[英]Deployment issue in k8s cluster using docker file without minikube, but my is pod not running
[英]Why K8s ingress works on Minikube, but returns HTTP 404 on remote cluster?
我有一个服务(作为另一个应用程序的 Helm 子图安装)可以在 Minikube 环境中正确访问,但在远程 Kubernetes 集群上部署时无法访问。
服务应该可以通过入口访问。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-0.2.3"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
annotations:
# These annotations don't seem to make any difference
# traefik.ingress.kubernetes.io/ingress.class: traefik
# traefik.ingress.kubernetes.io/ssl-proxy-headers: X-Forwarded-Proto:https
# traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: "helper-service.example.com"
http:
paths:
- path: /
backend:
serviceName: helper-service
servicePort: service-port
apiVersion: v1
kind: Service
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.13.1"
app.kubernetes.io/managed-by: "Helm"
spec:
selector:
app.kubernetes.io/name: "helper-service"
type: ClusterIP
ports:
- port: 8080
name: service-port
targetPort: 8080
protocol: TCP
apiVersion: apps/v1
kind: Deployment
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
spec:
replicas: 1
revisionHistoryLimit: 3
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: "helper-service"
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/name: "helper-service"
spec:
containers:
- name: helper-service
image: "myregistry/myimage:myversion"
env:
- name: HELPER-SERVICE_BIND
value: ":8080"
ports:
- containerPort: 8080
向helper-service.example.com
发送请求总是从Nginx返回404 not found
错误。 鉴于响应,似乎 Nginx 是可访问的,但无法提供对 Ingress 中指定服务的访问。
但是,在同一集群/命名空间上的父图表 Helm 应用程序可以通过 NodePort 服务上的 Ingress 访问,并且在访问时没有问题。
两项服务均正常运行:
$ k get all
NAME READY STATUS RESTARTS AGE
pod/myapp-645cd66d9-g84vm 2/2 Running 0 51m
pod/myapp-helper-service-fbc6bb4d8-zklf2 1/1 Running 0 4d19h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/myapp NodePort 10.10.10.11 <none> 8080:31033/TCP 110d
service/myapp-helper-service ClusterIP 10.10.10.61 <none> 8080/TCP 110d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/myapp 1/1 1 1 110d
deployment.apps/myapp-helper-service 1/1 1 1 110d
并且入口看起来正确:
$ k get ingresses
NAME HOSTS ADDRESS PORTS AGE
myapp myapp.example.com 37.44.1.172 80, 443 116d
myapp-helper-service myapp-helper-service.example.com 80 116d
入口详细信息为:
$ k describe ingress/myapp-helper-service
Name: myapp-helper-service
Namespace: my-namespace
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" is forbidden: User cannot get resource "endpoints" in API group "" in the namespace "kube-system">)
Rules:
Host Path Backends
---- ---- --------
myapp-helper-service.example.com
/ myapp-helper-service:service-port (172.25.0.207:8080)
Events: <none>
部署的服务是:
$ k describe service/myapp-helper-service
Name: myapp-helper-service
Namespace: mynamespace
Labels: app.kubernetes.io/instance=myapp
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=helper-service
app.kubernetes.io/version=2.1
helm.sh/chart=helper-service-0.2.3
Annotations: meta.helm.sh/release-name: myapp
meta.helm.sh/release-namespace: mynamespace
Selector: app.kubernetes.io/instance=myapp,app.kubernetes.io/name=helper-service
Type: ClusterIP
IP: 10.10.10.61
Port: service-port 8080/TCP
TargetPort: 8080/TCP
Endpoints: 172.25.0.207:8080
Port: metrics-port 8081/TCP
TargetPort: 8081/TCP
Endpoints: 172.25.0.207:8081
Session Affinity: None
Events: <none>
我尝试启用/禁用添加 Traefik annotations
以查看是否有任何更改,但结果是相同的(仍然是来自 Nginx 的 404 ♂️)。
我想出了解决方案。
即使创建了入口,但显然它实际上并没有工作(或者正在获得一些非更好指定的其他默认类)。
入口需要缺少显式注释,指定入口class :
annotations:
kubernetes.io/ingress.class: nginx-external
添加并重新部署后,入口开始正确捕获我的请求并将它们重定向到helper-service
!
如果您知道,请写下评论:
什么是默认 class 时没有指定
如何确定已经在集群上运行的入口使用了什么 class
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.