本文介绍了Kubernetes Ingress（GCE）不断返回502错误的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 我试图在GCE Kubernetes中设置Ingress。但是，当我访问Ingress中定义的IP地址和路径组合时，我一直得到以下502错误： 下面是我运行时得到的结果： kubectl describe ing --namespace dpl-staging $ b $ pre code $名称dpl-identity 命名空间：dpl-staging 地址：35.186 .221.153 默认后端：default-http-backend：80（10.0.8.5:8080） TLS： dpl-identity终止规则：主机路径后端 ---- ---- -------- * / api / identity / * dpl-identity：4000（<无>）注释： https-forwarding-rule：k8s-fws-dpl-staging-dpl-identity - 5fc40252fadea594 https-target-proxy：k8s-tps-dpl-staging-dpl-identity - 5fc40252fadea594 url-map：k8s-um-dpl-sta ging-dpl-identity - 5fc40252fadea594 backends：{k8s-be-31962--5fc40252fadea594：HEALTHY，k8s-be-32396--5fc40252fadea594：UNHEALTHY} 活动：来自SubObjectPath类型的FirstSeen LastSeen计数原因消息 --------- -------- ----- ---- ------- ------ ------ ------ ------- 15m 15m 1 {loadbalancer-controller}正常ADD dpl-staging / dpl-identity 15m 15m 1 {loadbalancer-controller}正常CREATE ip：35.186.221.153 15m 6m 4 {loadbalancer-controller}正常服务没有用户指定的默认后端，使用系统默认值 我认为问题是 dpl-identity：4000（< none>）。我不应该看到 dpl-identity 服务的IP地址，而不是< none> ？ 以下是我的服务描述： kubectl describe svc --namespace dpl-staging 名称：dpl-identity 命名空间：dpl-staging 标签：app = dpl-identity 选择器：app = dpl-identity 类型：NodePort IP：10.3.254.194 端口：http 4000 / TCP NodePort：http 32396 / TCP 端点：10.0.2.29:8000,10.0。 2.30：8000 会话亲和性：无没有事件。 另外，这里是执行的结果： kubectl describe ep -n dpl -staging dpl-identity 名称：dpl-identity 命名空间：dpl-staging 标签：app = dpl-identity 子集：地址：10.0.2.29,10.0.2.30 NotReadyAddresses：< none> 端口：名称端口协议 ---- ---- -------- http 8000 TCP 无事件。 这是我的deployment.yaml： apiVersion：v1 kind：秘密元数据：命名空间：dpl-staging 名称：dpl-identity 类型：不透明数据： tls.key：< base64 key> tls.crt：< base64 crt> --- apiVersion：v1 kind：Service metadata：命名空间：dpl-staging 名称：dpl-identity 标签： app：dpl-identity spec：类型：NodePort 端口： - 端口：4000 目标端口：8000 协议： TCP 名称：http 选择器： app：dpl-identity --- apiVersion：extensions / v1beta1 类型：Ingress 元数据：名称空间：dpl-staging 名称：dpl-identity 标签： app：dpl-identity 注释： kubernetes.io/ingress .allow-http：false spec： tls： - secretName：dpl-identity 规则： - http： paths： - path：/ api / identity / * 后端：服务名称：dpl-identity servicePort：4000 --- apiVersion：extensions / v1beta1 kind：部署元数据：名称空间：dpl-staging 名称：dpl-identity 类型：Ingress 元数据：名称空间：dpl-staging 名称：dpl-identity 标签： app：dpl-identity 注释： kubernetes.io/ ingress.allow-http：false spec： tls： - secretName：dpl-identity 规则： - http：路径： - path：/ api / identity / * backend： serviceName：dpl-identity servicePort：4000 --- apiVersion：extensions / v1beta1 kind：部署元数据：名称空间：dpl-staging 名称：dpl-identity 标签： app：dpl-identity 规格：副本：2 策略：类型：滚动更新模板：元数据：标签：应用：dpl身份 spec： containers： - image：gcr.io/munpat-container-engine/dpl/identity:0.4.9 名称：dpl-identity 端口： - containerPort：8000 名称：http volumeMounts： - name：dpl-identity mountPath：/ data volumes： - name：dpl-identity 秘密：秘密名称：dpl-身份 解决方案您的后端 k8s- be-32396--5fc40252fadea594 显示为UNHEALTHY。 Ingress将如果后端不健康，不转发流量，这将导致你看到的502错误。 它将被标记为不健康，因为它没有通过它的健康检查，您可以检查k8s-be-32396--5fc40252fadea594的运行状况检查设置，以查看它们是否适合您的容器，它可能正在轮询未返回200响应的URI或端口。您可以在计算引擎>运行状况检查下找到这些设置。 如果它们是正确的，那么浏览器和容器之间会有很多步骤可能会错误地传递流量，可以尝试> kubectl exec -it PODID - bash （或者如果您使用的是Alpine，则为灰），然后尝试curl-localhost以查看容器是否按预期响应，如果它是健康检查也配置正确，然后这将缩小问题可能与您的服务，您可以尝试将服务从NodePort类型更改为LoadBalancer，并查看是否直接从您的浏览器中击中服务IP 。 I am trying to setup an Ingress in GCE Kubernetes. But when I visit the IP address and path combination defined in the Ingress, I keep getting the following 502 error:Here is what I get when I run: kubectl describe ing --namespace dpl-stagingName: dpl-identityNamespace: dpl-stagingAddress: 35.186.221.153Default backend: default-http-backend:80 (10.0.8.5:8080)TLS: dpl-identity terminatesRules: Host Path Backends ---- ---- -------- * /api/identity/* dpl-identity:4000 (<none>)Annotations: https-forwarding-rule: k8s-fws-dpl-staging-dpl-identity--5fc40252fadea594 https-target-proxy: k8s-tps-dpl-staging-dpl-identity--5fc40252fadea594 url-map: k8s-um-dpl-staging-dpl-identity--5fc40252fadea594 backends: {"k8s-be-31962--5fc40252fadea594":"HEALTHY","k8s-be-32396--5fc40252fadea594":"UNHEALTHY"}Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 15m 15m 1 {loadbalancer-controller } Normal ADD dpl-staging/dpl-identity 15m 15m 1 {loadbalancer-controller } Normal CREATE ip: 35.186.221.153 15m 6m 4 {loadbalancer-controller } Normal Service no user specified default backend, using system defaultI think the problem is dpl-identity:4000 (<none>). Shouldn't I see the IP address of the dpl-identity service instead of <none>?Here is my service description: kubectl describe svc --namespace dpl-stagingName: dpl-identityNamespace: dpl-stagingLabels: app=dpl-identitySelector: app=dpl-identityType: NodePortIP: 10.3.254.194Port: http 4000/TCPNodePort: http 32396/TCPEndpoints: 10.0.2.29:8000,10.0.2.30:8000Session Affinity: NoneNo events.Also, here is the result of executing: kubectl describe ep -n dpl-staging dpl-identityName: dpl-identityNamespace: dpl-stagingLabels: app=dpl-identitySubsets: Addresses: 10.0.2.29,10.0.2.30 NotReadyAddresses: <none> Ports: Name Port Protocol ---- ---- -------- http 8000 TCPNo events.Here is my deployment.yaml:apiVersion: v1kind: Secretmetadata: namespace: dpl-staging name: dpl-identitytype: Opaquedata: tls.key: <base64 key> tls.crt: <base64 crt>---apiVersion: v1kind: Servicemetadata: namespace: dpl-staging name: dpl-identity labels: app: dpl-identityspec: type: NodePort ports: - port: 4000 targetPort: 8000 protocol: TCP name: http selector: app: dpl-identity---apiVersion: extensions/v1beta1kind: Ingressmetadata: namespace: dpl-staging name: dpl-identity labels: app: dpl-identity annotations: kubernetes.io/ingress.allow-http: "false"spec: tls: - secretName: dpl-identity rules: - http: paths: - path: /api/identity/* backend: serviceName: dpl-identity servicePort: 4000---apiVersion: extensions/v1beta1kind: Deploymentmetadata: namespace: dpl-staging name: dpl-identitykind: Ingressmetadata: namespace: dpl-staging name: dpl-identity labels: app: dpl-identity annotations: kubernetes.io/ingress.allow-http: "false"spec: tls: - secretName: dpl-identity rules: - http: paths: - path: /api/identity/* backend: serviceName: dpl-identity servicePort: 4000---apiVersion: extensions/v1beta1kind: Deploymentmetadata: namespace: dpl-staging name: dpl-identity labels: app: dpl-identityspec: replicas: 2 strategy: type: RollingUpdate template: metadata: labels: app: dpl-identity spec: containers: - image: gcr.io/munpat-container-engine/dpl/identity:0.4.9 name: dpl-identity ports: - containerPort: 8000 name: http volumeMounts: - name: dpl-identity mountPath: /data volumes: - name: dpl-identity secret: secretName: dpl-identity 解决方案 Your backend k8s-be-32396--5fc40252fadea594 is showing as "UNHEALTHY".Ingress will not forward traffic if the backend is UNHEALTHY, this will result in the 502 error you are seeing.It will be being marked as UNHEALTHY becuase it is not passing it's health check, you can check the health check setting for k8s-be-32396--5fc40252fadea594 to see if they are appropriate for your pod, it may be polling an URI or port that is not returning a 200 response. You can find these setting under Compute Engine > Health Checks.If they are correct then there are many steps between your browser and the container that could be passing traffic incorrectly, you could try kubectl exec -it PODID -- bash (or ash if you are using Alpine) and then try curl-ing localhost to see if the container is responding as expected, if it is and the health checks are also configured correctly then this would narrow down the issue to likely be with your service, you could then try changing the service from a NodePort type to a LoadBalancer and see if hitting the service IP directly from your browser works. 这篇关于Kubernetes Ingress（GCE）不断返回502错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 阿里云证书，YYDS！