为什么不遵守入口规则?改为到达默认后端
Why ingress rules are not followed? default backend is reached instead
我在 Kubernetes AKS 上安装了 HA 代理入口。我使用以下方式安装它:
helm install ingress haproxy-ingress/haproxy-ingress
我的入口是这样的:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
然而,当我将浏览器指向 https://a.raven.aedas-prev.inercya.com 时,我得到了默认后端。 HA 代理不会反向代理对 ravendb-0 服务的请求。
我做错了什么?我该怎么做才能使入口正常工作?
Pods 是 运行:
haproxy-ingress-8548ff5ff4-9wmxv 1/1 Running 0 137m
ingress-default-backend-b6f678779-9d88r 1/1 Running 0 137m
ravendb-0 1/1 Running 0 137m
ravendb-1 1/1 Running 0 139m
ravendb-2 1/1 Running 0 141m
并配置服务:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-ingress LoadBalancer 10.0.166.252 xx.xx.xx.xx 443:30526/TCP,1936:32388/TCP 139m
ingress-default-backend ClusterIP 10.0.102.165 <none> 8080/TCP 139m
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 412d
ravendb ClusterIP None <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-0 ClusterIP 10.0.193.14 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-1 ClusterIP 10.0.156.73 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-2 ClusterIP 10.0.53.227 <none> 443/TCP,38888/TCP,161/TCP 411d
我终于明白我错过了什么。我添加了 kubernetes.io/ingress.class: haproxy 注释并解决了问题:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
kubernetes.io/ingress.class: haproxy
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
现在 HAproxy 入口按预期工作,将外部流量反向代理到内部服务。
我在 Kubernetes AKS 上安装了 HA 代理入口。我使用以下方式安装它:
helm install ingress haproxy-ingress/haproxy-ingress
我的入口是这样的:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
然而,当我将浏览器指向 https://a.raven.aedas-prev.inercya.com 时,我得到了默认后端。 HA 代理不会反向代理对 ravendb-0 服务的请求。
我做错了什么?我该怎么做才能使入口正常工作?
Pods 是 运行:
haproxy-ingress-8548ff5ff4-9wmxv 1/1 Running 0 137m
ingress-default-backend-b6f678779-9d88r 1/1 Running 0 137m
ravendb-0 1/1 Running 0 137m
ravendb-1 1/1 Running 0 139m
ravendb-2 1/1 Running 0 141m
并配置服务:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
haproxy-ingress LoadBalancer 10.0.166.252 xx.xx.xx.xx 443:30526/TCP,1936:32388/TCP 139m
ingress-default-backend ClusterIP 10.0.102.165 <none> 8080/TCP 139m
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 412d
ravendb ClusterIP None <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-0 ClusterIP 10.0.193.14 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-1 ClusterIP 10.0.156.73 <none> 443/TCP,38888/TCP,161/TCP 411d
ravendb-2 ClusterIP 10.0.53.227 <none> 443/TCP,38888/TCP,161/TCP 411d
我终于明白我错过了什么。我添加了 kubernetes.io/ingress.class: haproxy 注释并解决了问题:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ravendb
namespace: default
labels:
app: ravendb
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
kubernetes.io/ingress.class: haproxy
spec:
rules:
- host: a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 443
path: /
- host: tcp-a.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-0
servicePort: 38888
path: /
- host: b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 443
path: /
- host: tcp-b.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-1
servicePort: 38888
path: /
- host: c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 443
path: /
- host: tcp-c.raven.aedas-prev.inercya.com
http:
paths:
- backend:
serviceName: ravendb-2
servicePort: 38888
path: /
现在 HAproxy 入口按预期工作,将外部流量反向代理到内部服务。