Nginx Kubernetes 入口 returns 502

Nginx Kubernetes Ingress returns 502

我正在尝试在 AWS EKS 的 Kubernetes 集群中部署简单的 REST API 应用程序。 其他一切都是反向代理就好了。

我使用以下配置进行部署。 Pod 很健康,Pod 每 20 分钟重新启动一次,因为 AWS 终止了与我的开发免费层数据库的连接,但我 运行 几个副本以防万一。

当我尝试连接到域时,出现 502 Bad Gateway 错误。真不知道怎么回事

apiVersion: apps/v1
kind: Deployment
metadata:
  name: xyz-microservice
spec:
  replicas: 4
  template:
    nodeSelector:
        node.kubernetes.io/role: worker
    tolerations:
      - effect: NoSchedule
        key: node.kubernetes.io/role
        operator: Equal
        value: worker
  selector:
    matchLabels:
      app: xyz-microservice
  template:
    metadata:
      labels:
        app: xyz-microservice
    spec:
      hostname: xyz-microservice
      containers:
      - name: xyz-microservice
        image:  redacted
        imagePullPolicy: Always
        env:
        - name: DB_USERNAME
          value: redacted
        - name: DB_PASSWORD
          value: redacted
        - name: DB_HOST
          value: redacted
        - name: DB_PORT
          value: "5432"
        - name: DB_NAME
          value: redacted
        resources:
          requests:
            memory: "32Mi"
            cpu: "80m"
          limits:
            memory: "128Mi"
            cpu: "100m"
        ports:
        - containerPort: 8080

---
apiVersion: v1
kind: Service
metadata:
  name: xyz-microservice-service
spec:
  type: ClusterIP
  selector:
    app: xyz-microservice
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP

这是入口配置:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "internal"
    forecastle.stakater.com/expose: "true"
    forecastle.stakater.com/appName: "XYZ Microservice"
    cert-manager.io/cluster-issuer: "letsencrypt-aws"
  name: xyz-microservice
spec:
  rules:
    - host: xyz.internal.staging.k8s.redacted
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: xyz-microservice-service
                port:
                  number: 8080
  tls:
    - hosts:
      - xyz.internal.staging.k8s.redacted
      secretName: xyz-microservice-tls

如果有人能指导我,那将意义重大。

请记住,几乎每次您在 nginx-ingress 中收到 502 错误网关时,它都与后端端口绑定问题/错误的后端配置名称等有关。

这里您的 nginx ingress 配置为将流量从“xyz.internal.staging.k8s.redacted”主机重定向到“xyz-microservice-service”kubernetes 服务的端口 8080。

但是 8080 是您服务的目标端口。没有实际上是 80 的暴露端口。

因此,要解决此问题,只需更改后端服务的端口,如下所示:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "internal"
    forecastle.stakater.com/expose: "true"
    forecastle.stakater.com/appName: "XYZ Microservice"
    cert-manager.io/cluster-issuer: "letsencrypt-aws"
  name: xyz-microservice
spec:
  rules:
    - host: xyz.internal.staging.k8s.redacted
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: xyz-microservice-service
                port:
                  number: 80
  tls:
    - hosts:
      - xyz.internal.staging.k8s.redacted
      secretName: xyz-microservice-tls

(或重新配置服务的端口以匹配入口配置的端口。)