堆栈内存溢出
  简体   繁体   English

带有 nginx 入口控制器和代理的 GKE 中的 dotnet 应用程序

[英]dotnet application in GKE with nginx ingress controller and proxy

 原文  2020-10-03 16:15:04       .net/ docker/ nginx/ kubernetes/ google-cloud-platform

问题描述

I have a dotnet application running on Kestrel and hosting it in a Linux container on GKE.我有一个 dotnet 应用程序在 Kestrel 上运行,并将它托管在 GKE 上的 Linux 容器中。 Alongside the container, I am running a sidecar nginx container to proxy to it.在容器旁边,我正在运行一个 sidecar nginx 容器来代理它。 I've read that Kestrel isn't as feature rich thus including the nginx sidecar.我读过 Kestrel 的功能并不丰富,因此包括 nginx sidecar。

The issue I am having is I either keep getting a 502 or 404 not found.我遇到的问题是我一直找不到 502 或 404。 Running local curl requests following redirects does work though.不过,在重定向后运行本地 curl 请求确实有效。

This returns a proper response from my nginx -> Kestrel这将从我的 nginx -> Kestrel 返回正确的响应

curl -vL "http://127.0.0.1"

Hitting it externally through the public lb,通过公共磅从外部击中它,

response 404 (backend NotFound), service rules for [ /index.html ] non-existent
``

This is my nginx.conf

worker_processes 1;

events { worker_connections 1024; }

http {

    sendfile on;

    upstream web-api {
        server 127.0.0.1:5000;
    }

    server {
        listen 80;
        server_name $hostname;

        location /nginx-health {
             return 200 "healthy\n";
        }

        location / {
            proxy_pass         http://web-api;
            proxy_redirect     off;
            proxy_http_version 1.1;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
    }
}

My Ingress我的入口

Name:             app
Namespace:        app
Address:          34.120.149.155
Default backend:  default-http-backend:80 (<none>)
TLS:
  app-tls terminates external_url
Rules:
  Host                                   Path  Backends
  ----                                   ----  --------
  <external_url>
                                         /   app:80 (10.108.21.149:80)
Annotations:
  certmanager.k8s.io/cluster-issuer:            letsencrypt
  ingress.kubernetes.io/forwarding-rule:        k8s2-fr-6bwo4q66-app-2jv0uft5
  ingress.kubernetes.io/https-forwarding-rule:  k8s2-fs-6bwo4q66-app-2jv0uft5
  ingress.kubernetes.io/https-target-proxy:     k8s2-ts-6bwo4q66-app-2jv0uft5
  ingress.kubernetes.io/target-proxy:           k8s2-tp-6bwo4q66-app-2jv0uft5
  ingress.kubernetes.io/url-map:                k8s2-um-6bwo4q66-app-2jv0uft5
  meta.helm.sh/release-name:                    app
  ingress.kubernetes.io/backends:               {"k8s-be-30587--b22f31f8e3f41440":"HEALTHY","k8s-be-31967--b22f31f8e3f41440":"HEALTHY"}
  ingress.kubernetes.io/ssl-cert:               k8s2-cr-6bwo4q66-rn3hwilrxhwvg79m-506e1c732112861c
  ingress.kubernetes.io/static-ip:              k8s2-fr-6bwo4q66-labs-createstudio-createdataservice-2jv0uft5
  meta.helm.sh/release-namespace:               app

My service我的服务

Name:                     app
Namespace:                app
Labels:                   app.kubernetes.io/instance=app
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=app
                          app.kubernetes.io/version=0.1.0
                          helm.sh/chart=app-0.1.0
Annotations:              beta.cloud.google.com/backend-config: {"ports": {"80":"app-config"}}
                          meta.helm.sh/release-name: app
                          meta.helm.sh/release-namespace: app
Selector:                 app.kubernetes.io/instance=app,app.kubernetes.io/name=app
Type:                     NodePort
IP:                       10.181.45.135
Port:                     http  80/TCP
TargetPort:               80/TCP
NodePort:                 http  30587/TCP
Endpoints:                10.108.21.149:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

I updated all the names/namespaces/urls to something more generic so I do not expose too much information on my app.我将所有名称/命名空间/url 更新为更通用的内容,因此我不会在我的应用程序中公开太多信息。

I have a feeling its due to the ingress path on the host being just / .我有一种感觉,因为主机上的入口路径只是/

I have also noticed that when hitting nginx externally, I get a 301 redirect which proxies to the Kestrel server.我还注意到,当从外部访问 nginx 时,我得到了一个 301 重定向,它代理到 Kestrel 服务器。 After that Kestrel returns the 301 to nginx and I feel like this is where the loop is.在那之后,Kestrel 将 301 返回给 nginx,我觉得这就是循环所在。 Ie, when Kestrel returns the response, it goes out through the external URL again and sends the request back to nginx from the outside.即,当 Kestrel 返回响应时,它再次通过外部 URL 出去,并将请求从外部发送回 nginx。 Hope that makes sense.希望这是有道理的。

Hope anyone could shed some light on this.希望任何人都可以对此有所了解。 Cheers!干杯!

1 个解决方案

解决方案1
 1 已采纳  2020-10-03 20:38:54

由于 GKE 入口控制器可以充当您的反向代理(例如,提供 SSL 终止),因此无需添加 nginx sidecar,您可以将请求直接路由到容器应用程序。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 nginx 入口控制器记录 499 - nginx Ingress controller logs 499 如何在 Kubernetes 上使用 GKE 入口 controller 保留客户端 IP 地址? - How to preserve Client IP Address with GKE Ingress controller on Kubernetes? AKS k8s dotnet gRPC api 开始 nginx-ingress - AKS k8s dotnet gRPC api begind nginx-ingress dotnet 在代理 407 后面发布 - dotnet publish behind proxy 407 Dotnet Core Nuget 设置代理 - Dotnet Core Nuget set proxy GDI处理DotNET应用程序 - GDI handles in a DotNET application 部署DotNet应用程序 - Deploy DotNet application 部署dotnet核心应用程序 - Deploy dotnet core application Dotnet 无法识别带有 Angular 前端的 controller - Dotnet not recognizing controller with Angular frontend 显示来自控制器的图像<dotnet> - Displaying an Image from controller <dotnet>
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM