Kube.netes - Ingress-nginx 路由错误(无法将前端连接到后端)
[英]Kubernetes - Ingress-nginx routing error (Cannot connect frontend to backend)
问题描述
Need some serious help here.
这里需要一些认真的帮助。 Thanks in advance.提前致谢。
I am trying to deploy a microservice based Java application.我正在尝试部署基于微服务的 Java 应用程序。 I am able to get to the frontend service(webapp) on my browser, but I am unable to connect it with the backend (auth service) and hence it shows authentication failure.我可以在我的浏览器上访问前端服务(webapp),但我无法将它与后端(auth 服务)连接,因此它显示身份验证失败。
HTML LOGIN FORM form points to "/login?referrerURL=" HTML LOGIN FORM 表单指向“/login?referrerURL=”
I checked the ingress nginx logs:我检查了入口 nginx 日志:
Service "default/auth-srv" does not have any active Endpoint.
Service "default/voice-srv" does not have any active Endpoint.
Service "default/reporting-srv" does not have any active Endpoint.
Service "default/webapp-srv" does not have any active Endpoint.
The ingress nginx config file:入口 nginx 配置文件:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
rules:
- host: <domain_name>
http:
paths:
- path: /auth/?(.*)
backend:
serviceName: auth-srv
servicePort: 8080
- path: /emotion/?(.*)
backend:
serviceName: emotion-srv
servicePort: 8080
- path: /storage/?(.*)
backend:
serviceName: storage-srv
servicePort: 8080
- path: /voice/?(.*)
backend:
serviceName: voice-srv
servicePort: 8080
- path: /backend/?(.*)
backend:
serviceName: backend-srv
servicePort: 8080
- path: /reporting/?(.*)
backend:
serviceName: reporting-srv
servicePort: 8080
## frontend
- path: /?(.*)
backend:
serviceName: webapp-srv
servicePort: 8080
How is the webapp(frontend) connecting to auth service internally?
Using the below endpoint使用以下端点
http://ingress-nginx-controller.ingress-nginx.svc.cluster.local/auth
Above endpoint obtained from: Using the pattern === http://name-of-service.namespace.svc.cluster.local以上端点来自:使用模式=== http://name-of-service.namespace.svc.cluster.local
namespaces:
$ kubectl get namespace
NAME STATUS AGE
default Active 10h
ingress-nginx Active 10h
kube-node-lease Active 10h
kube-public Active 10h
kube-system Active 10h
$ kubectl get service -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.100.99.130 <loadbalancer>.amazonaws.com 80:32794/TCP,443:30053/TCP 10h
ingress-nginx-controller-admission ClusterIP 10.100.230.126 <none> 443/TCP
Webapp (frontend) pod logs:
2020-07-28 20:57:08.139 INFO 1 --- [io-8080-exec-10] com.symtrain.controller.AdminController : Auth Controller User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36
2020-07-28 20:57:08.139 INFO 1 --- [io-8080-exec-10] com.symtrain.controller.AdminController : Auth Controller URL: http://testprod.symtrain.com/index
2020-07-28 20:57:08.139 INFO 1 --- [io-8080-exec-10] com.symtrain.controller.AdminController : Auth Controller flag:::::: Not IE
2020-07-28 20:57:08.139 INFO 1 --- [io-8080-exec-10] com.symtrain.controller.AdminController : Auth Controller URL inside normal return:
Some extra information for deployments:部署的一些额外信息:
$ kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
auth-depl 2/2 2 2 4h40m
backend-depl 2/2 2 2 4h40m
emotion-depl 2/2 2 2 4h40m
reporting-depl 2/2 2 2 4h40m
storage-depl 2/2 2 2 4h40m
voice-depl 2/2 2 2 4h40m
webapp-depl 2/2 2 2 4h40m
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
auth-srv ClusterIP 10.100.258.118 <none> 8080/TCP 4h41m
backend-srv ClusterIP 10.100.132.251 <none> 8080/TCP 4h41m
emotion-srv ClusterIP 10.100.32.154 <none> 8080/TCP 4h41m
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 10h
reporting-srv ClusterIP 10.100.64.80 <none> 8080/TCP 4h41m
storage-srv ClusterIP 10.100.36.25 <none> 8080/TCP 4h41m
voice-srv ClusterIP 10.100.212.180 <none> 8080/TCP 4h41m
webapp-srv ClusterIP 10.100.21.170 <none> 8080/TCP 4h41m
Endpoints
kubectl get endpoints
NAME ENDPOINTS AGE
auth-srv 192.168.14.60:8080,192.168.44.116:8080 4h53m
backend-srv 192.168.32.14:8080,192.168.37.180:8080 4h53m
emotion-srv 192.168.58.110:8080,192.168.6.148:8080 4h53m
kubernetes 192.168.118.66:443,192.168.82.184:443 10h
reporting-srv 192.168.31.233:8080,192.168.33.218:8080 4h53m
storage-srv 192.168.23.217:8080,192.168.38.48:8080 4h53m
voice-srv 192.168.4.211:8080,192.168.59.186:8080 4h53m
webapp-srv 192.168.31.164:8080,192.168.62.143:8080 4h53m
Auth backend Deployment and Service:
$ kubectl describe deploy auth-depl
Name: auth-depl
Namespace: default
CreationTimestamp: Tue, 28 Jul 2020 16:32:44 +0000
Labels: <none>
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=auth
Replicas: 2 desired | 2 updated | 2 total | 2 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=auth
Containers:
auth:
Image: <my_image_name>
Port: 8080/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: auth-depl-787446c4db (2/2 replicas created)
Events: <none>
#####################################
$ kubectl describe svc auth-srv
Name: auth-srv
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=auth
Type: ClusterIP
IP: 10.100.218.108
Port: auth 8080/TCP
TargetPort: 8080/TCP
Endpoints: 192.168.14.60:8080,192.178.44.136:8080
Session Affinity: None
Events: <none>
NOTE: I am altering the IPs here for security purposes .注意:出于安全目的,我在这里更改了 IP 。
3 个解决方案
解决方案1
2 2020-07-29 02:26:21
As per the error messages, it could be that the labels you are using inside of the Service may be a cause for concern.根据错误消息,可能是您在服务内部使用的标签引起了关注。 Your service will lookup pods based on their pod labels.您的服务将根据 Pod 标签查找 Pod。
- Fetch the labels of pods of your deployments, example below (app: nginx).获取部署的 pod 标签,示例如下(应用程序:nginx)。
kubectl get pods --show-labels
nginx 1/1 Running 0 16m app=nginx
- Edit you service yaml to match the labels of pods in your deployment, ensure they are pod labels.编辑您的服务 yaml 以匹配部署中的 pod 标签,确保它们是 pod 标签。
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
- test if you are able to use the Service, spin a temporary busy box pod with the same labels (app:nginx) and test using wget.测试您是否能够使用该服务,旋转一个具有相同标签 (app:nginx) 的临时忙碌盒 pod,并使用 wget 进行测试。
Kubectl run bb --image=busybox - it - - wget - o- auth-serv:8080
- If the above does not solve your problem, you may also need to ensure that the containerPort defined inside of your deployment is matching with the service port you are exposing (8080 in your case)如果以上不能解决您的问题,您可能还需要确保部署内部定义的 containerPort 与您公开的服务端口匹配(在您的情况下为 8080)
controllers/nginx-deployment.yaml控制器/nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 8080
if the above does not resolve the problem, then you might want to look at policies.如果上述方法不能解决问题,那么您可能需要查看政策。 Maybe, you could create a new ingress.network policy policy based on your pod labels to ensure that traffic hits your pods.也许,您可以根据您的 pod 标签创建一个新的 ingress.network policy 策略,以确保流量到达您的 pod。 ( https://kube.netes.io/docs/concepts/services.networking.network-policies/ ) ( https://kube.netes.io/docs/concepts/services.networking.network-policies/ )
解决方案2
0 2020-07-28 22:55:32
You are trying to hit /login?referrerURL= and this path is not defined in your ingress rules.您正在尝试访问/login?referrerURL=并且此路径未在您的入口规则中定义。
EDIT:编辑:
It's not common to use ingress service internally within the cluster.在集群内部使用入口服务并不常见。 Ingress resource is designed to manage external access to internal services. Ingress 资源旨在管理对内部服务的外部访问。
Note this is also a security concern as you are exposing the auth service (which is a backend service used by your UI layer) externally.
解决方案3
0 2022-02-15 20:54:23
A quick solution for me was to delete the service and recreate it.对我来说,一个快速的解决方案是删除该服务并重新创建它。 This is only if all your configs that others have suggested are correct仅当其他人建议的所有配置都正确时
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.