[英]Exposing a service on EKS using NGINX ingress and issues with load balancer
I am trying to set up a service and expose it externally on EKS.我正在尝试设置一项服务并在 EKS 上对外公开它。 I have already done it on GKE pretty easily but now AWS is giving me a hard time.我已经在 GKE 上轻松完成了,但现在 AWS 给我带来了困难。
My NGINX yaml looks something like that:我的 NGINX yaml 看起来像这样:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- app.mydomain.com
secretName: myapp-tls
rules:
- host: app.mydomain.com
http:
paths:
- path: /
backend:
serviceName: myapp-service
servicePort: 80
And then I have my domain app.mydomain.com
on Google Domains pointing at the ingress external address.然后我在 Google Domains app.mydomain.com
我的域app.mydomain.com
指向入口外部地址。 There is also a cert-manager service running in order to support HTTPS.还有一个 cert-manager 服务正在运行以支持 HTTPS。
However, while basically the same setup worked completely out of the box on GKE, EKS gives me a hard time.然而,虽然基本上相同的设置在 GKE 上完全开箱即用,但 EKS 给我带来了困难。
From what I understand it has something to do with EKS default LoadBalancer being layer 4 in comparison to Google's layer 7 (Which explains HTTPS not working) but there is also issues with redirections of the domain as it just resolves as the ingress address instead of my desired address and thus my app doesn't show up.据我所知,与 Google 的第 7 层相比,它与 EKS 默认的 LoadBalancer 是第 4 层有关(这解释了 HTTPS 不起作用),但域的重定向也存在问题,因为它只是解析为入口地址而不是我的所需的地址,因此我的应用程序没有出现。
The domain is registered over Google Domains and I'm creating Synthetic Records (for my subdomain) that points to my ingress external address on EKS.该域是通过 Google Domains 注册的,我正在创建指向我在 EKS 上的入口外部地址的合成记录(用于我的子域)。 The same scheme works perfectly fine on GKE but here it resolves the address as the ingress address instead of my domain which results in 404 on the ingress side.相同的方案在 GKE 上工作得非常好,但在这里它将地址解析为入口地址而不是我的域,这导致入口端出现 404。
I was wondering if someone could please point me to how to properly set it up?我想知道是否有人可以指点我如何正确设置它? Should I give up on nginx ingress on EKS and move onto ALB?我是否应该放弃 EKS 上的 nginx 入口并转向 ALB? and how to properly associate the domain?以及如何正确关联域?
Thank you very much in advance!非常感谢您提前!
output of kubectl describe ingress myapp-ingress
: kubectl describe ingress myapp-ingress
输出kubectl describe ingress myapp-ingress
:
Name: myapp-ingress
Namespace: default
Address: ********************************-****************.elb.eu-west-1.amazonaws.com
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
myapp-tls terminates app.mydomain.com
Rules:
Host Path Backends
---- ---- --------
app.mydomain.com
/ myapp-service:80 (172.31.2.238:8000)
Annotations: cert-manager.io/cluster-issuer: myapp-letsencrypt-prod
kubernetes.io/ingress.class: nginx
Events: <none>
Should I give up on nginx ingress on EKS and move onto ALB我是否应该放弃 EKS 上的 nginx 入口并转向 ALB
No. NGinX ingress controllers work perfectly well on EKS.不会。NGinX 入口控制器在 EKS 上运行良好。 It is possible to configure them as either layer 4 or layer 7;可以将它们配置为第 4 层或第 7 层; we use it in layer 7 mode.我们在第 7 层模式下使用它。
Can you update your question with the output of你能用输出更新你的问题吗
kubectl get ingress myapp-ingress
I think your ingress path is also incorrect.我认为您的入口路径也不正确。 Unless I'm mistaken that's just routing the root of your app, not all uris.除非我弄错了,那只是路由应用程序的根目录,而不是所有 uri。 We use the scheme我们使用方案
spec:
rules:
- host: service.d.tld
http:
paths:
- path: /?(.*) # <---
backend:
serviceName: my-service
servicePort: http
Are you seeing errors in the nginx ingress controller's logs?您是否在 nginx 入口控制器的日志中看到错误? That + kubectl events
are both useful for debugging purposes. That + kubectl events
都可用于调试目的。
I'd disable TLS everywhere and get your service working on http, then work stepwise on getting TLS enabled on the ingress controller.我会在任何地方禁用 TLS 并让您的服务在 http 上运行,然后逐步在入口控制器上启用 TLS。
Edit: Based on your response above,编辑:根据您上面的回复,
curl -H "Host: app.mydomain.com" http://<elb-address>:80
SHOULD call through to your service behind the ingress.应该在入口后面调用您的服务。
How is app.mydomain.com defined? app.mydomain.com 是如何定义的? Is it a CNAME to the dns entry?它是 dns 条目的 CNAME 吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.