Kubernetes nginx 入口在集群内部工作,但在外部不可见
[英]Kubernetes nginx ingress working inside cluster but not visible outside
问题描述
I set up a trivial kubernetes yaml file (below) to test the nginx ingress.
我设置了一个简单的 kubernetes yaml 文件(如下)来测试 nginx 入口。 Nginx works as expected inside the cluster but isn't visible outside the cluster. Nginx 在集群内按预期工作,但在集群外不可见。
I'm running minikube with minikube tunnel and minikube addons enable ingress .我正在使用minikube tunnel运行minikube ,并且minikube addons enable ingress 。 When I kubectl exec into the nginx-controller I can see nginx working and serving up the test page, but when I try to hit it from outside I get Failed to connect to 127.0.0.1 port 80: Connection refused .当我kubectl exec进入nginx-controller时,我可以看到 nginx 正在工作并提供测试页面,但是当我尝试从外部点击它时,我得到Failed to connect to 127.0.0.1 port 80: Connection refused 。
Save the following yaml as stackoverflow.yaml将以下 yaml 保存为stackoverflow.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: cheese-app
labels:
app: cheese-app
spec:
replicas: 1
selector:
matchLabels:
app: cheese-app
template:
metadata:
labels:
app: cheese-app
spec:
containers:
- name: cheese-container
image: errm/cheese:stilton
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: cheese-svc
spec:
selector:
app: cheese-app
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cheese-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: cheese-svc
servicePort: 80
Then initialize minikube然后初始化minikube
minikube start
minikube addons enable ingress
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-system ingress-nginx/ingress-nginx
kubectl wait --for=condition=ready pod --all --timeout=120s
kubectl get pods
Start a minikube tunnel in another terminal window在另一个终端 window 中启动 minikube 隧道
minikube tunnel
And apply the yaml file并应用 yaml 文件
kubectl apply -f ./stackoverflow.yaml
kubectl wait --for=condition=ready pod --all --timeout=120s
kubectl get pods
kubectl get svc
For reference, my pods and svc are作为参考,我的 pod 和 svc 是
NAME READY STATUS RESTARTS AGE
cheese-app-74ddc9f7c6-xpjwx 1/1 Running 0 89m
ingress-system-ingress-nginx-controller-656bf75d85-fkzzp 1/1 Running 0 90m
cheese-svc ClusterIP 10.104.243.39 <none> 80/TCP 82m
ingress-system-ingress-nginx-controller LoadBalancer 10.106.203.73 127.0.0.1 80:30635/TCP,443:32594/TCP 83m
ingress-system-ingress-nginx-controller-admission ClusterIP 10.101.103.74 <none> 443/TCP 83m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 84m
At this point curl 127.0.0.1/ should theoretically return a sample web page, but instead it reports connection refused .此时curl 127.0.0.1/理论上应该返回一个示例 web 页面,但它报告connection refused 。
As a diagnostic step, I tried using kubectl exec to try to curl the page from the nginx server from inside the cluster.作为诊断步骤,我尝试使用kubectl exec从集群内部的 nginx 服务器尝试 curl 页面。 That works as long as I curl nginx using its own 127.0.0.1 endpoint.只要我使用自己的127.0.0.1端点 curl nginx 就可以工作。 If I curl it using its CLUSTER-IP ( 10.106.203.73 in this cluster), I get nothing.如果我 curl 它使用它的 CLUSTER-IP(在这个集群中是10.106.203.73 ),我什么也得不到。
kubectl exec --stdin --tty ingress-system-ingress-nginx-controller-656bf75d85-fkzzp -- curl 127.0.0.1/ -i
...works...
kubectl exec --stdin --tty ingress-system-ingress-nginx-controller-656bf75d85-fkzzp -- curl 10.106.203.73/ -i
...nothing...
curl 127.0.0.1/
...nothing...
I haven't modified the /etc/nginx/nginx.conf in any way, it's the default config auto generated by setting up the kubernetes ingress.我没有以任何方式修改/etc/nginx/nginx.conf ,它是通过设置 kubernetes 入口自动生成的默认配置。
3 个解决方案
解决方案1
1 2021-03-29 14:44:14
From within cluster this link should work - http://.:port in your case it will be - http://cheese-svc.default:80从集群内部,此链接应该可以工作 - http://.:port 在你的情况下它将是 - http://cheese-svc.default:80
To access it from outside, the service is accessible on nodePort 30635 http://10.106.203.73:30635要从外部访问它,可以在 nodePort 30635 http://10.106.203.73:30635上访问该服务
解决方案2
1 2021-03-29 17:31:36
As you are using minikube, get the IP of your one node minikube cluster using minikube ip .当您使用 minikube 时,请使用 minikube ip 获取单节点 minikube 集群minikube ip 。
And then curl http://<minikube_ip>:<nodePort>然后curl http://<minikube_ip>:<nodePort>
解决方案3
0 已采纳 2021-04-02 13:01:20
My solution was to conclude that minikube isn't worth the effort.我的解决方案是得出结论 minikube 不值得付出努力。 I burned a couple pennies spinning up a tiny Azure Kubernetes cluster for a couple minutes and everything just worked instantly.我花了几分钟旋转一个微小的 Azure Kubernetes 集群几分钟,一切都立即生效。
I had assumed running locally on minikube or in the Kubernetes cluster that Docker for Windows installs would be quicker and easier than running in a cloud instance, but I was wrong.我曾假设在 minikube 或 Kubernetes 集群上本地运行,安装 Windows 的 Docker 比在云实例中运行更快更容易,但我错了。 The number of small weird annoying blockers with these local test environments is just too high.这些本地测试环境中的小怪异烦人的阻止程序数量太多了。 Your mileage may vary but I'm definitely willing to pay a few cents to test my builds if it saves me literally days of unsuccessful debugging of local dev environments.您的里程可能会有所不同,但我绝对愿意支付几美分来测试我的构建,如果它可以节省我数天的本地开发环境调试不成功的时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.