nginx入口控制器0.26.1在GKE v1.14上返回504(连接到上游时超时)

时间:2019-11-07 08:46:00

标签: kubernetes google-kubernetes-engine kubernetes-ingress nginx-ingress

我最近将我的gke集群升级到1.14.x,并将nginx入口升级到了最新版本0.26.1。在某些时候,我的入口停止工作。

例如,当尝试使用<div class="blog-contl row"> <div class="col"> <div class="blog-half"> <div class="blog-half-img" style="background-image:url('http://www.project-progress.co.uk/cloudhouse/site/wp-content/uploads/blog6.jpg')"> </div> <div class="blog-half-cont"> <h4>Test Post 12</h4> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.</p> <div class="main-button"> <a href="http://www.project-progress.co.uk/cloudhouse/site/test-post-12/" title="Read More" class="btn-default">Read More</a> </div> </div> </div> </div> <div class="col"> <div class="blog-half"> <div class="blog-half-img" style="background-image:url('http://www.project-progress.co.uk/cloudhouse/site/wp-content/uploads/blog3.jpg')"> </div> <div class="blog-half-cont"> <h4>Test Post 9</h4> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.</p> <div class="main-button"> <a href="http://www.project-progress.co.uk/cloudhouse/site/test-post-9/" title="Read More" class="btn-default">Read More</a> </div> </div> </div> </div> <div class="col "> <div class="blog-half"> <div class="blog-half-img" style="background-image:url('http://www.project-progress.co.uk/cloudhouse/site/wp-content/uploads/blog6.jpg')"> </div> <div class="blog-half-cont"> <h4>Test Post 6</h4> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.</p> <div class="main-button"> <a href="http://www.project-progress.co.uk/cloudhouse/site/test-post-6/" title="Read More" class="btn-default">Read More</a> </div> </div> </div> </div> </div>访问Nexus时,这些是入口控制器日志:

curl INGRESS_IP -H "host:nexus.myorg.com"

如您所见,它尝试连接到Pod IP 10.8.25.3:8081三次,所有这些超时。

我已经走进一个Pod,并使用相同的IP访问该Pod了,没有问题:2019/11/07 08:35:49 [error] 350#350: *2664 upstream timed out (110: Connection timed out) while connecting to upstream, client: 82.81.2.76, server: nexus.myorg.com, request: "GET / HTTP/1.1", upstream: "http://10.8.25.3:8081/", host: "nexus.myorg.com" 2019/11/07 08:35:54 [error] 350#350: *2664 upstream timed out (110: Connection timed out) while connecting to upstream, client: 82.81.2.76, server: nexus.myorg.com, request: "GET / HTTP/1.1", upstream: "http://10.8.25.3:8081/", host: "nexus.myorg.com" 2019/11/07 08:35:59 [error] 350#350: *2664 upstream timed out (110: Connection timed out) while connecting to upstream, client: 82.81.2.76, server: nexus.myorg.com, request: "GET / HTTP/1.1", upstream: "http://10.8.25.3:8081/", host: "nexus.myorg.com" 82.81.2.76 - - [07/Nov/2019:08:35:59 +0000] "GET / HTTP/1.1" 504 173 "-" "curl/7.64.1" 79 15.003 [some-namespace-nexus-service-8081] [] 10.8.25.3:8081, 10.8.25.3:8081, 10.8.25.3:8081 0, 0, 0 5.001, 5.001, 5.001 504, 504, 504 a03f13a3bfc943e44f2df3d82a6ecaa4 。因此,该服务已正确设置。

这是我的Ingress配置:

curl 10.8.25.3:8081

您知道如何解决此问题吗?

1 个答案:

答案 0 :(得分:2)

该问题与网络策略有关。我们有一些政策禁止从其他名称空间访问Pod,仅允许从入口名称空间访问

  apiVersion: extensions/v1beta1
  kind: NetworkPolicy
  metadata:
    name: allow-from-ingress-namespace
    namespace: some-namespace
  spec:
    ingress:
    - from:
      - namespaceSelector:
          matchLabels:
            type: ingress
    podSelector: {}
    policyTypes:
    - Ingress

  apiVersion: extensions/v1beta1
  kind: NetworkPolicy
  metadata:
    name: deny-from-other-namespaces
    namespace: some-namespace
  spec:
    ingress:
    - from:
      - podSelector: {}
    podSelector: {}
    policyTypes:
    - Ingress

通过升级,我们丢失了与策略匹配的标签(类型= ingress)。只需添加它即可解决问题:kubectl label namespaces ingress-nginx type=ingress

相关问题
最新问题