[英]Kubernetes Nginx container unable to access php-fpm container
我為 nginx 和一個 php-fpm laravel 容器創建了 2 個 Kubernetes 部署。 但由於某種原因,來自 nginx 的流量似乎無法成功到達 php-fpm 容器,從而產生以下錯誤
172.18.0.1 - - [18/Jul/2022:16:51:10 +0000] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"
這是我的部署文件
apiVersion: v1
kind: ConfigMap
metadata:
name: web-server-config
namespace: dev-api
data:
nginx.conf: |
server {
listen 80;
index index.php index.html;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass api-web-svc:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
gzip_static on;
}
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: php-config
namespace: dev-api
data:
laravel.ini: |
upload_max_filesize: 80M
post_max_size: 80M
---
apiVersion: v1
kind: Secret
metadata:
name: api-web-secret
namespace: dev-api
type: Opaque
data:
...
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-web
namespace: dev-api
spec:
selector:
matchLabels:
app: api-web
replicas: 1
template:
metadata:
labels:
app: api-web
spec:
containers:
- name: api-web
image: XXX.dkr.ecr.us-east-1.amazonaws.com/api-web:0.9.4-alpha
volumeMounts:
- name: php-config
mountPath: /usr/local/etc/php/conf.d/laravel.ini
- name: env-config
mountPath: /var/www/html/.env
ports:
- containerPort: 9000
volumes:
- name: php-config
configMap:
name: php-config
- name: env-config
secret:
secretName: api-web-secret
imagePullSecrets:
- name: regcred
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: dev-api
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
volumeMounts:
- name: web-server-config
mountPath: /etc/nginx/conf.d/
ports:
- containerPort: 80
volumes:
- name: web-server-config
configMap:
name: web-server-config
---
apiVersion: v1
kind: Service
metadata:
name: web-server-svc
namespace: dev-api
spec:
type: NodePort
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 32420
---
apiVersion: v1
kind: Service
metadata:
name: api-web-svc
namespace: dev-api
labels:
app: api-web
spec:
type: ClusterIP
selector:
app: api-web
ports:
- protocol: TCP
port: 9000
namespace
是單獨聲明的。 每個部署中的兩個容器都成功運行。
k logs deployment/nginx-deployment -n dev-api
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/07/18 16:18:50 [notice] 1#1: using the "epoll" event method
2022/07/18 16:18:50 [notice] 1#1: nginx/1.21.6
2022/07/18 16:18:50 [notice] 1#1: built by gcc 10.3.1 20211027 (Alpine 10.3.1_git20211027)
2022/07/18 16:18:50 [notice] 1#1: OS: Linux 5.4.0-109-generic
2022/07/18 16:18:50 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/07/18 16:18:50 [notice] 1#1: start worker processes
2022/07/18 16:18:50 [notice] 1#1: start worker process 21
2022/07/18 16:18:50 [notice] 1#1: start worker process 22
2022/07/18 16:18:50 [notice] 1#1: start worker process 23
2022/07/18 16:18:50 [notice] 1#1: start worker process 24
2022/07/18 16:18:50 [notice] 1#1: start worker process 25
2022/07/18 16:18:50 [notice] 1#1: start worker process 26
2022/07/18 16:18:50 [notice] 1#1: start worker process 27
2022/07/18 16:18:50 [notice] 1#1: start worker process 28
k logs deployment/api-web -n dev-api
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: fpm is running, pid 1
[18-Jul-2022 16:18:51] NOTICE: ready to handle connections
而在api-web
部署中用來生成鏡像api-web:0.9.4-alpha
的Dockerfile如下圖
FROM php:7.2-fpm
# Copy composer.lock and composer.json
COPY composer.lock composer.json /var/www/html/
# Set working directory
WORKDIR /var/www/html
# Install dependencies
RUN apt-get update && apt-get install -y \
build-essential \
libpng-dev \
libjpeg62-turbo-dev \
libfreetype6-dev \
locales \
zip \
jpegoptim optipng pngquant gifsicle \
vim \
unzip \
git \
curl \
nodejs \
npm
# Clear cache
RUN apt-get clean && rm -rf /var/lib/apt/lists/*
# Install extensions
RUN docker-php-ext-install pdo_mysql mbstring zip exif pcntl
RUN docker-php-ext-configure gd --with-gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ --with-png-dir=/usr/include/
RUN docker-php-ext-install gd
# Install composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Add user for laravel application
RUN groupadd -g 1000 www
RUN useradd -u 1000 -ms /bin/bash -g www www
# Copy existing application directory contents
COPY . /var/www/html/
# Copy existing application directory permissions
COPY --chown=www:www . /var/www/html/
# Change current user to www
USER www
## Run composer dependencies
RUN composer update
RUN composer install
# Expose port 9000 and start php-fpm server
EXPOSE 9000
CMD ["php-fpm"]
這個 Dockerfile 也運行良好,沒有問題。 使用此圖像的docker-compose
文件也可以正常工作。
為什么來自nginx-deployment
容器的流量無法到達api-web
php-fpm 容器並出現錯誤的任何想法
172.18.0.1 - - [18/Jul/2022:16:51:10 +0000] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"
據我所知,兩個 pod 或至少容器需要相同的源文件。 如果 nginx 不知道這個 php 文件存在,它就無法將請求轉發到 php-fpm 容器。
我說的是容器,雖然我不建議將 nginx 和 php-fpm 拆分為單獨的 pod。 我更有可能將這些容器作為一個單元啟動,在一個 pod 中具有相同的源。 除非您有某種 Cron 作業或批處理作業。
如果使用php-fpm
,我建議在一個POD中維護兩個容器
apiVersion: extensions/v1
kind: Deployment
metadata:
labels:
app: wordpress-site
name: wordpress-site
namespace: development
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: wordpress-site
tier: frontend
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: wordpress-site
tier: frontend
spec:
volumes:
- configMap:
defaultMode: 256
name: nginxthroughpass
optional: false
name: nginxconf
- name: shared-files
emptyDir: {}
containers:
- name: app
image: <REPLACE WITH DOCKER PHP-FPM IMAGE URL>
imagePullPolicy : IfNotPresent
volumeMounts:
- name: shared-files
mountPath: /var/www/html
envFrom:
- configMapRef:
name: wordpress-configmap
- name: nginx
image: nginx
imagePullPolicy : IfNotPresent
volumeMounts:
- name: shared-files
mountPath: /var/www/html
- mountPath: /etc/nginx/conf.d
name: nginxconf
readOnly: true
參考回購:https ://github.com/harsh4870/Kubernetes-wordpress-php-fpm-nginx
如果您不想運行 nginx 控制器,您也可以使用 Nginx 入口將流量轉發到 php-fpm 容器
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "FCGI"
nginx.ingress.kubernetes.io/fastcgi-index: "index.php"
nginx.ingress.kubernetes.io/fastcgi-params-configmap: "configmap"
name: example-app
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
name: fastcgi
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.