使用路径正则表达式重写在 EKS 和 nginx 入口控制器中不起作用
Rewrites with path regex are not working in EKS and nginx ingress controller
我正在使用 EKS 集群与 kubernetes 版本 1.18 和 nginx 入口控制器。我在 delpoyment、服务和入口资源下面创建了我注意到入口资源不适用于带有正则表达式的路径,它总是从入口控制器本身返回 404,而不将请求传递给后端 pod。我已经使用 describe 进行了验证,我能够看到正确的后端。
你能帮忙解决一下吗?
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: "wildfly"
namespace: "sit-web-n"
spec:
selector:
matchLabels:
app: "wildfly"
replicas: 1
template:
metadata:
labels:
app: "wildfly"
spec:
containers:
- image: <account>.dkr.ecr.eu-west-1.amazonaws.com/ecr-test:wildfly
imagePullPolicy: Always
name: "wildfly"
env:
- name: JAVA_OPTS
value: "-Xms128m -Xmx768m"
ports:
- containerPort: 8080
service.yaml
apiVersion: v1
kind: Service
metadata:
name: "wildfly"
namespace: "sit-web-n"
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
type: NodePort
selector:
app: "wildfly"
ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: wildfly
namespace: "sit-web-n"
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
tls:
- hosts:
- wildfly.eks-test.co.uk
secretName: tls-secret
rules:
- host: wildfly.eks-test.co.uk
http:
paths:
- path: /customer-svc/?(.*)
pathType: Prefix
backend:
serviceName: wildfly
servicePort: 8080
后端服务
kubectl describe svc wildfly -n sit-web-n
Name: wildfly
Namespace: sit-web-n
Labels: <none>
Annotations: Selector: app=wildfly
Type: NodePort
IP: 10.100.78.242
Port: <unset> 8080/TCP
TargetPort: 8080/TCP
NodePort: <unset> 31350/TCP
Endpoints: 192.168.0.89:8080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
[test]#
入口
kubectl describe ingress wildfly -n sit-web-n
Name: wildfly
Namespace: sit-web-n
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
tls-secret terminates wildfly.eks-test.co.uk
Rules:
Host Path Backends
---- ---- --------
wildfly.eks-test.co.uk
/customer-svc/?(.*) wildfly:8080 (192.168.0.89:8080)
Annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: false
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: false
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal AddedOrUpdated 14m nginx-ingress-controller Configuration for sit-web-n/wildfly was added or updated
卷曲输出
curl -ik -H 'Host: wildfly.eks-test.co.uk' https://ip-192-168-0-101.eu-west-1.compute.internal/custom-
svc/health
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 17 Nov 2020 08:31:08 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
nginx ingress controller logs -
2020/11/17 08:49:44 [error] 52#52: *17 open() "/etc/nginx/html/custom-svc/health" failed (2: No such file or directory), client: 172.31.0.183, server: wildfly.eks-test.co.uk, request: "GET /custom-svc/health HTTP/1.1", host: "wildfly.eks-test.co.uk"
wildfly.eks-test.co.uk 172.31.0.183 - - [17/Nov/2020:08:49:44 +0000] GET /custom-svc/health HTTP/1.1 404 146 0.000 - curl/7.61.1 - - -
2020/11/17 08:49:48 [error] 52#52: *18 open() "/etc/nginx/html/custom-svc/health" failed (2: No such file or directory), client: 172.31.0.183, server: wildfly.eks-test.co.uk, request: "GET /custom-svc/health HTTP/1.1", host: "wildfly.eks-test.co.uk"
wildfly.eks-test.co.uk 172.31.0.183 - - [17/Nov/2020:08:49:48 +0000] GET /custom-svc/health HTTP/1.1 404 146 0.000 - curl/7.61.1 - - -
如评论所述:
1。在 ingress 资源 中,你有 定义的路径 : customer-svc while trying to reach 自定义 SVC
2。 "/etc/nginx/html/custom-svc/health" failed (2: No such file or directory)"。通常这样的错误会告诉我们底层后端没有这样的路径(对于 nginx 入口控制器来说很奇怪)。
很难想出所有的可能性,但请尝试遵循以下几点:
确保您已经安装并配置了正确的 nginx 控制器。不同的控制器和版本有不同的配置和选项,例如:
attention Starting in Version 0.22.0, ingress definitions using the annotation nginx.ingress.kubernetes.io/rewrite-target are not backwards compatible with previous versions. In Version 0.22.0 and beyond, any substrings within the request URI that need to be passed to the rewritten path must explicitly be defined in a capture group.
另外请看一下:
ingressClassName configuration,Default Ingress Class configuration,
You can mark a particular IngressClass as default for your cluster. Setting the ingressclass.kubernetes.io/is-default-class annotation to true on an IngressClass resource will ensure that new Ingresses without an ingressClassName field specified will be assigned this default IngressClass.
更新:
如上所述:“不同的控制器和版本有不同的配置和选项”。
您正在使用 nginxinc kubernetes-ingress controller which is different from the NGINX Ingress controller in kubernetes/ingress-nginx repo. Please take a look at this doc 来了解主要差异。
那些注释:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
取自 nginx-ingress (kubernetes) and thus will not work with nginxinc kubernetes-ingress controller。
作为uri重写的例子请使用nginx.org/rewrites注解:
annotations:
nginx.org/rewrites: "serviceName=wildfly rewrite=/"
此外,要使用 nginxinc kubernetes-ingress 控制器 以及正则表达式和高级路由支持,请在控制器安装期间查看 VirtualServer.Route custom resource definition (CRD) concept. This functionality requires to install/configure CRD support。
Here 您可以找到完整的指南,了解如何使用 VirtualServer CRD 为 nginxinc kubernetes-ingress 控制器配置它。
附加信息:
教程:
我正在使用 EKS 集群与 kubernetes 版本 1.18 和 nginx 入口控制器。我在 delpoyment、服务和入口资源下面创建了我注意到入口资源不适用于带有正则表达式的路径,它总是从入口控制器本身返回 404,而不将请求传递给后端 pod。我已经使用 describe 进行了验证,我能够看到正确的后端。
你能帮忙解决一下吗?
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: "wildfly"
namespace: "sit-web-n"
spec:
selector:
matchLabels:
app: "wildfly"
replicas: 1
template:
metadata:
labels:
app: "wildfly"
spec:
containers:
- image: <account>.dkr.ecr.eu-west-1.amazonaws.com/ecr-test:wildfly
imagePullPolicy: Always
name: "wildfly"
env:
- name: JAVA_OPTS
value: "-Xms128m -Xmx768m"
ports:
- containerPort: 8080
service.yaml
apiVersion: v1
kind: Service
metadata:
name: "wildfly"
namespace: "sit-web-n"
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
type: NodePort
selector:
app: "wildfly"
ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: wildfly
namespace: "sit-web-n"
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
tls:
- hosts:
- wildfly.eks-test.co.uk
secretName: tls-secret
rules:
- host: wildfly.eks-test.co.uk
http:
paths:
- path: /customer-svc/?(.*)
pathType: Prefix
backend:
serviceName: wildfly
servicePort: 8080
后端服务
kubectl describe svc wildfly -n sit-web-n
Name: wildfly
Namespace: sit-web-n
Labels: <none>
Annotations: Selector: app=wildfly
Type: NodePort
IP: 10.100.78.242
Port: <unset> 8080/TCP
TargetPort: 8080/TCP
NodePort: <unset> 31350/TCP
Endpoints: 192.168.0.89:8080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
[test]#
入口
kubectl describe ingress wildfly -n sit-web-n
Name: wildfly
Namespace: sit-web-n
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
tls-secret terminates wildfly.eks-test.co.uk
Rules:
Host Path Backends
---- ---- --------
wildfly.eks-test.co.uk
/customer-svc/?(.*) wildfly:8080 (192.168.0.89:8080)
Annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: false
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: false
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal AddedOrUpdated 14m nginx-ingress-controller Configuration for sit-web-n/wildfly was added or updated
卷曲输出
curl -ik -H 'Host: wildfly.eks-test.co.uk' https://ip-192-168-0-101.eu-west-1.compute.internal/custom-
svc/health
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 17 Nov 2020 08:31:08 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
nginx ingress controller logs -
2020/11/17 08:49:44 [error] 52#52: *17 open() "/etc/nginx/html/custom-svc/health" failed (2: No such file or directory), client: 172.31.0.183, server: wildfly.eks-test.co.uk, request: "GET /custom-svc/health HTTP/1.1", host: "wildfly.eks-test.co.uk"
wildfly.eks-test.co.uk 172.31.0.183 - - [17/Nov/2020:08:49:44 +0000] GET /custom-svc/health HTTP/1.1 404 146 0.000 - curl/7.61.1 - - -
2020/11/17 08:49:48 [error] 52#52: *18 open() "/etc/nginx/html/custom-svc/health" failed (2: No such file or directory), client: 172.31.0.183, server: wildfly.eks-test.co.uk, request: "GET /custom-svc/health HTTP/1.1", host: "wildfly.eks-test.co.uk"
wildfly.eks-test.co.uk 172.31.0.183 - - [17/Nov/2020:08:49:48 +0000] GET /custom-svc/health HTTP/1.1 404 146 0.000 - curl/7.61.1 - - -
如评论所述:
1。在 ingress 资源 中,你有 定义的路径 : customer-svc while trying to reach 自定义 SVC
2。 "/etc/nginx/html/custom-svc/health" failed (2: No such file or directory)"。通常这样的错误会告诉我们底层后端没有这样的路径(对于 nginx 入口控制器来说很奇怪)。
很难想出所有的可能性,但请尝试遵循以下几点:
确保您已经安装并配置了正确的 nginx 控制器。不同的控制器和版本有不同的配置和选项,例如:
attention Starting in Version 0.22.0, ingress definitions using the annotation nginx.ingress.kubernetes.io/rewrite-target are not backwards compatible with previous versions. In Version 0.22.0 and beyond, any substrings within the request URI that need to be passed to the rewritten path must explicitly be defined in a capture group.
另外请看一下:
ingressClassNameconfiguration,Default Ingress Classconfiguration,
You can mark a particular IngressClass as default for your cluster. Setting the ingressclass.kubernetes.io/is-default-class annotation to true on an IngressClass resource will ensure that new Ingresses without an ingressClassName field specified will be assigned this default IngressClass.
更新:
如上所述:“不同的控制器和版本有不同的配置和选项”。 您正在使用 nginxinc kubernetes-ingress controller which is different from the NGINX Ingress controller in kubernetes/ingress-nginx repo. Please take a look at this doc 来了解主要差异。
那些注释:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
取自 nginx-ingress (kubernetes) and thus will not work with nginxinc kubernetes-ingress controller。
作为uri重写的例子请使用nginx.org/rewrites注解:
annotations:
nginx.org/rewrites: "serviceName=wildfly rewrite=/"
此外,要使用 nginxinc kubernetes-ingress 控制器 以及正则表达式和高级路由支持,请在控制器安装期间查看 VirtualServer.Route custom resource definition (CRD) concept. This functionality requires to install/configure CRD support。
Here 您可以找到完整的指南,了解如何使用 VirtualServer CRD 为 nginxinc kubernetes-ingress 控制器配置它。
附加信息:
教程: