Kubernetes nginx ingress定期给出404
[英]Kubernetes nginx ingress periodically gives 404
问题描述
I have deployed kops k8s in AWS, everything in the same namespace. 
我在AWS中部署了kops k8s,所有内容都在同一名称空间中。
nginx ingress controller route traffic to https backends (wordpress apps). nginx入口控制器将流量路由到https后端(wordpress应用程序)。
I'm able to reach the website, but unfortunately for every 10~ calls only 1 call get http 200. all the other 9 get 404 nginx not found. 我能够访问该网站,但不幸的是,每10个电话只有1个电话获得http 200.所有其他9个获得404 nginx未找到。 tried to search everywhere but no luck :( 试图搜索到处但没有运气:(
My configuration: DNS -> AWS NLB -> 2 Nodes 我的配置:DNS - > AWS NLB - > 2个节点
ingress.yaml ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
namespace: example-ns
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-passthrough: "True"
nginx.org/ssl-services: test-service
nginx.ingress.kubernetes.io/affinity: "cookie"
spec:
rules:
- host: "test.example.com"
http:
paths:
- path: /
backend:
serviceName: test-service
servicePort: 8443
nginx-service.yaml: nginx的-service.yaml:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: example-ns
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
nginx-daemonset.yaml: nginx的-daemonset.yaml:
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: nginx-ingress-controller
namespace: example-ns
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
serviceAccountName: nginx-ingress-serviceaccount
imagePullSecrets:
- name: private-repo
containers:
- name: nginx-ingress-controller
image: private_repo/private_image
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
- --default-ssl-certificate=$(POD_NAMESPACE)/tls-cert
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 33
resources:
limits:
cpu: 500m
memory: 300Mi
requests:
cpu: 400m
memory: 200Mi
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
wordpress.yaml: wordpress.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-example
namespace: example-ns
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
strategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
restartPolicy: Always
volumes:
- name: volume
persistentVolumeClaim:
claimName: volume-claim
imagePullSecrets:
- name: private-repo
containers:
- name: test-example-httpd
image: private_repo/private_image
imagePullPolicy: Always
ports:
- containerPort: 8443
name: https
- name: test-example-php-fpm
image: private_repo/private_image
imagePullPolicy: Always
securityContext:
runAsUser: 82
securityContext:
allowPrivilegeEscalation: false
---
apiVersion: v1
kind: Service
metadata:
name: test-service
namespace: example-ns
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
ports:
- name: https-web
targetPort: 8443
port: 8443
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---UPDATE--- --- UPDATE ---
kubectl get endpoints,services -n example-ns
NAME ENDPOINTS AGE
endpoints/ingress-nginx 100.101.0.1:8443,100.100.0.4:443,100.101.0.2:443 1d
endpoints/test-service 100.100.0.1:8443,100.101.0.1:8443,100.101.0.2:8443 4h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx LoadBalancer SOME-IP sometext.elb.us-west-3.amazonaws.com 80:31541/TCP,443:31017/TCP 1d
service/test-service ClusterIP SOME-IP <none> 8443/TCP 4h
Thanks! 谢谢!
1 个解决方案
解决方案1
1 已采纳 2019-02-24 13:10:29
Apparently changing the annotation nginx.ingress.kubernetes.io/ssl-passthrough from "True" to "False" solved it. 显然将注释nginx.ingress.kubernetes.io/ssl-passthrough从“True”改为“False”解决了它。
Probably has to do something with ssl termination in NGINX and not in the apache. 可能必须在NGINX中使用ssl终止而不是在apache中执行某些操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Ingress资源与Kubernetes上的NGINX入口控制器 - Ingress resource vs NGINX ingress controller on Kubernetes
Kubernetes nginx ingress代理传递给websocket - Kubernetes nginx ingress proxy pass to websocket
具有NGINX入口控制器和SSL终止的AWS上的Kubernetes - Kubernetes on AWS with NGINX ingress controller and SSL termination
kubernetes没有为ingress-nginx控制器创建ELB - kubernetes not creating the ELB for ingress-nginx controller
Kubernetes nginx-ingress 没有暴露服务 - Kubernetes nginx-ingress isnt exposing the services
如何在AWS和SSL终止中设置kubernetes NGINX ingress - How to set up kubernetes NGINX ingress in AWS and SSL termination
Kubernetes nginx HTTPS 在 AWS 中的基于入口路径的路由 - Kubernetes nginx ingress path-based routing of HTTPS in AWS
Kube.netes - Ingress-nginx 路由错误(无法将前端连接到后端) - Kubernetes - Ingress-nginx routing error (Cannot connect frontend to backend)
无法访问在 AWS 上运行的 Kubernetes 集群上通过 nginx 入口控制器公开的 Spring Boot 微服务 - Unable to access Spring Boot microservice exposed via nginx ingress controller on Kubernetes cluster running on AWS
HTTP 错误 408 - 设置 kubernetes 以及 AWS ELB 和 NGINX 入口后 - HTTP ERROR 408 - After setting up kubernetes , along with AWS ELB and NGINX Ingress
相关标签