多经验,但Ingress资源通常应该位于要服务的服务的同一命名空间上。入口控制器会拾取它们,即使它们位于不同的命名空间中。(这意味着tls机密需要在该名称空间tho中(
因此,我会将action.pass和VirtualServer放在您想要服务的资源的同一命名空间中,如下所示:
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
host: k8.test.com
tls:
secret: nginx-tls-secret
# basedOn: scheme
redirect:
enable: true
code: 301
upstreams:
- name: kubernetes-dashboard
service: kubernetes-dashboard
port: 443
routes:
- path: /
action:
pass: kubernetes-dashboard
如果使用路由,则需要使用该名称定义VirtualServerRoute,如文档中所述(https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute-规格(