AKS Ingress-Nginx ingress controller 主机路由失败
[英]AKS Ingress-Nginx ingress controller failing to route by host
问题描述
I am configuring an ingress-nginx load balancer on Azure Kube.netes service.
我正在 Azure Kube.netes 服务上配置 ingress-nginx 负载均衡器。 I have installed the load balancer using Helm, and set up ingress.我已经使用 Helm 安装了负载均衡器,并设置了入口。 Here is the behavior I'm encountering:这是我遇到的行为:
- When I include a host in my pathing rules in my ingress config, I cannot access service at that host URL. The request times out当我在入口配置的路径规则中包含主机时,我无法访问该主机 URL 上的服务。请求超时
- When I don't include a host in my pathing rules, I can access the service at that host URL with no issues当我的路径规则中没有包含主机时,我可以毫无问题地访问该主机 URL 上的服务
- Regardless of whether or not the host is included in the pathing rules, I can successfully access the service at the host URL when I CURL it from any pod in the cluster.无论主机是否包含在路径规则中,当我从集群中的任何 pod CURL 时,我都可以成功访问主机 URL 上的服务。
- Nslookup successfully resolves the host on my machine nslookup 成功解析我机器上的主机
I'm trying to figure out why I'm unable to reach my service when host is included in my ingress configuration.我试图弄清楚为什么当主机包含在我的入口配置中时我无法访问我的服务。 Any ideas?有任何想法吗? Technical details are below.技术细节如下。
Note that the configuration is only pointing to one service currently, but filtering by host will eventually be necessary - I'm planning to have multiple services with different domains running through this load balancer.请注意,该配置当前仅指向一项服务,但最终将需要按主机进行过滤——我计划让多个服务在不同的域中运行通过此负载均衡器。
Ingress controller configuration:入口 controller 配置:
helm install --replace ingress-nginx ingress-nginx/ingress-nginx \
--create-namespace \
--namespace $NAMESPACE \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=127.0.0.1 \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNS_LABEL \
--set controller.service.loadBalancerIP=$IP \
The ingress configuration:入口配置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
tls:
- hosts:
- my.host.com
secretName: tls-secret
rules:
- host: my.host.com //Removing this item makes the service reachable
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xrcfrontend
port:
number: 80
This is the curl command I'm running.这是我正在运行的 curl 命令。 It returns the correct results when run inside the pod, and times out when run outside.它在 Pod 内运行时返回正确结果,在 Pod 外运行时超时。
curl https://my.host.com --insecure
1 个解决方案
解决方案1
1 已采纳 2023-01-26 18:37:07
If you are using AKS v>=1.24, then try adding below annotation with path /healthz instead of 127.0.0.1 during nginx ingress controller installation or in nginx ingress controller service and use host based routing with nginx ingress routes -如果您使用的是 AKS v>=1.24,则尝试在 nginx ingress controller 安装期间或在 nginx ingress controller 服务中使用路径/healthz而不是127.0.0.1添加以下注释,并使用基于主机的路由和 8827593108 路由 -518
service.beta.kube.netes.io/azure-load-balancer-health-probe-request-path"= /healthz
If the above helps then Why was it not working with host earlier?如果以上内容有帮助,那么为什么之前不与主机合作?
- because backend pool of LB goes unhealthy because of wrong health-probe path of ingress controller. Ingress route is only accepting traffic for the particular host name and hence health probe of ingress controller service(Azure LB) is failing because / or 127.0.0.1 for http protocol returns 404.因为 LB 的后端池由于入口 controller 的错误健康探测路径而变得不健康。入口路由仅接受特定主机名的流量,因此入口 controller 服务(Azure LB)的健康探测失败,因为/或 127.0.0.1 对于http 协议返回 404。
Github discussion on changes - https://github.com/Azure/AKS/issues/2903#issuecomment-1115720970 Github 更改讨论 - https://github.com/Azure/AKS/issues/2903#issuecomment-1115720970
More details on installation - https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli#basic-configuration有关安装的更多详细信息 - https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli#basic-configuration
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.