入口对象不会重定向到服务
Ingress object doesn't redirect to service
我正在尝试在我的 kubernetes 集群中设置 Ingress,但没有成功。我遵循了指定的说明 here。基本上我应用了以下对象:
首先,设置 RBAC 基础设施:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
**Versions**: <br>
Kubectl, kubeadm, kubelet: 1.21.00<br>
Traefik 1.17
然后,使用 Pods 运行ing 入口控制器创建了一个 DaemonSet:
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
selector:
matchLabels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik:v1.7
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8080
hostPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
现在,我可以在我的一个节点上使用端口 8080 访问 Ingress Web UI,而且我还知道端口 80 将流量定向到 Ingress Controller,因为当我 运行
$ curl localhost:80
404 page not found
问题是,当尝试创建 Ingress 对象时,出于某种原因,Ingress Controller 没有将其重定向到后端服务。创建了以下对象:
apiVersion: v1
kind: Service
metadata:
name: svc-myserver
spec:
type: ClusterIP
selector:
app: my-server
ports:
- protocol: TCP
port: 80
targetPort: 3000
这有效,当 运行ning:
$ curl 10.100.127.255
Hello world ! Version 1
现在,所有要做的就是创建一个将流量转发到服务的 Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-server-ingress
namespace: kube-system
spec:
rules:
- host: myapp.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-myserver
port:
number: 80
现在当我运行:
$ kubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
kube-system my-server-ingress <none> myapp.com 80 13h
您可以看到 ADDRESS 字段是空的,事实上当我尝试浏览到这个 myapp.com(在 /etc/hosts 中更新)- 我得到 404。
我错过了什么?
版本
kubeadm、kubectl、kubelet - 1.21.00
Traefik 1.17
好的,我明白问题出在哪里了:我的 Ingress 对象与服务不在同一个命名空间中。在检查 Ingress Controller 的 Pod 的日志时,我得到:
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/svc-myserver"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/traefik-web-ui"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/traefik-web-ui"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/svc-myserver"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/traefik-web-ui"
一旦我将它移动到正确的命名空间,它就非常有效。
谢谢!
我正在尝试在我的 kubernetes 集群中设置 Ingress,但没有成功。我遵循了指定的说明 here。基本上我应用了以下对象:
首先,设置 RBAC 基础设施:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
**Versions**: <br>
Kubectl, kubeadm, kubelet: 1.21.00<br>
Traefik 1.17
然后,使用 Pods 运行ing 入口控制器创建了一个 DaemonSet:
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
selector:
matchLabels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik:v1.7
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8080
hostPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
现在,我可以在我的一个节点上使用端口 8080 访问 Ingress Web UI,而且我还知道端口 80 将流量定向到 Ingress Controller,因为当我 运行
$ curl localhost:80
404 page not found
问题是,当尝试创建 Ingress 对象时,出于某种原因,Ingress Controller 没有将其重定向到后端服务。创建了以下对象:
apiVersion: v1
kind: Service
metadata:
name: svc-myserver
spec:
type: ClusterIP
selector:
app: my-server
ports:
- protocol: TCP
port: 80
targetPort: 3000
这有效,当 运行ning:
$ curl 10.100.127.255
Hello world ! Version 1
现在,所有要做的就是创建一个将流量转发到服务的 Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-server-ingress
namespace: kube-system
spec:
rules:
- host: myapp.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-myserver
port:
number: 80
现在当我运行:
$ kubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
kube-system my-server-ingress <none> myapp.com 80 13h
您可以看到 ADDRESS 字段是空的,事实上当我尝试浏览到这个 myapp.com(在 /etc/hosts 中更新)- 我得到 404。
我错过了什么?
版本
kubeadm、kubectl、kubelet - 1.21.00
Traefik 1.17
好的,我明白问题出在哪里了:我的 Ingress 对象与服务不在同一个命名空间中。在检查 Ingress Controller 的 Pod 的日志时,我得到:
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/svc-myserver"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/traefik-web-ui"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/traefik-web-ui"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/svc-myserver"
time="2021-12-21T19:16:33Z" level=error msg="Service not found for kube-system/traefik-web-ui"
一旦我将它移动到正确的命名空间,它就非常有效。
谢谢!