kubernetes 部署或端口 8080 上的 pods 导致 504 错误
kubernetes deployments or pods on port 8080 result in 504 error
我有点问题,我正在尝试通过入口访问 Keycloak pod,但我一直收到 504 错误
我已经尝试过其他部署(nginx、apache、pg-admin),它们都可以工作。共同点是端口 80 上的那些 pods 运行 和端口 8080 上的 keycloak 运行s。我还尝试部署 apache 气流,默认情况下使用端口 8080。
我无法在 Keycloak 部署上设置端口 80 或 443,出现以下错误:
keycloak 06:23:59.51 ERROR ==> An invalid port was specified in the environment variable KEYCLOAK_HTTP_PORT: privileged port requested.
keycloak 06:23:59.51 ERROR ==> An invalid port was specified in the environment variable KEYCLOAK_HTTPS_PORT: privileged port requested.
ingress-nginx-controller pod 日志:
10.7.211.10 - - [06/Jan/2022:05:57:42 +0000] "GET /favicon.ico HTTP/1.1" 504 562 "http://api.cp.ca/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36" 367 15.003 [default-kcd-8080] [] 10.244.1.59:8080, 10.244.1.59:8080, 10.244.1.59:8080 0, 0, 0 5.001, 5.000, 5.004 504, 504, 504 8c0c75ee66bebace840c4f77e5722c77
我没有在任何地方设置防火墙,我的集群由 3 个工作节点组成,我没有使用云,只有 4 个虚拟机。
当前配置:
- MetalLB v0.11.0
- Kubernetes v1.22.4
- 法兰绒 v0.15.11
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cp-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
defaultBackend:
service:
name: tools-pgadmin
port:
number: 80
rules:
- host: api.cp.ca
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kcd
port:
number: 8080
# service:
# kubectl expose deployment kcd
# kcd ClusterIP 10.109.12.99 <none> 8080/TCP,8443/TCP 8m18s
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kcd
spec:
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: bitnami/keycloak
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
env:
- name: DB_VENDOR
value: "postgres"
- name: KEYCLOAK_DATABASE_HOST
value: "10.7.211.100"
- name: KEYCLOAK_DATABASE_NAME
value: "keycloak"
- name: KEYCLOAK_DATABASE_USER
value: "postgres"
- name: KEYCLOAK_DATABASE_PASSWORD
value: "postgres"
- name: KEYCLOAK_DATABASE_SCHEMA
value: "public"
什么情况会导致8080端口无法访问?
从头开始构建堆栈时是否需要启用任何其他设置?
谢谢
我不确定这可能是因为您使用的是 bitnami 图像,我仍然建议尝试使用以下部署文件。
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:10.0.0
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: POSTGRES
- name: DB_ADDR
value: postgres
- name: DB_DATABASE
value: keycloak
- name: DB_USER
value: root
- name: DB_PASSWORD
value: password
- name : KEYCLOAK_HTTP_PORT
value : "80"
- name: KEYCLOAK_HTTPS_PORT
value: "443"
- name : KEYCLOAK_HOSTNAME
value : keycloak.harshmanvar.tk #replace with ingress URL
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
我有点问题,我正在尝试通过入口访问 Keycloak pod,但我一直收到 504 错误 我已经尝试过其他部署(nginx、apache、pg-admin),它们都可以工作。共同点是端口 80 上的那些 pods 运行 和端口 8080 上的 keycloak 运行s。我还尝试部署 apache 气流,默认情况下使用端口 8080。 我无法在 Keycloak 部署上设置端口 80 或 443,出现以下错误:
keycloak 06:23:59.51 ERROR ==> An invalid port was specified in the environment variable KEYCLOAK_HTTP_PORT: privileged port requested.
keycloak 06:23:59.51 ERROR ==> An invalid port was specified in the environment variable KEYCLOAK_HTTPS_PORT: privileged port requested.
ingress-nginx-controller pod 日志:
10.7.211.10 - - [06/Jan/2022:05:57:42 +0000] "GET /favicon.ico HTTP/1.1" 504 562 "http://api.cp.ca/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36" 367 15.003 [default-kcd-8080] [] 10.244.1.59:8080, 10.244.1.59:8080, 10.244.1.59:8080 0, 0, 0 5.001, 5.000, 5.004 504, 504, 504 8c0c75ee66bebace840c4f77e5722c77
我没有在任何地方设置防火墙,我的集群由 3 个工作节点组成,我没有使用云,只有 4 个虚拟机。
当前配置:
- MetalLB v0.11.0
- Kubernetes v1.22.4
- 法兰绒 v0.15.11
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cp-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
defaultBackend:
service:
name: tools-pgadmin
port:
number: 80
rules:
- host: api.cp.ca
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kcd
port:
number: 8080
# service:
# kubectl expose deployment kcd
# kcd ClusterIP 10.109.12.99 <none> 8080/TCP,8443/TCP 8m18s
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kcd
spec:
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: bitnami/keycloak
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
env:
- name: DB_VENDOR
value: "postgres"
- name: KEYCLOAK_DATABASE_HOST
value: "10.7.211.100"
- name: KEYCLOAK_DATABASE_NAME
value: "keycloak"
- name: KEYCLOAK_DATABASE_USER
value: "postgres"
- name: KEYCLOAK_DATABASE_PASSWORD
value: "postgres"
- name: KEYCLOAK_DATABASE_SCHEMA
value: "public"
什么情况会导致8080端口无法访问? 从头开始构建堆栈时是否需要启用任何其他设置? 谢谢
我不确定这可能是因为您使用的是 bitnami 图像,我仍然建议尝试使用以下部署文件。
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:10.0.0
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: POSTGRES
- name: DB_ADDR
value: postgres
- name: DB_DATABASE
value: keycloak
- name: DB_USER
value: root
- name: DB_PASSWORD
value: password
- name : KEYCLOAK_HTTP_PORT
value : "80"
- name: KEYCLOAK_HTTPS_PORT
value: "443"
- name : KEYCLOAK_HOSTNAME
value : keycloak.harshmanvar.tk #replace with ingress URL
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080