[英]Error when access to Nextcloud in Kubernetes
My goal is:我的目标是:
I tried to deploy a pod with Nextcloud and a service to access it but actually I can't access it.我尝试使用 Nextcloud 部署一个 pod 和一个服务来访问它,但实际上我无法访问它。 I have an error:我有一个错误:
message ERR_SSL_PROTOCOL_ERROR.消息 ERR_SSL_PROTOCOL_ERROR。
I just followed a tutorial at the beginning but I didn't want to use nginx like it was explained because I have it on another machine.我刚开始时只是按照教程进行操作,但我不想像解释的那样使用 nginx,因为我在另一台机器上拥有它。
When I look at pods (nextcloud + db) and services they look ok but I have no response when I try to access nextcloud.当我查看 pod (nextcloud + db) 和服务时,它们看起来还不错,但是当我尝试访问 nextcloud 时没有响应。
(nc = nextcloud) (nc = nextcloud)
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nc
name: nc
spec:
replicas: 1
selector:
matchLabels:
app: nc
strategy:
type: Recreate
template:
metadata:
labels:
app: nc
spec:
containers:
- env:
- name: DEBUG
value: "false"
- name: NEXTCLOUD_URL
value: http://test.fr
- name: NEXTCLOUD_ADMIN_USER
value: admin
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: NEXTCLOUD_ADMIN_PASSWORD
- name: NEXTCLOUD_UPLOAD_MAX_FILESIZE
value: 4G
- name: NEXTCLOUD_MAX_FILE_UPLOADS
value: "20"
- name: MYSQL_DATABASE
value: nextcloud
- name: MYSQL_HOST
value: mariadb
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb
key: MYSQL_ROOT_PASSWORD
- name: MYSQL_USER
value: nextcloud
name: nc
image: nextcloud
ports:
- containerPort: 80
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/www/html
name: vnextcloud
subPath: html
- mountPath: /var/www/html/custom_apps
name: vnextcloud
subPath: apps
- mountPath: /var/www/html/config
name: vnextcloud
subPath: config
- mountPath: /var/www/html/data
name: vimages
subPath: imgnc
- mountPath: /var/www/html/themes
name: vnextcloud
subPath: themes
restartPolicy: Always
volumes:
- name: vnextcloud
persistentVolumeClaim:
claimName: nfs-pvcnextcloud
- name: vimages
persistentVolumeClaim:
claimName: nfs-pvcimages
For creating the service I use this command line:为了创建服务,我使用这个命令行:
kubectl expose deployment nc --type=NodePort --name=svc-nc --port 80
And to access my nextcloud I tried the address @IP_MASTER:32500为了访问我的 nextcloud,我尝试了地址 @IP_MASTER:32500
My questions are:我的问题是:
1. Please consider using stable nextcloud helm chart 1.请考虑使用稳定的nextcloud helm chart
2. This tutorial is a little outdated and can be found also here 2.这个教程有点过时了,也可以在这里找到
In kubernetes 1.16 release you should change in all your deployments apiVersion to apiVersion: apps/v1
please take a look at Deprecations and Removals .在 kubernetes 1.16 版本中,您应该将所有部署中的 apiVersion 更改为apiVersion: apps/v1
请查看Deprecations and Removals 。 In addition you should get an error ValidationError(Deployment.spec): missing required field "selector"
so please add selectors in your deployment under Deployment.spec
like:此外,您应该收到错误ValidationError(Deployment.spec): missing required field "selector"
所以请在 Deployment.spec 下的Deployment.spec
中添加选择器,例如:
selector:
matchLabels:
app: db
3. Finally Create self-signed certificates. 3.最后创建自签名证书。 this repo is using OMGWTFSSL - Self Signed SSL Certificate Generator .这个 repo 使用OMGWTFSSL - Self Signed SSL Certificate Generator 。 Once you provide necessary information like server name, path to your local hostpath
and names for your SSL certificates it will be automatically created after one pod-run under specified hostpath
:一旦您提供了必要的信息,例如服务器名称、本地主机路径的路径和hostpath
证书的名称,它将在指定hostpath
下运行一次 pod 后自动创建:
volumes:
- name: certs
hostPath:
path: "/home/<someFolderLocation>/certs-pv"
nginx.conf
这些信息应在 nginx.conf 的nginx.conf
反向代理部分中重复使用4. In your nc-svc.yaml you can change the service type to the type: NodePort 4.在您的 nc-svc.yaml 中,您可以将服务类型更改为:NodePort
5. How to verify if your sercie is working properly: 5.如何验证您的服务是否正常工作:
kubectl get pods,svc,ep -o wide
Pods:
pod/nc-6d8694659d-5przx 1/1 Running 0 15m 10.244.0.6
Svc:
service/svc-nc NodePort 10.102.90.88 <none> 80:32500/TCP
Endpoints:
endpoints/svc-nc 10.244.0.6:80
You can test your service from inside the cluster running separate pod (fe ubuntu)您可以从运行单独 pod (fe ubuntu) 的集群内部测试您的服务
curl your_svc_name
you can verify if service discovery is working properly:您可以验证服务发现是否正常工作:
cat /etc/resolv.conf
nslokup svc_your_svc_name (your_svc_name.default.svc.cluster.local)
From outside the cluster using NodePort:从集群外部使用 NodePort:
curl NODE_IP:NODE_PORT ( if not please verify your firewall rules)
Once you provided hostname for your nextcloud service you should use
curl -vH 'Host:specified_hostname' http://external_ip/ (using http or https according to your configuration)
In addition you can exec directly into your db pod此外,您可以直接执行到您的数据库 pod
kuebctl exec -it db_pod -- /bin/bash and run
mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD
mysqlshow -uroot -p$MYSQL_ROOT_PASSWORD --status nextcloud
6. What should I do to have access to my nextcloud? 6.我应该怎么做才能访问我的 nextcloud? I didn't do the tuto part "Create self-signed certificates" because I don't know how to manage.我没有做教程部分“创建自签名证书”,因为我不知道如何管理。
7. As described under point 3. 7.如第 3 点所述。
8. This part is not clear to me: from another machine with nginx route a CNAME to the service
8.这部分我不清楚: from another machine with nginx route a CNAME to the service
Please refer to: An ExternalName Service is a special case of Service that does not have selectors and uses DNS names instead.请参考: 外部名称服务是服务的一种特殊情况,它没有选择器,而是使用 DNS 名称。
Additional resources:其他资源:
Hope this help.希望这有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.