503 服务不可用 - 我的 ingress.yaml 文件有问题吗?
503 service unavailable- Is there any issue with my ingress.yaml file?
请多多包涵。我可能听起来很傻。但是,我对 K8s 很陌生,对编写它的 yaml 文件了解不多。
我已经将一个 Spring 引导应用程序作为 pod 通过它的 helm chart 部署到 k8s 集群。当我使用 curl 从 pod 的终端访问应用程序的任何 URL 时,我得到了成功响应。但是,当我从笔记本电脑或浏览器访问它时,出现 503 服务不可用错误。我不知道发生了什么。我的前辈说这是一个入口问题。但是,helm 安装 运行 完美,pod 也出现了。
下面是我的 ingress.yaml 文件。
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "my-service.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "my-service.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
下面是我 运行 从那里 curl 时在笔记本电脑的 cmd 终端上得到的跟踪。
* Trying 10.210.228.31...
* TCP_NODELAY set
* Connected to my-server.corp.xyz.com port 443 (#0)
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
* schannel: sending initial handshake data: sending 186 bytes...
* schannel: sent initial handshake data: sent 186 bytes
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: encrypted data got 4096
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 4022
* schannel: encrypted data buffer: offset 4022 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: encrypted data got 957
* schannel: encrypted data buffer: offset 4979 length 5046
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: encrypted data got 274
* schannel: encrypted data buffer: offset 274 length 5046
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 3/3)
* schannel: stored credential handle in session cache
> POST /api-htmplortal/authenticate HTTP/1.1
> Host: my-server.corp.xyz.com
> User-Agent: curl/7.55.1
> Accept: */*
> Content-type: application/json
> Content-Length: 73
>
* upload completely sent off: 73 out of 73 bytes
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 469
* schannel: encrypted data buffer: offset 469 length 103424
* schannel: decrypted data length: 440
* schannel: decrypted data added: 440
* schannel: decrypted data cached: offset 440 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 440 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 440
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 503 Service Temporarily Unavailable
< Server: nginx/1.17.10
< Date: Fri, 18 Jun 2021 14:09:45 GMT
< Content-Type: text/html
< Content-Length: 198
< Connection: keep-alive
< Strict-Transport-Security: max-age=15724800; includeSubDomains
<
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.17.10</center>
</body>
</html>
* Connection #0 to host my-server.corp.xyz.com left intact
其实是配置问题。我实际上 运行宁不同 pods 我有所有的舵图。为了启动所有 pods,我有一个 helm of helms,其中包括所有 helm 作为子图表。问题中的入口是 parent/main helm 图表中的入口。
对于 运行 父 helm,我有一个 shell 脚本,它可以为父图表的子图表提供环境属性。
现在,我有两个 helm 子图:即旧服务和新服务。我的要求是我只需要根据标志值启动一个。新服务是旧服务的升级版本,所以为了不更新访问服务的 UI 端点,我尝试保持两个子图的后端相同(认为因为只有一个 pod 会启动 ->对于不是从我的 shell 脚本开始的 pod,我将 replicaCount 保持为 0,如下所示:
--set old-service.ingress.hosts[0].paths[0]="/proxy-service-${NAMESPACE}(/|$)(.*)" \
--set new-service.ingress.hosts[0].paths[0]="/proxy-service-${NAMESPACE}(/|$)(.*)" \
但是,事实证明。这是不可能的。看来 kubernetes 读取配置而不是 pod 运行ning or not.
为了解决这个问题,我将新服务和旧服务的上述两个后端保持不同,并根据将要启动的服务提供动态端点环境 属性 到 UI 子图基于标志值。
--set ui.proxyUrl=https://${LOAD_BALANCER}/${proxyUrl}-${NAMESPACE} \
请多多包涵。我可能听起来很傻。但是,我对 K8s 很陌生,对编写它的 yaml 文件了解不多。
我已经将一个 Spring 引导应用程序作为 pod 通过它的 helm chart 部署到 k8s 集群。当我使用 curl 从 pod 的终端访问应用程序的任何 URL 时,我得到了成功响应。但是,当我从笔记本电脑或浏览器访问它时,出现 503 服务不可用错误。我不知道发生了什么。我的前辈说这是一个入口问题。但是,helm 安装 运行 完美,pod 也出现了。
下面是我的 ingress.yaml 文件。
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "my-service.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "my-service.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
下面是我 运行 从那里 curl 时在笔记本电脑的 cmd 终端上得到的跟踪。
* Trying 10.210.228.31...
* TCP_NODELAY set
* Connected to my-server.corp.xyz.com port 443 (#0)
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
* schannel: sending initial handshake data: sending 186 bytes...
* schannel: sent initial handshake data: sent 186 bytes
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: encrypted data got 4096
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 4022
* schannel: encrypted data buffer: offset 4022 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: encrypted data got 957
* schannel: encrypted data buffer: offset 4979 length 5046
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 2/3)
* schannel: encrypted data got 274
* schannel: encrypted data buffer: offset 274 length 5046
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with my-server.corp.xyz.com port 443 (step 3/3)
* schannel: stored credential handle in session cache
> POST /api-htmplortal/authenticate HTTP/1.1
> Host: my-server.corp.xyz.com
> User-Agent: curl/7.55.1
> Accept: */*
> Content-type: application/json
> Content-Length: 73
>
* upload completely sent off: 73 out of 73 bytes
* schannel: client wants to read 102400 bytes
* schannel: encdata_buffer resized 103424
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: encrypted data got 469
* schannel: encrypted data buffer: offset 469 length 103424
* schannel: decrypted data length: 440
* schannel: decrypted data added: 440
* schannel: decrypted data cached: offset 440 length 102400
* schannel: encrypted data buffer: offset 0 length 103424
* schannel: decrypted data buffer: offset 440 length 102400
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 440
* schannel: decrypted data buffer: offset 0 length 102400
< HTTP/1.1 503 Service Temporarily Unavailable
< Server: nginx/1.17.10
< Date: Fri, 18 Jun 2021 14:09:45 GMT
< Content-Type: text/html
< Content-Length: 198
< Connection: keep-alive
< Strict-Transport-Security: max-age=15724800; includeSubDomains
<
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.17.10</center>
</body>
</html>
* Connection #0 to host my-server.corp.xyz.com left intact
其实是配置问题。我实际上 运行宁不同 pods 我有所有的舵图。为了启动所有 pods,我有一个 helm of helms,其中包括所有 helm 作为子图表。问题中的入口是 parent/main helm 图表中的入口。
对于 运行 父 helm,我有一个 shell 脚本,它可以为父图表的子图表提供环境属性。
现在,我有两个 helm 子图:即旧服务和新服务。我的要求是我只需要根据标志值启动一个。新服务是旧服务的升级版本,所以为了不更新访问服务的 UI 端点,我尝试保持两个子图的后端相同(认为因为只有一个 pod 会启动 ->对于不是从我的 shell 脚本开始的 pod,我将 replicaCount 保持为 0,如下所示:
--set old-service.ingress.hosts[0].paths[0]="/proxy-service-${NAMESPACE}(/|$)(.*)" \
--set new-service.ingress.hosts[0].paths[0]="/proxy-service-${NAMESPACE}(/|$)(.*)" \
但是,事实证明。这是不可能的。看来 kubernetes 读取配置而不是 pod 运行ning or not.
为了解决这个问题,我将新服务和旧服务的上述两个后端保持不同,并根据将要启动的服务提供动态端点环境 属性 到 UI 子图基于标志值。
--set ui.proxyUrl=https://${LOAD_BALANCER}/${proxyUrl}-${NAMESPACE} \