[英]nginx ingress setup up on Azure (not using helm) troubleshooting
我需要一些帮助来尝试在这里实现这两件事:
对于第一步,我没有走运这个文档: https : //kubernetes.github.io/ingress-nginx/deploy/#azure
而且我没有忘记mandatory.yaml!
我的分步指南:
我有一个带有两个 pod 的基本 kubernetes 集群,如下所示:
NAME READY STATUS RESTARTS AGE
activemq-demo-7b769bcc4-jtsj5 1/1 Running 0 55m
ubuntu-dcb9c6ccb-wkz2w 1/1 Running 0 2d
在这一点上,我想添加我的入口,以便我可以使用我的公共 IP 地址abcd访问演示 activemq
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/cloud-generic.yaml
完成后我运行kubectl get services -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx LoadBalancer 10.0.186.143 zz.zz.zzz.zzz 80:32703/TCP,443:30584/TCP 17s
哪个好! 似乎工作正常? 在这一点上,我应该能够将外部 IP 地址连接到任何这些端口,但我不能:(
$ telnet zz.zz.zzz.zzz 80
Trying zz.zz.zzz.zzz...
(a long time later...)
telnet: Unable to connect to remote host: Resource temporarily unavailable
$ telnet zz.zz.zzz.zzz 443
Trying zz.zz.zzz.zzz...
(a long time later...)
telnet: Unable to connect to remote host: Resource temporarily unavailable
我知道mandatory.yaml对我保留的IP 地址一无所知,但我忽略了它,因为我有一个更大的问题,我无法连接。
我也忽略了一分钟,我无法连接只是为了测试我是否需要实际运行ingress.yaml 。 所以我使用kubectl apply -f ingress.html 。 (ingress.yaml 包含以下代码)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress1
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "*"
spec:
tls:
- hosts:
- amq-test.mydomain.com
secretName: my-certificate
rules:
- host: amq-test.mydomain.com
http:
paths:
- path: /*
backend:
serviceName: activemq-demo-service
servicePort: 8161
之后如果我运行kubectl get ing我得到:
NAME HOSTS ADDRESS PORTS AGE
ingress1 amq-test.mydomain.com zz.zz.zzz.zzz 80, 443 66s
但它是一样的,我无法连接:
从 WSL
$ telnet zz.zz.zzz.zzz 80
Trying zz.zz.zzz.zzz...
(a long time later...)
telnet: Unable to connect to remote host: Resource temporarily unavailable
$ telnet zz.zz.zzz.zzz 443
Trying zz.zz.zzz.zzz...
(a long time later...)
telnet: Unable to connect to remote host: Resource temporarily unavailable
老实说,我不确定我错过了什么,官方文档应该非常简单,我不知道是否必须在 Azure 中启用其他功能......
感谢阅读,任何帮助将不胜感激。
编辑 3/7/2020:activemq-demo 部署和服务 @Jean-Philippe Bond
apiVersion: apps/v1
kind: Deployment
metadata:
name: activemq-demo
labels:
app: activemq-demo
tier: backend
spec:
revisionHistoryLimit: 1
replicas: 1
selector:
matchLabels:
app: activemq-demo
template:
metadata:
labels:
app: activemq-demo
tier: backend
spec:
containers:
- name: activemq-demo
image: myproject.azurecr.io/activemq-slim:5.15.9-3
imagePullPolicy: "Always"
command: ["/start.sh"]
args: ["somename"]
env:
- name: LANG
value: "C.UTF-8"
ports:
- containerPort: 8161
- containerPort: 61616
livenessProbe:
exec:
command:
- /isAlive.sh
- somename
initialDelaySeconds: 15
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: activemq-demo-service
labels:
tier: controller
spec:
type: NodePort
ports:
- name: http
protocol: TCP
port: 8161
targetPort: 8161
- name: acceptor
protocol: TCP
port: 61616
targetPort: 61616
selector:
app: activemq-demo
tier: backend
请注意,我想从外部访问的唯一内容是默认情况下 ActiveMQ 在端口 8161 上提供的 HTTP Web 服务
编辑 3/9/2020:@HelloWorld 请求
从 WSL telnet
$ telnet zz.zz.zzz.zzz 80
Trying zz.zz.zzz.zzz...
(a long time later...)
telnet: Unable to connect to remote host: Resource temporarily unavailable
$ telnet zz.zz.zzz.zzz 443
Trying zz.zz.zzz.zzz...
(a long time later...)
telnet: Unable to connect to remote host: Resource temporarily unavailable
从 macos 远程登录
$ telnet zz.zz.zzz.zzz 80
Trying zz.zz.zzz.zzz...
telnet: connect to address zz.zz.zzz.zzz: Operation timed out
telnet: Unable to connect to remote host
$ telnet zz.zz.zzz.zzz 443
Trying zz.zz.zzz.zzz...
telnet: connect to address zz.zz.zzz.zzz: Operation timed out
telnet: Unable to connect to remote host
来自 macos 的 curl - HTTP
$ curl -v -X GET http://amq-test.mydomain.com
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying zz.zz.zzz.zzz:80...
* TCP_NODELAY set
* Connection failed
* connect to zz.zz.zzz.zzz port 80 failed: Operation timed out
* Failed to connect to amq-test.mydomain.com port 80: Operation timed out
* Closing connection 0
curl: (7) Failed to connect to amq-test.mydomain.com port 80: Operation timed out
来自 macos 的 curl - HTTPS
$ curl -v -X GET https://amq-test.mydomain.com
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying zz.zz.zzz.zzz:443...
* TCP_NODELAY set
* Connection failed
* connect to zz.zz.zzz.zzz port 443 failed: Operation timed out
* Failed to connect to amq-test.mydomain.com port 443: Operation timed out
* Closing connection 0
curl: (7) Failed to connect to amq-test.mydomain.com port 443: Operation timed out
编辑 3/10/2020:从头开始(多次)
我删除了整个事情以开始“新鲜”而没有更多的运气,但我注意到有些事情可能会引发一些想法......
基础知识:
我的程序:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: MyResourceGroup
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
loadBalancerIP: A.B.C.D
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
$ kubectl get svc -n ingress-nginx -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
ingress-nginx LoadBalancer 10.0.30.100 A.B.C.D 80:30682/TCP,443:31002/TCP 35m app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/part-of=ingress-nginx
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress1
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "*"
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: activemq-demo-service
servicePort: 8161
这运行没有问题,什么时候开始我检查:
$ kubectl describe ingress
Name: ingress1
Namespace: default
Address: A.B.C.D
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
*
/* queue-callbacks-service:8161 (10.94.20.14:8161)
Annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/cors-allow-credentials: true
nginx.ingress.kubernetes.io/cors-allow-methods: *
nginx.ingress.kubernetes.io/cors-allow-origin: *
nginx.ingress.kubernetes.io/enable-cors: true
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/cors-allow-credentials":"true","nginx.ingress.kubernetes.io/cors-allow-methods":"*","nginx.ingress.kubernetes.io/cors-allow-origin":"*","nginx.ingress.kubernetes.io/enable-cors":"true"},"name":"ingress1","namespace":"default"},"spec":{"rules":[{"http":{"paths":[{"backend":{"serviceName":"queue-callbacks-service","servicePort":8161},"path":"/callbacks/*"}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 35m nginx-ingress-controller Ingress default/ingress1
Normal UPDATE 34m nginx-ingress-controller Ingress default/ingress1
一切似乎都很完美,但我无法使用任何 (80, 443) 端口连接到 IP 或主机
希望这可以帮助
仅供参考,我只是按照此文档尝试使用掌舵,但得到了相同的结果
2020 年 4 月 15 日编辑:尚未完成
我正在做另一个项目,所以这个项目暂停了一会儿,我现在回到这个项目,不幸的是仍然没有工作,我向微软开了一张票,我在等它。
但是,我们注意到端口 80 被某些防火墙或其他东西过滤,我们不确定是什么导致了这种情况,因为我们的 SG 上有入站规则,端口 80 和 443 从任何协议上的 * 打开
$ nmap -Pn zz.zz.zz.zzz -p 80,443
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-15 11:01 Pacific SA Standard Time
Nmap scan report for zz.zz.zz.zzz
Host is up.
PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 4.62 seconds
ActiveMQ可以通过TCP访问,而不是HTTP并且 Kubernetes Ingress 不是为了支持TCP服务而构建的。 也就是说,如果您真的想使用Nginx确实支持TCP负载平衡,但是您将无法像您那样使用基于主机的 Ingress 规则,因为这是为HTTP/HTTPS保留的。 最好的办法可能是直接使用 Azure L4 负载均衡器,而不是通过入口控制器。
如果你想使用Nginx ,你需要修改yaml在mandatory.yaml揭露ActiveMQ上的端口Nginx部署。
kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
data:
9000: "default/activemq-demo-service:8161"
您还需要在服务资源上添加tcp-services端口。 前任 :
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
- name: proxied-tcp-9000
port: 9000
targetPort: 9000
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
这是 Nginx Ingress 中 TCP/UDP 支持的文档。
前段时间我写了一个可能对你有用的故事: https : //medium.com/cooking-with-azure/tcp-load-balancing-with-ingress-in-aks-702ac93f2246
使用 Azure 在 Kubernetes 中创建 NGINX 入口控制器
[英]Create an NGINX ingress controller in Kubernetes, using Azure
无法在 Azure Kubernetes 集群 (AKS) 中使用 helm 部署第二个入口控制器
[英]Unable to deploy a second ingress controller using helm in Azure Kubernetes Cluster ( AKS )
带有 Azure Active Directory 的 NGINX Ingress 外部 oauth
[英]NGINX Ingress external oauth with Azure Active Directory
如何在 Kubernetes (AKS) 中使用 Helm 注释入口控制器的 Pod?
[英]How to annotate pods of an Ingress Controller using Helm in Kubernetes (AKS)?
用于Azure Kubernetes Service 502错误网关的Nginx入口控制器
[英]nginx-ingress controller for Azure Kubernetes Service 502 Bad Gateway
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.