【发布时间】:2018-03-02 20:12:30
【问题描述】:
我正在谷歌 kubernetes 引擎上部署应用程序。应用程序有 2 项服务。还有Ingress,我试图用它来公开一项服务,ingress 也用于 https 支持。我有 1 个NodePort 服务“网关”和ClusterIp 服务“内部”。 “内部”应从网关访问。这是服务配置:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: x-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: x-x-ip
kubernetes.io/tls-acme: "true"
labels:
app: gateway
spec:
tls:
- secretName: secret
hosts:
- x.x.com
backend:
serviceName: gateway
servicePort: 80
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: x-x
spec:
acme:
server: https://acme-v01.api.letsencrypt.org/directory
email: x@x.com
privateKeySecretRef:
name: x-x
http01: {}
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
name: gateway
labels:
app: gateway
spec:
type: NodePort
ports:
- port: 80
name: gateway
targetPort: 8080
selector:
app: gateway
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
name: internal
labels:
app: internal
spec:
ports:
- port: 8082
name: internal
targetPort: 8082
selector:
app: internal
网关提供静态内容和 REST 资源。静态内容正常,所以我看到了 html 和图像和脚本。但是当我尝试调用 REST 端点时,我得到了The server encountered a temporary error and could not complete your request. Please try again in 30 seconds. Gateway 将 REST 请求转发到“内部”服务并从内部返回响应。网关访问内部服务,url为http://internal:8082/some/rest。当我调用任何应转发到“内部”的请求时出现错误。
实际上我有相同的方案没有Ingress 并且它有效。 “网关”是LoadBalancer 服务,“内部”是NodePort。我需要 Ingress 来获取 https。
UPD:我注意到我没有任何与8082 端口相关的转发规则,只有80 和443(我使用过gcloud compute forwarding-rules list 和gcloud compute forwarding-rules describe 命令)。
这是kubectl describe svc的输出
Name: gateway
Namespace: default
Labels: app=gateway
Annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints=true
Selector: app=gateway
Type: NodePort
IP: *
Port: gateway 80/TCP
TargetPort: 8080/TCP
NodePort: gateway 31168/TCP
Endpoints: *:8080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
---
Name: internal
Namespace: default
Labels: app=internal
Annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints=true
Selector: app=internal
Type: ClusterIP
IP: *
Port: internal 8082/TCP
TargetPort: 8082/TCP
Endpoints: *:8082
Session Affinity: None
Events: <none>
UPD2:这是curl -v 到问题网址的输出:
* Trying *.*.*.*...
* TCP_NODELAY set
* Connected to *.*.*.* port 80 (#0)
> GET /internal/ping HTTP/1.1
> Host: *
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Content-Length: 332
< Date: Sun, 04 Mar 2018 05:19:59 GMT
<
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>502 Server Error</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Server Error</h1>
<h2>The server encountered a temporary error and could not complete your request.<p>Please try again in 30 seconds.</h2>
<h2></h2>
</body></html>
* Curl_http_done: called premature == 0
* Connection #0 to host trial.qurasense.com left intact
当请求此 url 时,网关日志中没有任何反应。
【问题讨论】:
-
您是否将所有 pod/replicasets/deployments 部署在同一个命名空间中?当您ˋ描述 svcˋ 时,服务ˋinternalˋ 是否有健康的端点条目?您尝试连接到ˋinternalˋ 服务上的哪个端口?集群内部访问不应受节点端口或入口的影响...
-
嗨@AndreasJägle,他们有
default命名空间。我在描述输出中没有找到内部服务的健康端点。我使用 8082 端口连接。我从 LoadBalncer 切换到 Ingress - 我拥有所有服务 NodePort 类型(网关和内部都是 NodePort),并且没有遇到此类问题。 -
没有足够的信息来回答这个问题。应用网关如何访问服务内部?针对什么发出 REST 调用?
-
嗨@JonahBenton你是对的,我会更新问题。
-
@JonahBenton Gateway 将 REST 请求转发到“内部”服务并从内部返回响应。网关访问内部服务,url为internal:8082/some/rest。当我调用任何应转发到“内部”的请求时出现错误。
标签: kubernetes google-cloud-platform google-kubernetes-engine