Nginx Kubernetes 入口 returns 502
Nginx Kubernetes Ingress returns 502
我正在尝试在 AWS EKS 的 Kubernetes 集群中部署简单的 REST API 应用程序。
其他一切都是反向代理就好了。
我使用以下配置进行部署。 Pod 很健康,Pod 每 20 分钟重新启动一次,因为 AWS 终止了与我的开发免费层数据库的连接,但我 运行 几个副本以防万一。
当我尝试连接到域时,出现 502 Bad Gateway 错误。真不知道怎么回事
apiVersion: apps/v1
kind: Deployment
metadata:
name: xyz-microservice
spec:
replicas: 4
template:
nodeSelector:
node.kubernetes.io/role: worker
tolerations:
- effect: NoSchedule
key: node.kubernetes.io/role
operator: Equal
value: worker
selector:
matchLabels:
app: xyz-microservice
template:
metadata:
labels:
app: xyz-microservice
spec:
hostname: xyz-microservice
containers:
- name: xyz-microservice
image: redacted
imagePullPolicy: Always
env:
- name: DB_USERNAME
value: redacted
- name: DB_PASSWORD
value: redacted
- name: DB_HOST
value: redacted
- name: DB_PORT
value: "5432"
- name: DB_NAME
value: redacted
resources:
requests:
memory: "32Mi"
cpu: "80m"
limits:
memory: "128Mi"
cpu: "100m"
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: xyz-microservice-service
spec:
type: ClusterIP
selector:
app: xyz-microservice
ports:
- port: 80
targetPort: 8080
protocol: TCP
这是入口配置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "internal"
forecastle.stakater.com/expose: "true"
forecastle.stakater.com/appName: "XYZ Microservice"
cert-manager.io/cluster-issuer: "letsencrypt-aws"
name: xyz-microservice
spec:
rules:
- host: xyz.internal.staging.k8s.redacted
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xyz-microservice-service
port:
number: 8080
tls:
- hosts:
- xyz.internal.staging.k8s.redacted
secretName: xyz-microservice-tls
如果有人能指导我,那将意义重大。
请记住,几乎每次您在 nginx-ingress 中收到 502 错误网关时,它都与后端端口绑定问题/错误的后端配置名称等有关。
这里您的 nginx ingress 配置为将流量从“xyz.internal.staging.k8s.redacted”主机重定向到“xyz-microservice-service”kubernetes 服务的端口 8080。
但是 8080 是您服务的目标端口。没有实际上是 80 的暴露端口。
因此,要解决此问题,只需更改后端服务的端口,如下所示:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "internal"
forecastle.stakater.com/expose: "true"
forecastle.stakater.com/appName: "XYZ Microservice"
cert-manager.io/cluster-issuer: "letsencrypt-aws"
name: xyz-microservice
spec:
rules:
- host: xyz.internal.staging.k8s.redacted
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xyz-microservice-service
port:
number: 80
tls:
- hosts:
- xyz.internal.staging.k8s.redacted
secretName: xyz-microservice-tls
(或重新配置服务的端口以匹配入口配置的端口。)
我正在尝试在 AWS EKS 的 Kubernetes 集群中部署简单的 REST API 应用程序。 其他一切都是反向代理就好了。
我使用以下配置进行部署。 Pod 很健康,Pod 每 20 分钟重新启动一次,因为 AWS 终止了与我的开发免费层数据库的连接,但我 运行 几个副本以防万一。
当我尝试连接到域时,出现 502 Bad Gateway 错误。真不知道怎么回事
apiVersion: apps/v1
kind: Deployment
metadata:
name: xyz-microservice
spec:
replicas: 4
template:
nodeSelector:
node.kubernetes.io/role: worker
tolerations:
- effect: NoSchedule
key: node.kubernetes.io/role
operator: Equal
value: worker
selector:
matchLabels:
app: xyz-microservice
template:
metadata:
labels:
app: xyz-microservice
spec:
hostname: xyz-microservice
containers:
- name: xyz-microservice
image: redacted
imagePullPolicy: Always
env:
- name: DB_USERNAME
value: redacted
- name: DB_PASSWORD
value: redacted
- name: DB_HOST
value: redacted
- name: DB_PORT
value: "5432"
- name: DB_NAME
value: redacted
resources:
requests:
memory: "32Mi"
cpu: "80m"
limits:
memory: "128Mi"
cpu: "100m"
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: xyz-microservice-service
spec:
type: ClusterIP
selector:
app: xyz-microservice
ports:
- port: 80
targetPort: 8080
protocol: TCP
这是入口配置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "internal"
forecastle.stakater.com/expose: "true"
forecastle.stakater.com/appName: "XYZ Microservice"
cert-manager.io/cluster-issuer: "letsencrypt-aws"
name: xyz-microservice
spec:
rules:
- host: xyz.internal.staging.k8s.redacted
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xyz-microservice-service
port:
number: 8080
tls:
- hosts:
- xyz.internal.staging.k8s.redacted
secretName: xyz-microservice-tls
如果有人能指导我,那将意义重大。
请记住,几乎每次您在 nginx-ingress 中收到 502 错误网关时,它都与后端端口绑定问题/错误的后端配置名称等有关。
这里您的 nginx ingress 配置为将流量从“xyz.internal.staging.k8s.redacted”主机重定向到“xyz-microservice-service”kubernetes 服务的端口 8080。
但是 8080 是您服务的目标端口。没有实际上是 80 的暴露端口。
因此,要解决此问题,只需更改后端服务的端口,如下所示:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "internal"
forecastle.stakater.com/expose: "true"
forecastle.stakater.com/appName: "XYZ Microservice"
cert-manager.io/cluster-issuer: "letsencrypt-aws"
name: xyz-microservice
spec:
rules:
- host: xyz.internal.staging.k8s.redacted
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xyz-microservice-service
port:
number: 80
tls:
- hosts:
- xyz.internal.staging.k8s.redacted
secretName: xyz-microservice-tls
(或重新配置服务的端口以匹配入口配置的端口。)