如何通过kubernetes上的traefik入口控制器使cockroachdb的管理ui公开可用?
[英]How do I make my admin ui of cockroachdb publicly available via traefik ingress controller on kubernetes?
问题描述
Kubernetes dedicated cockroachdb node - accessing admin ui via traefik ingress controller fails - page isn't redirecting properly 
Kubernetes专用cockroachdb节点-通过traefik入口控制器访问管理ui失败-页面未正确重定向
I have a dedicated kubernetes node running cockroachdb. 我有一个运行cockroachdb的专用kubernetes节点。 The pods get scheduled and everything is setup. 豆荚已安排好,一切就绪。 I want to access the admin UI from a subdomain like so: cockroachdb.hostname.com. 我想从子域访问管理UI,例如:cockroachdb.hostname.com。 I have done this with traefik dashboard and ceph dashboard so I know my ingress setup is working. 我已经使用traefik仪表板和ceph仪表板完成了此操作,所以我知道我的入口设置正在工作。 I even have cert-manager running to have https enabled. 我什至运行cert-manager来启用https。 I get the error from the browser that the page is not redirecting properly. 我从浏览器中收到错误消息,该页面未正确重定向。
Do I have to specify the host name somewhere special? 我必须在特殊的地方指定主机名吗?
I have tried adding this with no success: --http-host cockroachdb.hostname.com 我尝试添加此操作没有成功:--http-host cockroachdb.hostname.com
This dedicated node has its own public ip which is not mapped to hostname.com. 该专用节点具有其自己的公共IP,该公共IP未映射到hostname.com。 I think I need to change a setting in cockroachdb, but I don't know which because I am new to it. 我想我需要更改cockroachdb中的设置,但是我不知道哪个,因为我是新手。
Does anyone know how to publish admin UI via an ingress? 有谁知道如何通过入口发布管理界面?
EDIT01: Added ingress and service config files EDIT01:添加了入口和服务配置文件
Ingress: 入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cockroachdb-public
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.rule.type: PathPrefixStrip
certmanager.k8s.io/issuer: "letsencrypt-prod"
certmanager.k8s.io/acme-challenge-type: http01
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/ssl-temporary-redirect: "true"
ingress.kubernetes.io/ssl-host: "cockroachdb.hostname.com"
traefik.frontend.rule: "Host:cockroachdb.hostname.com,www.cockroachdb.hostname.com"
traefik.frontend.redirect.regex: "^https://www.cockroachdb.hostname.com(.*)"
traefik.frontend.redirect.replacement: "https://cockroachdb.hostname.com/$1"
spec:
rules:
- host: cockroachdb.hostname.com
http:
paths:
- path: /
backend:
serviceName: cockroachdb-public
servicePort: http
- host: www.cockroachdb.hostname.com
http:
paths:
- path: /
backend:
serviceName: cockroachdb-public
servicePort: http
tls:
- hosts:
- cockroachdb.hostname.com
- www.cockroachdb.hostname.com
secretName: cockroachdb-secret
Serice: 贡献莫过于:
apiVersion: v1
kind: Service
metadata:
# This service is meant to be used by clients of the database. It exposes a ClusterIP that will
# automatically load balance connections to the different database pods.
name: cockroachdb-public
labels:
app: cockroachdb
spec:
ports:
# The main port, served by gRPC, serves Postgres-flavor SQL, internode
# traffic and the cli.
- port: 26257
targetPort: 26257
name: grpc
# The secondary port serves the UI as well as health and debug endpoints.
- port: 8080
targetPort: 8080
name: http
selector:
app: cockroachdb
EDIT02: EDIT02:
I can access the Admin UI page now but only by going over the external ip address of the server with port 8080. I think I need to tell my server that its ip address is mapped to the correct sub domain? 我现在可以访问Admin UI页面,但是只能通过使用端口8080的服务器的外部IP地址进行访问。我想我需要告诉服务器其IP地址已映射到正确的子域?
EDIT03: EDIT03:
On both scheduled traefik-ingress pods the following logs are created: time="2019-04-29T04:31:42Z" level=error msg="Service not found for default/cockroachdb-public" 在两个预定的traefik-inress吊舱上,创建以下日志: time="2019-04-29T04:31:42Z" level=error msg="Service not found for default/cockroachdb-public"
1 个解决方案
解决方案1
1 2019-04-30 15:22:11
Your referencing looks good on the ingress side. 您的引用在入口端看起来不错。 You are using quite a few redirects, unless you really know what each one is accomplishing, don't use them, you might end up in an infinite loop of redirects. 您正在使用很多重定向,除非您真的知道每个人都在完成什么,否则不要使用它们,否则可能会陷入无限循环的重定向中。
You can take a look at the following logs and methods to debug: 您可以查看以下日志和调试方法:
Run kubectl logs <traefik pod> and see the last batch of logs. 运行kubectl logs <traefik pod>并查看最后一批日志。
Run kubectl get service , and from what I hear, this is likely your main issue. 运行kubectl get service ,据我kubectl get service ,这可能是您的主要问题。 Make sure your service exists in the default namespace. 确保您的服务存在于默认名称空间中。
Run kubectl port-forward svc/cockroachdb-public 8080:8080 and try connecting to it through localhost:8080 and see terminal for potential error messages. 运行kubectl port-forward svc/cockroachdb-public 8080:8080并尝试通过localhost:8080连接到它,并在终端查看潜在的错误消息。
Run kubectl describe ingress cockroachdb-public and look at the events, this should give you something to work with. 运行kubectl describe ingress cockroachdb-public并查看事件,这应该为您提供一些帮助。
Try accessing the service from another pod you have running ping cockroachdb-public.default.svc.cluster.local and see if it resolves the IP address. 尝试从运行ping cockroachdb-public.default.svc.cluster.local另一个Pod中访问该服务,并查看它是否解析IP地址。
Take a look at your clusterrolebindings and serviceaccount, it might be limited and not have permission to list services in the default namespace: kubectl create clusterrolebinding default-admin --clusterrole cluster-admin --serviceaccount=default:default 查看您的clusterrolebindings和serviceaccount,它可能受到限制并且没有权限在默认名称空间中列出服务: kubectl create clusterrolebinding default-admin --clusterrole cluster-admin --serviceaccount=default:default
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.