我尝试按照this教程使用Nginx入口 Controller 。当我尝试使其工作时,一些细节已更改-只有一个后端服务而不是两个,一些端口号,所有内容都在默认 namespace 中运行。我在CentOS Linux版本7.4.1708 VM上有一个kubernetes master和3个奴才。
后端和默认后端均可通过它们各自的服务端点在群集内访问。
Nginx状态页面可从外部访问(MasterHostIP:32000 / nginx_status)。
问题是,通过外部路径或从群集内部到nginx-ingress-controller-service端点的对后端应用程序的http请求都被拒绝。
希望外面的人可以看到我显然不见的东西,或者遇到过类似的问题,并且知道如何解决这个问题。
[root@master1 ~]# kubectl get endpoints
NAME ENDPOINTS AGE
appsvc1 10.244.1.2:80,10.244.3.4:80 3h
default-backend 10.244.1.3:8080,10.244.2.3:8080,10.244.3.5:8080 14d
kubernetes 10.134.45.136:6443 15d
nginx-ingress 10.244.2.5:18080,10.244.2.5:9999 2h
[root@master1 ~]# wget 10.244.2.5:9999
--2018-01-05 12:10:56-- http://10.244.2.5:9999/
Connecting to 10.244.2.5:9999... failed: Connection refused.
[root@master1 ~]# wget 10.244.2.5:18080
--2018-01-05 12:12:52-- http://10.244.2.5:18080/
Connecting to 10.244.2.5:18080... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-01-05 12:12:52 ERROR 404: Not Found.
对appsvc1端点的请求行为符合预期,并返回带有“Hello app1!”的静态html。
后端应用程序部署:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: app1
spec:
replicas: 2
template:
metadata:
labels:
app: app1
spec:
containers:
- name: app1
image: dockersamples/static-site
env:
- name: AUTHOR
value: app1
ports:
- containerPort: 80
后端服务
apiVersion: v1
kind: Service
metadata:
name: appsvc1
spec:
ports:
- port: 9999
protocol: TCP
targetPort: 80
selector:
app: app1
应用程序入口
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/rewrite-target: /
name: app-ingress
spec:
rules:
- host: test.com
http:
paths:
- backend:
serviceName: appsvc1
servicePort: 9999
path: /app1
nginx入口 Controller 部署
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
replicas: 1
revisionHistoryLimit: 3
template:
metadata:
labels:
app: nginx-ingress-lb
spec:
terminationGracePeriodSeconds: 60
serviceAccount: nginx
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
imagePullPolicy: Always
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 5
args:
- /nginx-ingress-controller
- '--default-backend-service=$(POD_NAMESPACE)/default-backend'
- '--configmap=$(POD_NAMESPACE)/nginx-ingress-controller-conf'
- --v=6
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- containerPort: 80
- containerPort: 9999
- containerPort: 18080
Nginx入口 Controller 服务
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
spec:
type: NodePort
ports:
- port: 9999
nodePort: 30000
name: http
- port: 18080
nodePort: 32000
name: http-mgmt
selector:
app: nginx-ingress-lb
nginx入口
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: test.com
http:
paths:
- backend:
serviceName: nginx-ingress
servicePort: 18080
更新
入口 Controller 中的端口9999似乎未打开。谁能建议为什么打开18080端口而不打开9999? :
[root@master1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1-54cf69ff86-l7kp4 1/1 Running 0 17d
app1-54cf69ff86-qkksw 1/1 Running 0 17d
app2-7bc7498cbf-459vd 1/1 Running 0 2d
app2-7bc7498cbf-8x9st 1/1 Running 0 2d
default-backend-78484f94cf-fv6v4 1/1 Running 0 17d
default-backend-78484f94cf-vzp8l 1/1 Running 0 17d
default-backend-78484f94cf-wmjqh 1/1 Running 0 17d
nginx-ingress-controller-cfb567f76-wbck5 1/1 Running 0 15h
[root@master1 ~]# kubectl exec nginx-ingress-controller-cfb567f76-wbck5 -it bash
root@nginx-ingress-controller-cfb567f76-wbck5:/# netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 14/nginx: master pr
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 14/nginx: master pr
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 14/nginx: master pr
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 14/nginx: master pr
tcp 0 0 0.0.0.0:18080 0.0.0.0:* LISTEN 14/nginx: master pr
tcp 0 0 0.0.0.0:18080 0.0.0.0:* LISTEN 14/nginx: master pr
tcp6 0 0 [::]:http [::]:* LISTEN 14/nginx: master pr
tcp6 0 0 [::]:http [::]:* LISTEN 14/nginx: master pr
tcp6 0 0 [::]:https [::]:* LISTEN 14/nginx: master pr
tcp6 0 0 [::]:https [::]:* LISTEN 14/nginx: master pr
tcp6 0 0 [::]:18080 [::]:* LISTEN 14/nginx: master pr
tcp6 0 0 [::]:18080 [::]:* LISTEN 14/nginx: master pr
tcp6 0 0 [::]:10254 [::]:* LISTEN 5/nginx-ingress-con
最佳答案
10.x地址是内部的。因此,预计会出现404。入口 Controller 不会使您的内部服务突然变得外部。入口服务应该通过单个地址将请求代理到已部署的服务。由于我看到您是通过节点端口部署 Controller 的,因此请尝试使用主机 header test.com向节点的IP端口30000发出请求,您应该会获得应用程序。您外部化的每个服务都可以通过入口IP使用,主机 header 由HTTP客户端设置,并且入口 Controller 将根据该请求(以及路径和其他所需内容)散发出请求。因此,实际上只有在您为域名付费时才有效,因为我假设您不拥有test.com,并且要求用户伪造请求 header 不是一个合理的接口(interface)
另外,由于您拥有小仆节点(多个),因此您应该将 Controller 服务类型从NodePort更改为LoadBalancer。教程中使用了节点端口,以便更便宜-LoadBalancer会启动您需要付费的云负载均衡器。到位后,节点端口就可以了,但是以后肯定不能做。我真的希望人们不要在没有任何解释的情况下将其放到教程中
关于nginx - Kubernetes Nginx入口 Controller 服务(版本0.9.0)拒绝连接,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/48113602/