microk8s Ingress 无法访问服务 (503)答案

【问题标题】：microk8s Ingress can't access services (503)microk8s Ingress 无法访问服务 (503)
【发布时间】：2020-11-13 01:16:55
【问题描述】：

我在 Ubuntu 20.04 上运行 microk8s v1.18.5，带有插件 ingress、dns、dashboard、helm3、storage。

我正在尝试从外部访问正在运行的服务，例如 grafana 和 dashboard。我已经按照文档配置了代理服务和入口：

kind: Service
apiVersion: v1
metadata:
  name: grafana
  namespace: ingress
spec:
  type: ExternalName
  externalName: monitoring-grafana.kube-system.svc.cluster.local
  ports:
    - port: 80
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: grafana-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    kubernetes.io/tls-acme: "true"
spec:
  tls:
    - hosts:
        - "grafana.example.com"
      secretName: grafana-tls
  rules:
    - host: grafana.example.com
      http:
        paths:
          - backend:
              serviceName: grafana
              servicePort: 80
            path: /
---

和

kind: Service
apiVersion: v1
metadata:
  name: dashboard
  namespace: ingress
spec:
  type: ExternalName
  externalName: kubernetes-dashboard.kube-system.svc.cluster.local
  ports:
    - port: 443
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: dashboard-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    kubernetes.io/tls-acme: "true"
spec:
  tls:
    - hosts:
        - "dashboard.example.com"
      secretName: dashboard-tls
  rules:
    - host: dashboard.example.com
      http:
        paths:
          - backend:
              serviceName: dashboard
              servicePort: 443
            path: /
---

尝试访问我得到的仪表板或 grafana：

503 Service Temporarily Unavailable
openresty/1.15.8.1

我该怎么做才能找到根本原因？

我还从 helm3 运行 cert-manager 和 external-dns，它们的配置是否与问题有关？

【问题讨论】：

你能发布kubectl get svc -A的输出吗？你的 pod 正在运行吗？
@KFC_ 我的输出：pastebin.com/iDkH1CEc 感谢您的关注。豆荚都在运行。即使 nginx-ingress-microk8s-controller 在 ingress 命名空间中，我也怀疑 ingress 命名空间不是我需要放入代理的。

标签： kubernetes kubernetes-ingress microk8s

【解决方案1】：

首先，您必须将仪表板和 grafana service type 更改为 NodePort 才能正常工作。

此外，可以在 <master_node_ip>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 路径下访问 microk8s 的 Kubernetes 仪表板，因此您必须在 URL 或入口清单中提及它。当你curl dashboard.example.com 它给你503 Service Temporarily Unavailable 错误。但是，当您输入完整路径时，它将显示网站：

curl http://dashboard.example.com:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

<!--
Copyright 2017 The Kubernetes Authors.

[...]

这是一个将/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy重写为/dashboard/的入口示例

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: grafana-ingress
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: nginx
    # Add https backend protocol support for ingress-nginx
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header Accept-Encoding "";
      sub_filter '<base href="/">' '<base href="/dashboard/">';
      sub_filter_once on;
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  rules:
    - host: dashboard.example.com
      http:
        paths:
          - path: /dashboard(/|$)(.*)
            backend:
              serviceName: kubernetes-dashboard
              servicePort: 443

【讨论】：