为什么 K8s ingress 在 Minikube 上工作,但在远程集群上返回 HTTP 404?
[英]Why K8s ingress works on Minikube, but returns HTTP 404 on remote cluster?
问题描述
I have a service (installed as Helm subchart of another app) that is correctly reachable on a Minikube environment, but that is not reachable when deployed on a remote Kubernetes cluster.
我有一个服务(作为另一个应用程序的 Helm 子图安装)可以在 Minikube 环境中正确访问,但在远程 Kubernetes 集群上部署时无法访问。
The Service should be reachable via an ingress.服务应该可以通过入口访问。
Ingress:入口:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-0.2.3"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
annotations:
# These annotations don't seem to make any difference
# traefik.ingress.kubernetes.io/ingress.class: traefik
# traefik.ingress.kubernetes.io/ssl-proxy-headers: X-Forwarded-Proto:https
# traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: "helper-service.example.com"
http:
paths:
- path: /
backend:
serviceName: helper-service
servicePort: service-port
Service服务
apiVersion: v1
kind: Service
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.13.1"
app.kubernetes.io/managed-by: "Helm"
spec:
selector:
app.kubernetes.io/name: "helper-service"
type: ClusterIP
ports:
- port: 8080
name: service-port
targetPort: 8080
protocol: TCP
Deployment部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
spec:
replicas: 1
revisionHistoryLimit: 3
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: "helper-service"
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/name: "helper-service"
spec:
containers:
- name: helper-service
image: "myregistry/myimage:myversion"
env:
- name: HELPER-SERVICE_BIND
value: ":8080"
ports:
- containerPort: 8080
Sending requests to helper-service.example.com always return a 404 not found error from Nginx .向helper-service.example.com发送请求总是从Nginx返回404 not found错误。 Given the response, seems like Nginx is reachable but isn't able to provide access to the service specified in the Ingress.鉴于响应,似乎 Nginx 是可访问的,但无法提供对 Ingress 中指定服务的访问。
However, the parent-chart Helm app, on the same cluster/namespace, is reachable via Ingress on a NodePort service and has no problems in being accessed.但是,在同一集群/命名空间上的父图表 Helm 应用程序可以通过 NodePort 服务上的 Ingress 访问,并且在访问时没有问题。
Both services are running correctly:两项服务均正常运行:
$ k get all
NAME READY STATUS RESTARTS AGE
pod/myapp-645cd66d9-g84vm 2/2 Running 0 51m
pod/myapp-helper-service-fbc6bb4d8-zklf2 1/1 Running 0 4d19h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/myapp NodePort 10.10.10.11 <none> 8080:31033/TCP 110d
service/myapp-helper-service ClusterIP 10.10.10.61 <none> 8080/TCP 110d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/myapp 1/1 1 1 110d
deployment.apps/myapp-helper-service 1/1 1 1 110d
and the ingresses looks to be there correctly:并且入口看起来正确:
$ k get ingresses
NAME HOSTS ADDRESS PORTS AGE
myapp myapp.example.com 37.44.1.172 80, 443 116d
myapp-helper-service myapp-helper-service.example.com 80 116d
with the ingress details being:入口详细信息为:
$ k describe ingress/myapp-helper-service
Name: myapp-helper-service
Namespace: my-namespace
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" is forbidden: User cannot get resource "endpoints" in API group "" in the namespace "kube-system">)
Rules:
Host Path Backends
---- ---- --------
myapp-helper-service.example.com
/ myapp-helper-service:service-port (172.25.0.207:8080)
Events: <none>
and the deployed service being:部署的服务是:
$ k describe service/myapp-helper-service
Name: myapp-helper-service
Namespace: mynamespace
Labels: app.kubernetes.io/instance=myapp
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=helper-service
app.kubernetes.io/version=2.1
helm.sh/chart=helper-service-0.2.3
Annotations: meta.helm.sh/release-name: myapp
meta.helm.sh/release-namespace: mynamespace
Selector: app.kubernetes.io/instance=myapp,app.kubernetes.io/name=helper-service
Type: ClusterIP
IP: 10.10.10.61
Port: service-port 8080/TCP
TargetPort: 8080/TCP
Endpoints: 172.25.0.207:8080
Port: metrics-port 8081/TCP
TargetPort: 8081/TCP
Endpoints: 172.25.0.207:8081
Session Affinity: None
Events: <none>
I tried to enable/disable the add Traefik annotations to see if anything changed, but the result is the same (still 404 from Nginx ♂️).我尝试启用/禁用添加 Traefik annotations以查看是否有任何更改,但结果是相同的(仍然是来自 Nginx 的 404 ♂️)。
- Why the same configuration works correctly on Minikube?为什么相同的配置在 Minikube 上可以正常工作?
- What does the 404 http status suggest here? 404 http 状态在这里暗示了什么? (ingress reachable but service not found?) (入口可达但未找到服务?)
- How do I debug the reachability from inside the cluster?如何从集群内部调试可达性?
- How do I debug the reachability from outside the cluster/ingress?如何从集群/入口外部调试可达性?
- If the setup is correct here, what else should I check?如果此处设置正确,我还应该检查什么?
1 个解决方案
解决方案1
1 2021-03-17 07:11:57
I figured the solution out.我想出了解决方案。
Even though the ingress was getting created, apparently it didn't actually work (or was getting some non-better-specified other default class).即使创建了入口,但显然它实际上并没有工作(或者正在获得一些非更好指定的其他默认类)。
The ingress needed a missing explicit annotation , specifying the ingress class :入口需要缺少显式注释,指定入口class :
annotations:
kubernetes.io/ingress.class: nginx-external
After adding that and redeploying, the ingress started to correctly catch my requests and redirect them to the helper-service !添加并重新部署后,入口开始正确捕获我的请求并将它们重定向到helper-service !
Note笔记
please, write a comment if you know:如果您知道,请写下评论:
what is the default class when none is specified
什么是默认 class 时没有指定how to figure out what class is used by an ingress already running on a cluster
如何确定已经在集群上运行的入口使用了什么 class
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.