[英]Kubernetes ingress-nginx gives 502 error (Bad Gateway)
I have an EKS cluster for which I want : - 1 Load Balancer per cluster, - Ingress rules to direct to the right namespace and the right service. 我有一个我想要的EKS集群:-每个集群1个负载均衡器,-导入规则以定向到正确的名称空间和正确的服务。
I have been following this guide : https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes 我一直在遵循本指南: https : //www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes
My deployments: 我的部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world
image: IMAGENAME
ports:
- containerPort: 8000
name: hello-world
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bleble
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: bleble
template:
metadata:
labels:
app: bleble
spec:
containers:
- name: bleble
image: IMAGENAME
ports:
- containerPort: 8000
name: bleble
the service of those deployments: 这些部署的服务:
apiVersion: v1
kind: Service
metadata:
name: hello-world-svc
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8000
selector:
app: hello-world
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
name: bleble-svc
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8000
selector:
app: bleble
type: NodePort
My Load balancer: 我的负载均衡器:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
My ingress: 我的入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: simple-fanout-example
namespace : default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: internal-lb.aws.com
http:
paths:
- path: /bleble
backend:
serviceName: bleble-svc
servicePort: 80
- path: /hello-world
backend:
serviceName: hello-world-svc
servicePort: 80
I've set up the Nginx Ingress Controller with this : kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.24.1/deploy/mandatory.yaml 我已经使用以下命令设置了Nginx Ingress Controller:kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.24.1/deploy/mandatory.yaml
I am unsure why I get a 503 Service Temporarily Unavailable for one service and one 502 for another... I would guess it's a problem of ports or of namespace? 我不确定为什么对于某项服务我暂时无法获得503服务而对于另一项服务却无法获得502服务...我想这是端口或名称空间的问题? In the guide, they don't define namespace for the deployment...
在指南中,他们没有为部署定义名称空间...
Every resources create correctly, and I think the ingress is actually working but is getting confused where to go. 每种资源都可以正确创建,我认为入口实际上是有效的,但是到哪里去却感到困惑。
Thanks for your help! 谢谢你的帮助!
In general, use externalTrafficPolicy: Cluster
instead of Local
. 通常,使用
externalTrafficPolicy: Cluster
而不是Local
。 You can gain some performance (latency) improvement by using Local
but you need to configure those pod allocations with a lot efforts. 通过使用
Local
可以提高性能(延迟),但是您需要付出很多努力来配置这些pod分配。 You will hit 5xx errors with those misconfigurations. 这些配置错误将导致5xx错误。 In addition,
Cluster
is the default option for externalTrafficPolicy
. 另外,
Cluster
是externalTrafficPolicy
的默认选项。
In your ingress
, you route /bleble
to service bleble
, but your service name is actually bleble-svc
. 在
ingress
,您将/bleble
路由到service bleble
,但是您的服务名称实际上是bleble-svc
。 please make them consistent. 请使它们一致。 Also, you would need to set your
servicePort
to 8080 as you exposed 8080 in your service configuration. 另外,当您在服务配置中公开8080时,需要将
servicePort
设置为8080。
For internal service like bleble-svc
, Cluster IP
is good enough in your case as it does not need external access. 对于诸如
bleble-svc
类的内部服务,由于您不需要外部访问,因此Cluster IP
足以满足您的需要。
Hope this helps. 希望这可以帮助。
Found it! 找到了! The containerPort in the Deployment were set to 8000, the targetport of the services as well, but the person who did the Dockerfile of the code exposed the port 80. Which was the reason it was getting the 502 Bad getaway!
部署中的containerPort设置为8000,也是服务的目标端口,但是执行代码Dockerfile的人暴露了端口80。这就是它获得502 Bad getaway的原因!
Thanks a lot as well to @Fei who has been a fantastic helper! 也非常感谢@Fei,他一直是一个了不起的助手!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.