Minikube 上的 Flask 应用程序使用入口拒绝连接
Flask application on Minikube refuse connection using ingress
我在端口 5000 上有一个副本 pod 运行 python flask 应用程序。下面是我的配置和详细信息。
[ec2-user@ip-172-31-1-120 ~]$ cat tree_management/application/*.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: tree-deployment
spec:
selector:
matchLabels:
app: tree-management
replicas: 1
template:
metadata:
labels:
app: tree-management
spec:
containers:
- name: tree-management
image: tree-management
imagePullPolicy: Never
ports:
- containerPort: 5000
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tree-ingress
# annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: local.ec.org
http:
paths:
- path: /tree
pathType: Prefix
backend:
service:
name: tree-service
port:
number: 5000
apiVersion: v1
kind: Service
metadata:
name: tree-service
spec:
# type: NodePort
selector:
app: tree-management
ports:
- protocol: TCP
port: 5000
targetPort: 5000
应用程序在 pod 内 运行 正常,因为当我在 pod 中执行 kubectl exec 以命中 api url 时,它会给我输出。
下面是一些 kubectl 输出。
[ec2-user@ip-172-31-1-120 ~]$ minikube service list
|----------------------|------------------------------------|--------------|---------------------------|
| NAMESPACE | NAME | TARGET PORT | URL |
|----------------------|------------------------------------|--------------|---------------------------|
| default | kubernetes | No node port |
| default | tree-service | No node port |
| ingress-nginx | ingress-nginx-controller | http/80 | http://192.168.49.2:31893 |
| | | https/443 | http://192.168.49.2:30453 |
| ingress-nginx | ingress-nginx-controller-admission | No node port |
| kube-system | kube-dns | No node port |
| kubernetes-dashboard | dashboard-metrics-scraper | No node port |
| kubernetes-dashboard | kubernetes-dashboard | No node port |
|----------------------|------------------------------------|--------------|---------------------------|
[ec2-user@ip-172-31-1-120 ~]$ kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 39h
default tree-service ClusterIP 10.99.136.46 <none> 5000/TCP 14m
ingress-nginx ingress-nginx-controller NodePort 10.96.58.167 <none> 80:31893/TCP,443:30453/TCP 21h
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.103.107.214 <none> 443/TCP 21h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 39h
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.98.246.45 <none> 8000/TCP 39h
kubernetes-dashboard kubernetes-dashboard ClusterIP 10.98.103.55 <none> 80/TCP 39h
[ec2-user@ip-172-31-1-120 ~]$ minikube ip
192.168.49.2
我在本地添加了主机条目以及 minikube IP。当我尝试使用 nodeIp 访问我的 Flask 应用程序时,它无法正常工作。这是我点击 URL
时得到的结果
[ec2-user@ip-172-31-1-120 ~]$ curl http://192.168.49.2/tree
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
以下是来自 nginx ingress 的日志
2021/05/24 07:59:44 [error] 298#298: *20007 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
2021/05/24 07:59:44 [error] 298#298: *20007 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
2021/05/24 07:59:44 [error] 298#298: *20007 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
192.168.49.1 - - [24/May/2021:07:59:44 +0000] "GET /tree HTTP/1.1" 502 150 "-" "curl/7.61.1" 84 0.000 [default-tree-service-5000] [] 172.17.0.5:5000, 172.17.0.5:5000, 172.17.0.5:5000 0, 0, 0 0.000, 0.000, 0.000 502, 502, 502 bd34da31533e0f3393ff490efe37a90d
也尝试了以下 CURL 组合,但都失败了。
curl http://local.ec.org:5000
curl http://local.ec.org
curl http://local.ec.org/tree
curl http://local.ec.org/tree -H local.ec.org
curl http://local.ec.org -H local.ec.org
curl http://local.ec.org/ -H local.ec.org
curl http://local.ec.org/tree -H local.ec.org
curl http://192.168.49.2:5000/tree -H Host:local.ec.org
你能帮忙看看这里出了什么问题吗?
更新 1
在做了一些配置更改后,我可以看到如果我点击下面 URL 然后请求将转到 nginx 但不确定为什么它 returns 502 bad gateway.
curl http://local.ec.org/tree
Nginx 错误。不知道为什么nginx连接上游失败?
2021/05/24 13:01:58 [error] 447#447: *168693 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
192.168.49.1 - - [24/May/2021:13:01:58 +0000] "GET /tree HTTP/1.1" 502 150 "-" "curl/7.61.1" 84 0.001 [default-tree-service-5000] [] 172.17.0.5:5000, 172.17.0.5:5000, 172.17.0.5:5000 0, 0, 0 0.000, 0.000, 0.000 502, 502, 502 dff2ca8a83f9d2237300b6d46f978e43
2021/05/24 13:01:58 [error] 447#447: *168693 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
2021/05/24 13:01:58 [error] 447#447: *168693 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
我能够解决这个问题,罪魁祸首是 Flask 应用程序。为了解决问题,我登录了 Flask Pod 并执行了以下命令。
netstat -tupln
这向我解释了应用程序正在侦听端口 5000,但默认情况下它只允许来自 127.0.0.1 的连接。 (即来自自我)。这是因为我使用 app.run() 命令启动应用程序。我必须如下更改此命令。
# Run flask app.
app.run(
host="0.0.0.0",
port=5000
)
这允许来自任何主机的连接(即 0.0.0.0)。
注意:这是一个演示应用程序,因此我允许从 0.0.0.0 开始,但不建议在生产环境中这样做。
我在端口 5000 上有一个副本 pod 运行 python flask 应用程序。下面是我的配置和详细信息。
[ec2-user@ip-172-31-1-120 ~]$ cat tree_management/application/*.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: tree-deployment
spec:
selector:
matchLabels:
app: tree-management
replicas: 1
template:
metadata:
labels:
app: tree-management
spec:
containers:
- name: tree-management
image: tree-management
imagePullPolicy: Never
ports:
- containerPort: 5000
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tree-ingress
# annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: local.ec.org
http:
paths:
- path: /tree
pathType: Prefix
backend:
service:
name: tree-service
port:
number: 5000
apiVersion: v1
kind: Service
metadata:
name: tree-service
spec:
# type: NodePort
selector:
app: tree-management
ports:
- protocol: TCP
port: 5000
targetPort: 5000
应用程序在 pod 内 运行 正常,因为当我在 pod 中执行 kubectl exec 以命中 api url 时,它会给我输出。 下面是一些 kubectl 输出。
[ec2-user@ip-172-31-1-120 ~]$ minikube service list
|----------------------|------------------------------------|--------------|---------------------------|
| NAMESPACE | NAME | TARGET PORT | URL |
|----------------------|------------------------------------|--------------|---------------------------|
| default | kubernetes | No node port |
| default | tree-service | No node port |
| ingress-nginx | ingress-nginx-controller | http/80 | http://192.168.49.2:31893 |
| | | https/443 | http://192.168.49.2:30453 |
| ingress-nginx | ingress-nginx-controller-admission | No node port |
| kube-system | kube-dns | No node port |
| kubernetes-dashboard | dashboard-metrics-scraper | No node port |
| kubernetes-dashboard | kubernetes-dashboard | No node port |
|----------------------|------------------------------------|--------------|---------------------------|
[ec2-user@ip-172-31-1-120 ~]$ kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 39h
default tree-service ClusterIP 10.99.136.46 <none> 5000/TCP 14m
ingress-nginx ingress-nginx-controller NodePort 10.96.58.167 <none> 80:31893/TCP,443:30453/TCP 21h
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.103.107.214 <none> 443/TCP 21h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 39h
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.98.246.45 <none> 8000/TCP 39h
kubernetes-dashboard kubernetes-dashboard ClusterIP 10.98.103.55 <none> 80/TCP 39h
[ec2-user@ip-172-31-1-120 ~]$ minikube ip
192.168.49.2
我在本地添加了主机条目以及 minikube IP。当我尝试使用 nodeIp 访问我的 Flask 应用程序时,它无法正常工作。这是我点击 URL
时得到的结果[ec2-user@ip-172-31-1-120 ~]$ curl http://192.168.49.2/tree
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
以下是来自 nginx ingress 的日志
2021/05/24 07:59:44 [error] 298#298: *20007 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
2021/05/24 07:59:44 [error] 298#298: *20007 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
2021/05/24 07:59:44 [error] 298#298: *20007 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
192.168.49.1 - - [24/May/2021:07:59:44 +0000] "GET /tree HTTP/1.1" 502 150 "-" "curl/7.61.1" 84 0.000 [default-tree-service-5000] [] 172.17.0.5:5000, 172.17.0.5:5000, 172.17.0.5:5000 0, 0, 0 0.000, 0.000, 0.000 502, 502, 502 bd34da31533e0f3393ff490efe37a90d
也尝试了以下 CURL 组合,但都失败了。
curl http://local.ec.org:5000
curl http://local.ec.org
curl http://local.ec.org/tree
curl http://local.ec.org/tree -H local.ec.org
curl http://local.ec.org -H local.ec.org
curl http://local.ec.org/ -H local.ec.org
curl http://local.ec.org/tree -H local.ec.org
curl http://192.168.49.2:5000/tree -H Host:local.ec.org
你能帮忙看看这里出了什么问题吗?
更新 1 在做了一些配置更改后,我可以看到如果我点击下面 URL 然后请求将转到 nginx 但不确定为什么它 returns 502 bad gateway.
curl http://local.ec.org/tree
Nginx 错误。不知道为什么nginx连接上游失败?
2021/05/24 13:01:58 [error] 447#447: *168693 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
192.168.49.1 - - [24/May/2021:13:01:58 +0000] "GET /tree HTTP/1.1" 502 150 "-" "curl/7.61.1" 84 0.001 [default-tree-service-5000] [] 172.17.0.5:5000, 172.17.0.5:5000, 172.17.0.5:5000 0, 0, 0 0.000, 0.000, 0.000 502, 502, 502 dff2ca8a83f9d2237300b6d46f978e43
2021/05/24 13:01:58 [error] 447#447: *168693 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
2021/05/24 13:01:58 [error] 447#447: *168693 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.49.1, server: local.ec.org, request: "GET /tree HTTP/1.1", upstream: "http://172.17.0.5:5000/tree", host: "local.ec.org"
我能够解决这个问题,罪魁祸首是 Flask 应用程序。为了解决问题,我登录了 Flask Pod 并执行了以下命令。
netstat -tupln
这向我解释了应用程序正在侦听端口 5000,但默认情况下它只允许来自 127.0.0.1 的连接。 (即来自自我)。这是因为我使用 app.run() 命令启动应用程序。我必须如下更改此命令。
# Run flask app.
app.run(
host="0.0.0.0",
port=5000
)
这允许来自任何主机的连接(即 0.0.0.0)。
注意:这是一个演示应用程序,因此我允许从 0.0.0.0 开始,但不建议在生产环境中这样做。