这是我当前的设置。
我有一个安装了nginx控制器的k8集群。我使用头盔安装了nginx。
所以我有一个简单的苹果服务,如下:
kind: Pod
apiVersion: v1
metadata:
name: apple-app
labels:
app: apple
spec:
containers:
- name: apple-app
image: hashicorp/http-echo
args:
- "-text=apple"
---
kind: Service
apiVersion: v1
metadata:
name: apple-service
spec:
selector:
app: apple
ports:
- port: 5678 # Default port for image
然后我做了一个kubectl应用-f apples.yaml
现在我有一个如下所示的ingress.yaml。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /apple
backend:
serviceName: apple-service
servicePort: 5678
然后我kubectl -f ingress.yaml
我的入口控制器没有外部IP地址。
但是即使没有外部IP,我也做了
kubectl exec -it nginxdeploy-nginx-ingress-controller-5d6ddbb677-774xc /bin/bash
并尝试进行卷曲kL http://localhost/apples
,它给了我503错误。
有人可以为此提供帮助吗?
答案 0 :(得分:0)
我已经测试了您的配置,对我来说似乎还可以。
Pod反应良好:
$ kubectl describe pod apple-app
Name: apple-app
Namespace: default
Node: kube-helm/10.156.0.2
Start Time: Mon, 10 Sep 2018 11:53:57 +0000
Labels: app=apple
Annotations: <none>
Status: Running
IP: 192.168.73.73
...
$ curl http://192.168.73.73:5678
apple
服务反应良好:
$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apple-service ClusterIP 10.111.93.194 <none> 5678/TCP 1m
$ curl http://10.111.93.194:5678
apple
Ingress响应也很好,但是默认情况下,它将HTTP重定向到https:
$ kubectl exec -it nginx-ingress-controller-6c9fcdf8d9-ggrcs -n ingress-nginx /bin/bash
www-data@nginx-ingress-controller-6c9fcdf8d9-ggrcs:/etc/nginx$ curl http://localhost/apple
<html>
<head><title>308 Permanent Redirect</title></head>
<body bgcolor="white">
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx/1.13.12</center>
</body>
</html>
www-data@nginx-ingress-controller-6c9fcdf8d9-ggrcs:/etc/nginx$ curl -k https://localhost/apple
apple
如果您在控制器容器中检查nginx配置,您将看到/ apple位置的重定向配置:
www-data@nginx-ingress-controller-6c9fcdf8d9-ggrcs:/etc/nginx$ more /etc/nginx/nginx.conf
...
location /apple {
set $namespace "default";
set $ingress_name "example-ingress";
set $service_name "apple-service";
set $service_port "5678";
set $location_path "/apple";
rewrite_by_lua_block {
}
log_by_lua_block {
monitor.call()
}
if ($scheme = https) {
more_set_headers "Strict-Transport-Security: max-age=1572
4800; includeSubDomains";
}
port_in_redirect off;
set $proxy_upstream_name "default-apple-service-5678";
# enforce ssl on server side
if ($redirect_to_https) {
return 308 https://$best_http_host$request_uri;
}
client_max_body_size "1m";
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering "off";
proxy_buffer_size "4k";
proxy_buffers 4 "4k";
proxy_request_buffering "on";
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_tries 3;
proxy_pass http://default-apple-service-5678;
proxy_redirect off;
}
您可以通过添加annotations来禁用此默认行为:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /apple
backend:
serviceName: apple-service
servicePort: 5678
www-data@nginx-ingress-controller-6c9fcdf8d9-ggrcs:/etc/nginx$ curl http://localhost/apple
apple