堆栈内存溢出
  繁体   English   中英

Traefik-ingress 仪表板返回 404

[英]Traefik-ingress dashboard return 404

 原文  2018-11-21 00:02:07       kubernetes/ amazon-elb/ traefik/ kubernetes-ingress/ amazon-eks

问题描述

我部署traefik ingress controller pod,然后部署了两个服务,其中一个是用于反向代理的LoadBalancer类型,另一个是用于仪表板的ClusterIP

我还创建入口以将所有<elb-address>/dashboard重定向到我的 traefik 仪表板。

但出于某种原因,当我尝试在aws-ip/dashboard请求我的仪表板时,我收到 404 错误代码

那是我用来设置 traefik 的清单 yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
 name: traefik-ingress-controller
 namespace: kube-system
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
        - name: admin
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      targetPort: 80
      port: 80
  type: LoadBalancer
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - name: web
      port: 80
      targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: kube-system
  name: traefik-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - http:
      paths:
      - path: /dashboard
        backend:
          serviceName: traefik-web-ui
          servicePort: web

更新

我正在查看日志并在激活 rbac 并创建 ClusterRole、ServiceRole 和 ServiceAccount 时收到以下错误:

E1124 18:56:23.267560       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kube-system:traefik-ingress" cannot list endpoints in the namespace "default"
E1124 18:56:23.648207       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kube-system:traefik-ingress" cannot list services in the namespace "default"
E1124 18:56:23.267560       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kube-system:traefik-ingress" cannot list endpoints in the namespace "default"

这是我的 serviceAccount、clusterRole 和 RoleBingind

kind: ServiceAccount
apiVersion: v1
metadata:
  name: traefik-ingress
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress
rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses/status
    verbs:
      - update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress
subjects:
- kind: ServiceAccount
  name: traefik-ingress
  namespace: default

3 个解决方案

解决方案1
 3 已采纳  2018-11-25 00:14:51

解决方案

我申请这个

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

然后用 helm 安装了 stable/traefik 模板

helm install stable/traefik --name=traefik-ingress-controller --values values.yaml

values.yaml文件是:

    dashboard:
      enabled: true
      domain: traefik-ui.k8s.io
    rbac:
      enabled: true
    kubernetes:
      namespaces:
        - default
        - kube-system

感谢帮助

解决方案2
 2  2018-11-21 01:14:55

我自己试过这个。 所以基本上,当你创建自己的Ingress它得到了创建hosttraefik-ui.minikube (默认值),所以你将无法与访问仪表板<elb-address>/dashboard/

您必须使用traefik-ui.minikube/dashboard/访问它。 举个例子:

$ kubectl -n kube-system get ingress
NAME              HOSTS                 ADDRESS                  PORTS   AGE
traefik-ingress   *                                                                                              80      8m13s
traefik-web-ui    traefik-ui.minikube   xxxx.elb.amazonaws.com   80      71d

$ curl -H 'Host: traefik-ui.minikube' xxxx.elb.amazonaws.com/dashboard/
<!doctype html><html class="has-navbar-fixed-top">
...
</html>

如果您想在浏览器上看到它,您还可以在/etc/hosts文件中添加一个条目。

 <one-of-the-ips-of-your-elb> traefik-ui.minikube

您还可以将host用于 Ingress 定义中的rules

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: kube-system
  name: traefik-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: yourown.hostname.com
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: traefik-web-ui
          servicePort: web

解决方案3
 1  2022-05-24 20:48:51

就因为我遇到了这个,文档说:

/dashboard/ 中的尾部斜杠 / 是必需的

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有多个后端服务的 GKE Ingress 返回 404 多个主机时 Ingress 404 Not Found 有没有办法让aws lambda function返回404 通过 istio 入口网关公开时我的服务出现 404 错误 502 / 503 / 404 HTTP 错误:GKE ingress-nginx 将来自其他命名空间的流量提供给错误的服务 为什么我的API网关HTTP代理返回404? Traefik 中间件缓冲响应代码 Ingress 获取地址失败 Firebase 入口与出口 GCP Ingress 后端不健康
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM