通过 AppMesh 在 EKS 上进行简单的前端应用
Simple front end application on EKS via AppMesh
请您帮忙找出我配置的问题。
它是在 AWS WorkShop 示例的范围内完成的,只是在另一个 HTTP 容器上重写。
现在,在执行此操作后,一切正常,但在继续 NLB 时“上游不健康”。
检查了日志,在我的网关入口上只看到 503 错误。请求根本没有到达我的 pod。我的配置哪里出错了?
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualGateway
metadata:
name: ingress-gw
namespace: shared
spec:
namespaceSelector:
matchLabels:
gateway: shared-gw
podSelector:
matchLabels:
app: ingress-gw
listeners:
- portMapping:
port: 8088
protocol: http
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpd-echo-deployment
namespace: shared
labels:
app: httpd-echo1
spec:
replicas: 1
selector:
matchLabels:
app: httpd-echo1
template:
metadata:
labels:
app: httpd-echo1
annotations:
appmesh.k8s.aws/mesh: shared-mesh
spec:
containers:
- name: httpd
image: hashicorp/http-echo
args:
- "-text=test"
ports:
- containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
namespace: shared
name: httpd-echo-service
labels:
app: httpd-echo1
spec:
ports:
- name: "http"
port: 5678
targetPort: 5678
selector:
app: httpd-echo1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
name: shared-virtual-node-1
namespace: shared
spec:
podSelector:
matchLabels:
app: httpd-echo1
listeners:
- portMapping:
port: 5678
protocol: http
healthCheck:
protocol: http
path: '/'
healthyThreshold: 5
unhealthyThreshold: 5
timeoutMillis: 2000
intervalMillis: 5000
serviceDiscovery:
dns:
hostname: httpd-echo1.test.com
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
name: shared-virtual-service-1
namespace: shared
spec:
awsName: httpd-echo1.test.com
provider:
virtualNode:
virtualNodeRef:
name: shared-virtual-node-1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: GatewayRoute
metadata:
name: shared-gw-route-1
namespace: shared
spec:
httpRoute:
match:
prefix: "/"
action:
target:
virtualService:
virtualServiceRef:
name: shared-virtual-service-1
---
apiVersion: v1
kind: Service
metadata:
name: ingress-gw
namespace: shared
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-subnets : subnet-1,subnet-2,subnet-3
service.beta.kubernetes.io/aws-load-balancer-internal: "false"
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8088
name: http
selector:
app: ingress-gw
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-gw
namespace: shared
spec:
replicas: 1
selector:
matchLabels:
app: ingress-gw
template:
metadata:
labels:
app: ingress-gw
spec:
containers:
- name: envoy
image: 422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.16.1.1-prod
ports:
- containerPort: 8088
我试着在我身边重现同样的东西,效果很好。我对上面的 yaml 做了一些配置更改。
- 为 VirtualGateway 添加了网关标签“gateway: shared-gw”。确保您在命名空间中也有此标签。
- 更正了 dns 主机名。这应该是您的应用程序 clusterIp 服务名称
服务发现:
域名系统:
主机名:httpd-echo1.shared.svc.cluster.local
此外,确保您的 Laodbalancer 处于活动状态并且此 LB 的目标组侦听器显示健康状态
我在下面添加更新的 yaml。你可以试试这个,看看它是否有效。
---
apiVersion: v1
kind: Namespace
metadata:
name: shared
labels:
mesh: shared-mesh
gateway: ingress-gw
appmesh.k8s.aws/sidecarInjectorWebhook: enabled
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: Mesh
metadata:
name: shared-mesh
spec:
namespaceSelector:
matchLabels:
mesh: shared-mesh
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpd-echo1
namespace: shared
labels:
app: httpd-echo1
spec:
replicas: 1
selector:
matchLabels:
app: httpd-echo1
template:
metadata:
labels:
app: httpd-echo1
annotations:
appmesh.k8s.aws/mesh: shared-mesh
spec:
containers:
- name: httpd
image: hashicorp/http-echo
args:
- "-text=test"
ports:
- containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
namespace: shared
name: httpd-echo1
labels:
app: httpd-echo1
spec:
ports:
- name: "http"
port: 5678
targetPort: 5678
selector:
app: httpd-echo1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
name: shared-virtual-node-1
namespace: shared
spec:
podSelector:
matchLabels:
app: httpd-echo1
listeners:
- portMapping:
port: 5678
protocol: http
healthCheck:
protocol: http
path: '/'
healthyThreshold: 5
unhealthyThreshold: 5
timeoutMillis: 2000
intervalMillis: 5000
serviceDiscovery:
dns:
hostname: httpd-echo1.shared.svc.cluster.local
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
name: shared-virtual-service-1
namespace: shared
spec:
awsName: httpd-echo1.shared.svc.cluster.local
provider:
virtualNode:
virtualNodeRef:
name: shared-virtual-node-1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualGateway
metadata:
name: ingress-gw
namespace: shared
spec:
namespaceSelector:
matchLabels:
gateway: ingress-gw
podSelector:
matchLabels:
app: ingress-gw
listeners:
- portMapping:
port: 8088
protocol: http
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: v1
kind: Service
metadata:
name: ingress-gw
namespace: shared
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8088
name: http
selector:
app: ingress-gw
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-gw
namespace: shared
spec:
replicas: 1
selector:
matchLabels:
app: ingress-gw
template:
metadata:
labels:
app: ingress-gw
spec:
containers:
- name: envoy
image: 422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.16.1.1-prod
ports:
- containerPort: 8088
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: GatewayRoute
metadata:
name: shared-gw-route-1
namespace: shared
spec:
httpRoute:
match:
prefix: "/"
action:
target:
virtualService:
virtualServiceRef:
name: shared-virtual-service-1
---
请您帮忙找出我配置的问题。 它是在 AWS WorkShop 示例的范围内完成的,只是在另一个 HTTP 容器上重写。 现在,在执行此操作后,一切正常,但在继续 NLB 时“上游不健康”。
检查了日志,在我的网关入口上只看到 503 错误。请求根本没有到达我的 pod。我的配置哪里出错了?
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualGateway
metadata:
name: ingress-gw
namespace: shared
spec:
namespaceSelector:
matchLabels:
gateway: shared-gw
podSelector:
matchLabels:
app: ingress-gw
listeners:
- portMapping:
port: 8088
protocol: http
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpd-echo-deployment
namespace: shared
labels:
app: httpd-echo1
spec:
replicas: 1
selector:
matchLabels:
app: httpd-echo1
template:
metadata:
labels:
app: httpd-echo1
annotations:
appmesh.k8s.aws/mesh: shared-mesh
spec:
containers:
- name: httpd
image: hashicorp/http-echo
args:
- "-text=test"
ports:
- containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
namespace: shared
name: httpd-echo-service
labels:
app: httpd-echo1
spec:
ports:
- name: "http"
port: 5678
targetPort: 5678
selector:
app: httpd-echo1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
name: shared-virtual-node-1
namespace: shared
spec:
podSelector:
matchLabels:
app: httpd-echo1
listeners:
- portMapping:
port: 5678
protocol: http
healthCheck:
protocol: http
path: '/'
healthyThreshold: 5
unhealthyThreshold: 5
timeoutMillis: 2000
intervalMillis: 5000
serviceDiscovery:
dns:
hostname: httpd-echo1.test.com
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
name: shared-virtual-service-1
namespace: shared
spec:
awsName: httpd-echo1.test.com
provider:
virtualNode:
virtualNodeRef:
name: shared-virtual-node-1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: GatewayRoute
metadata:
name: shared-gw-route-1
namespace: shared
spec:
httpRoute:
match:
prefix: "/"
action:
target:
virtualService:
virtualServiceRef:
name: shared-virtual-service-1
---
apiVersion: v1
kind: Service
metadata:
name: ingress-gw
namespace: shared
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-subnets : subnet-1,subnet-2,subnet-3
service.beta.kubernetes.io/aws-load-balancer-internal: "false"
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8088
name: http
selector:
app: ingress-gw
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-gw
namespace: shared
spec:
replicas: 1
selector:
matchLabels:
app: ingress-gw
template:
metadata:
labels:
app: ingress-gw
spec:
containers:
- name: envoy
image: 422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.16.1.1-prod
ports:
- containerPort: 8088
我试着在我身边重现同样的东西,效果很好。我对上面的 yaml 做了一些配置更改。
- 为 VirtualGateway 添加了网关标签“gateway: shared-gw”。确保您在命名空间中也有此标签。
- 更正了 dns 主机名。这应该是您的应用程序 clusterIp 服务名称 服务发现: 域名系统: 主机名:httpd-echo1.shared.svc.cluster.local
此外,确保您的 Laodbalancer 处于活动状态并且此 LB 的目标组侦听器显示健康状态
我在下面添加更新的 yaml。你可以试试这个,看看它是否有效。
---
apiVersion: v1
kind: Namespace
metadata:
name: shared
labels:
mesh: shared-mesh
gateway: ingress-gw
appmesh.k8s.aws/sidecarInjectorWebhook: enabled
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: Mesh
metadata:
name: shared-mesh
spec:
namespaceSelector:
matchLabels:
mesh: shared-mesh
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpd-echo1
namespace: shared
labels:
app: httpd-echo1
spec:
replicas: 1
selector:
matchLabels:
app: httpd-echo1
template:
metadata:
labels:
app: httpd-echo1
annotations:
appmesh.k8s.aws/mesh: shared-mesh
spec:
containers:
- name: httpd
image: hashicorp/http-echo
args:
- "-text=test"
ports:
- containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
namespace: shared
name: httpd-echo1
labels:
app: httpd-echo1
spec:
ports:
- name: "http"
port: 5678
targetPort: 5678
selector:
app: httpd-echo1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
name: shared-virtual-node-1
namespace: shared
spec:
podSelector:
matchLabels:
app: httpd-echo1
listeners:
- portMapping:
port: 5678
protocol: http
healthCheck:
protocol: http
path: '/'
healthyThreshold: 5
unhealthyThreshold: 5
timeoutMillis: 2000
intervalMillis: 5000
serviceDiscovery:
dns:
hostname: httpd-echo1.shared.svc.cluster.local
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
name: shared-virtual-service-1
namespace: shared
spec:
awsName: httpd-echo1.shared.svc.cluster.local
provider:
virtualNode:
virtualNodeRef:
name: shared-virtual-node-1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualGateway
metadata:
name: ingress-gw
namespace: shared
spec:
namespaceSelector:
matchLabels:
gateway: ingress-gw
podSelector:
matchLabels:
app: ingress-gw
listeners:
- portMapping:
port: 8088
protocol: http
logging:
accessLog:
file:
path: /dev/stdout
---
apiVersion: v1
kind: Service
metadata:
name: ingress-gw
namespace: shared
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8088
name: http
selector:
app: ingress-gw
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-gw
namespace: shared
spec:
replicas: 1
selector:
matchLabels:
app: ingress-gw
template:
metadata:
labels:
app: ingress-gw
spec:
containers:
- name: envoy
image: 422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.16.1.1-prod
ports:
- containerPort: 8088
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: GatewayRoute
metadata:
name: shared-gw-route-1
namespace: shared
spec:
httpRoute:
match:
prefix: "/"
action:
target:
virtualService:
virtualServiceRef:
name: shared-virtual-service-1
---