Kubernetes Ingress 502 Bad Gateway Connection Refused

【问题标题】:Kubernetes Ingress 502 Bad Gateway Connection RefusedKubernetes Ingress 502 Bad Gateway Connection Refused
【发布时间】:2021-01-31 19:04:17
【问题描述】:

我正在尝试使用服务 lawyerlyui-service 访问部署到位于 Path / 的 AKS 集群的 Angular 前端。集群使用通过 HELM 部署的 nginx 和官方图表 (https://kubernetes.github.io/ingress-nginx) 我部署了其他后端 .net 核心服务,我可以通过入口访问这些服务。

但是,当我尝试在 https://uat.redactedapp.co.za 访问 Angular 应用程序时,我收到以下错误(取自 nginx pod 日志)

下面是nginxDockerfiledeployment.ymlingress.yml的配置和日志

NGINX 日志

2021/01/29 20:31:59 [error] 1304#1304: *7634340 connect() failed (111: Connection refused) while connecting to upstream, client: 10.244.0.1,
server: uat.redactedapp.co.za, request: "GET / HTTP/2.0", upstream: "http://10.244.0.88:80/", host: "uat.redactedapp.co.za"

Dockerfile


FROM node:8.12.0-alpine
EXPOSE 80
RUN npm -v

RUN mkdir -p /usr/src

WORKDIR /usr/src

# To handle 'not get uid/gid'
RUN npm config set unsafe-perm true
RUN npm install -g \
    typescript@2.8.3 \
    @angular/compiler-cli \
    @angular-devkit/core

RUN npm install -g @angular/cli@7.0.3

RUN ln -s /usr/src/node_modules/@angular/cli/bin/ng /bin/ng

COPY package.json /usr/src/

RUN npm install

COPY . /usr/src

CMD ["ng", "build", "--configuration", "uat"]

入口

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: redacted-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, PATCH, OPTIONS"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  tls:
    - hosts:
        - uat.redactedapp.co.za
      secretName: secret-tls
  rules:
    - host: uat.redactedapp.co.za
      http:
        paths:
          - path: /otp-api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: otpapi-service
                port:
                  number: 80
          - path: /search-api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: searchapi-service
                port:
                  number: 80
          - path: /notifications-api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: notificationsapi-service
                port:
                  number: 80
          - path: /user-api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: userapi-service
                port:
                  number: 80
          - path: /insurance-api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: insuranceapi-service
                port:
                  number: 80
          - path: /client-api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: clientsapi-service
                port:
                  number: 80
          - path: /
            pathType: Prefix
            backend:
              service:
                name: lawyerlyui-service
                port:
                  number: 80

Deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: lawyerlyui
spec:
  selector:
    matchLabels:
      app: lawyerlyui
  replicas: 1
  template:
    metadata:
      labels:
        app: lawyerlyui
    spec:
      containers:
        - name: lawyerlyui
          image: redacted.azurecr.io/lawyerly:latest
          ports:
            - containerPort: 80
      imagePullSecrets:
        - name: uat-acr-auth
---
apiVersion: v1
kind: Service
metadata:
  name: lawyerlyui-service
spec:
  type: ClusterIP
  selector:
    app: lawyerlyui
  ports:
    - name: http
      protocol: TCP
      # Port accessible inside cluster
      port: 80
      # Port to forward to inside the pod
      targetPort: 80

【问题讨论】:

  • 你有ng build,但是这会启动一个监听80端口的服务器吗?你检查过kubectl logs -l app=lawyerlyui 看看它是否符合你的预期?
  • 另外,使用:latest 而不使用imagePullPolicy: Always 会导致事情变得不像你期望的那样
  • @mdaniel 我试过kubectl logs -l app=lawyerlyui,但没有从容器日志中得到任何输出。我对Angular不是很熟悉,我知道这个项目中有一个单独的dockerfile,最后有这个cmd。 CMD ["ng", "serve", "--host", "0.0.0.0"] docker 是否结合了基础 dockerfile 和特定于环境的文件,如 Dockerfile.uat ?我试图查看是否可以在 uat dockerfile 中添加另一个 CMD,但只能指定一个。
  • 那么这就是你想要的;或者,除非存在一些潜在的细微差别,否则我相信您可以通过在部署中设置 command: [ng, serve, --host, 0.0.0.0] 来测试该理论,看看它是否开始起作用。如果部署在 :80 上有一个正确的 livenessProbe:,它会在 :80 上没有任何内容时正确地轰炸部署

标签: node.js angular docker nginx kubernetes


【解决方案1】:

因此,在阅读@mdaniels cmets 之后,我创建了一个新的Dockerfile.uat。以前的文件只是构建 src 代码,但从未提供它。

据我了解,您需要提供已构建的 Angular 代码,这不再给我一个 502 Bad Gateway。

# Stage 0, "build-stage", based on Node.js, to build and compile the frontend
FROM node:10.8.0 as build-stage
WORKDIR /app
COPY package*.json /app/
RUN npm install
COPY ./ /app/
ARG configuration=uat
EXPOSE 80
RUN npm run build --configuration $configuration

# Stage 1, based on Nginx, to have only the compiled app, ready for production with Nginx
FROM nginx:1.15
#Copy ci-dashboard-dist
COPY --from=build-stage /app/dist/lfa/ /usr/share/nginx/html
#Copy default nginx configuration
COPY ./nginx/nginx-custom.conf /etc/nginx/conf.d/default.conf

【讨论】:

    猜你喜欢
    • 2020-06-14
    • 1970-01-01
    • 2019-09-15
    • 2021-03-04
    • 2022-06-17
    • 1970-01-01
    • 1970-01-01
    • 2021-06-30
    • 2020-05-09
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode