如何使用 Ingress 公开服务?
How to expose a service using Ingress?
我创建了一个 docker 图像(java 网络应用程序),创建了一个包含 1 个主节点和 1 个工作节点的 kubernetes 集群,创建了一个部署和一个服务。正如我 'kubectl describe resource resourcename' 检查的那样,所有资源似乎 运行 都很好。最后,我使用 Ingress 来暴露集群外的服务。入口资源似乎工作正常,因为在描述入口对象时没有错误。但是,在从另一台机器的浏览器上访问主机时,出现“您的连接不是私有的”错误。我是 Kubernetes 的新手,我无法调试这个问题的原因。
下面是 service/deployment 个 yaml 文件、入口文件内容和资源状态。
服务和部署 YAML:
kind: Service
apiVersion: v1
metadata:
name: hotelapplication
labels:
name: hotelapplication
spec:
ports:
- name: appport
port: 8080
targetPort: 8080
selector:
app: hotelapplication
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hotelapplication
spec:
selector:
matchLabels:
app: hotelapplication
replicas: 1
template:
metadata:
labels:
app: hotelapplication
spec:
containers:
- name: hotelapplication
image: myname/hotelapplication:2.0
imagePullPolicy: Always
ports:
- containerPort: 8080
env: # Setting Enviornmental Variables
- name: DB_HOST # Setting Database host address from configMap
valueFrom:
configMapKeyRef:
name: db-config # name of configMap
key: host
- name: DB_NAME # Setting Database name from configMap
valueFrom:
configMapKeyRef:
name: db-config
key: name
- name: DB_USERNAME # Setting Database username from Secret
valueFrom:
secretKeyRef:
name: db-user # Secret Name
key: username
- name: DB_PASSWORD # Setting Database password from Secret
valueFrom:
secretKeyRef:
name: db-user
key: password
下面是入口 yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
所有资源 - pods、部署、服务、端点似乎工作正常。
入口:
Name: springboot-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
testing.mydomain.dev
hotelapplication:8080 (192.168.254.51:8080)
Annotations: ingress.kubernetes.io/rewrite-target: /
Events: <none>
服务:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hotelapplication ClusterIP 10.109.220.90 <none> 8080/TCP 37m
部署:
NAME READY UP-TO-DATE AVAILABLE AGE
hotelapplication 1/1 1 1 5h55m
mysql-hotelapplication 1/1 1 1 22h
nfs-client-provisioner 1/1 1 1 23h
Pods 对象:
NAME READY STATUS RESTARTS AGE
hotelapplication-596f65488f-cnhlc 1/1 Running 0 149m
mysql-hotelapplication-65587cb8c8-crx4v 1/1 Running 0 22h
nfs-client-provisioner-64f4fb59d8-cb6hd 1/1 Running 0 23h
我删除了services/deployments/pods并重试了,都是徒劳。请帮我解决这个问题。
编辑 1:
我已将 nginx.ingress.kubernetes.io/ssl-redirect: "false" 添加到入口服务定义中。但是,我面临着同样的问题。在访问主机的 public IP 时,我遇到了 502 Bad Gateway 错误。
在 ingress 的日志中,我发现了以下错误:
P/1.1", upstream: "http://192.168.254.56:8081/", host: "myip"
2021/05/06 06:01:33 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:33 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
W0506 06:06:46.328727 6 controller.go:391] Service "ingress-nginx/default-http-backend" does not have any active Endpoint
W0506 06:09:06.921564 6 controller.go:391] Service "ingress-nginx/default-http-backend" does not have any active Endpoint
由于您的入口没有 SSL/TLS 证书,您收到“您的连接不是私人连接”的错误,您可能尝试访问该域在 HTTPS.
上命名
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
如果您在浏览器中打开 URL testing.mydomain.dev 并且显示错误意味着 Ingres 未使用 HTTPS 但浏览器可能正在尝试通过 HTTPS。
你可以添加注解ingress.kubernetes.io/ingress.allow-http: "false"试一试
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/ingress.allow-http: "false"
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
尝试以隐身模式访问 HTTP:// 上的数据
显然,我在部署中配置了不正确的容器端口。入口配置没有任何问题。但是,kubernetes 实际上并没有在日志中显示任何错误,这使得调试非常困难。
给初学者的提示,在尝试公开您的服务之前,通过将服务定义中的 'type' 配置为 'NodePort' 来测试服务。这样我们就可以确保服务配置正确,只需在集群外轻松访问服务即可。
我创建了一个 docker 图像(java 网络应用程序),创建了一个包含 1 个主节点和 1 个工作节点的 kubernetes 集群,创建了一个部署和一个服务。正如我 'kubectl describe resource resourcename' 检查的那样,所有资源似乎 运行 都很好。最后,我使用 Ingress 来暴露集群外的服务。入口资源似乎工作正常,因为在描述入口对象时没有错误。但是,在从另一台机器的浏览器上访问主机时,出现“您的连接不是私有的”错误。我是 Kubernetes 的新手,我无法调试这个问题的原因。
下面是 service/deployment 个 yaml 文件、入口文件内容和资源状态。
服务和部署 YAML:
kind: Service
apiVersion: v1
metadata:
name: hotelapplication
labels:
name: hotelapplication
spec:
ports:
- name: appport
port: 8080
targetPort: 8080
selector:
app: hotelapplication
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hotelapplication
spec:
selector:
matchLabels:
app: hotelapplication
replicas: 1
template:
metadata:
labels:
app: hotelapplication
spec:
containers:
- name: hotelapplication
image: myname/hotelapplication:2.0
imagePullPolicy: Always
ports:
- containerPort: 8080
env: # Setting Enviornmental Variables
- name: DB_HOST # Setting Database host address from configMap
valueFrom:
configMapKeyRef:
name: db-config # name of configMap
key: host
- name: DB_NAME # Setting Database name from configMap
valueFrom:
configMapKeyRef:
name: db-config
key: name
- name: DB_USERNAME # Setting Database username from Secret
valueFrom:
secretKeyRef:
name: db-user # Secret Name
key: username
- name: DB_PASSWORD # Setting Database password from Secret
valueFrom:
secretKeyRef:
name: db-user
key: password
下面是入口 yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
所有资源 - pods、部署、服务、端点似乎工作正常。
入口:
Name: springboot-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
testing.mydomain.dev
hotelapplication:8080 (192.168.254.51:8080)
Annotations: ingress.kubernetes.io/rewrite-target: /
Events: <none>
服务:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hotelapplication ClusterIP 10.109.220.90 <none> 8080/TCP 37m
部署:
NAME READY UP-TO-DATE AVAILABLE AGE
hotelapplication 1/1 1 1 5h55m
mysql-hotelapplication 1/1 1 1 22h
nfs-client-provisioner 1/1 1 1 23h
Pods 对象:
NAME READY STATUS RESTARTS AGE
hotelapplication-596f65488f-cnhlc 1/1 Running 0 149m
mysql-hotelapplication-65587cb8c8-crx4v 1/1 Running 0 22h
nfs-client-provisioner-64f4fb59d8-cb6hd 1/1 Running 0 23h
我删除了services/deployments/pods并重试了,都是徒劳。请帮我解决这个问题。
编辑 1:
我已将 nginx.ingress.kubernetes.io/ssl-redirect: "false" 添加到入口服务定义中。但是,我面临着同样的问题。在访问主机的 public IP 时,我遇到了 502 Bad Gateway 错误。
在 ingress 的日志中,我发现了以下错误:
P/1.1", upstream: "http://192.168.254.56:8081/", host: "myip"
2021/05/06 06:01:33 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:33 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
W0506 06:06:46.328727 6 controller.go:391] Service "ingress-nginx/default-http-backend" does not have any active Endpoint
W0506 06:09:06.921564 6 controller.go:391] Service "ingress-nginx/default-http-backend" does not have any active Endpoint
由于您的入口没有 SSL/TLS 证书,您收到“您的连接不是私人连接”的错误,您可能尝试访问该域在 HTTPS.
上命名apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
如果您在浏览器中打开 URL testing.mydomain.dev 并且显示错误意味着 Ingres 未使用 HTTPS 但浏览器可能正在尝试通过 HTTPS。
你可以添加注解ingress.kubernetes.io/ingress.allow-http: "false"试一试
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/ingress.allow-http: "false"
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
尝试以隐身模式访问 HTTP:// 上的数据
显然,我在部署中配置了不正确的容器端口。入口配置没有任何问题。但是,kubernetes 实际上并没有在日志中显示任何错误,这使得调试非常困难。
给初学者的提示,在尝试公开您的服务之前,通过将服务定义中的 'type' 配置为 'NodePort' 来测试服务。这样我们就可以确保服务配置正确,只需在集群外轻松访问服务即可。