Kubernetes版本:1.4.5
我使用type: NodePort提供了一项非常简单的服务。它只返回/info上的一些文字。我使用默认的GKE入口控制器(L7 Google负载均衡器)和TLS。如果我使用以下入口,一切都按预期工作:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: global-ingress
namespace: global
annotations:
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
- secretName: tls-secret
backend:
serviceName: gate-front
servicePort: 80
curl -k https://130.211.39.140/info
POD: gate-front-1871107570-ue07p
IP: 10.0.2.26
REQ: /info
$ kubectl describe ing
Name: global-ingress
Namespace: global
Address: 130.211.39.140
Default backend: gate-front:80 (10.0.2.25:8080,10.0.2.26:8080)
TLS:
tls-secret terminates
Rules:
Host Path Backends
---- ---- --------
* * gate-front:80 (10.0.2.25:8080,10.0.2.26:8080)
Annotations:
backends: {"k8s-be-31966--f3f0bf21d171a625":"HEALTHY"}
https-forwarding-rule: k8s-fws-global-global-ingress--f3f0bf21d171a625
https-target-proxy: k8s-tps-global-global-ingress--f3f0bf21d171a625
url-map: k8s-um-global-global-ingress--f3f0bf21d171a625
但是,如果我引入规则并省略默认后端,则所有请求都会返回default backend - 404。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: global-ingress
namespace: global
annotations:
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
- secretName: tls-secret
rules:
- http:
paths:
- path: /gate
backend:
serviceName: gate-front
servicePort: 80
curl -k https://130.211.33.150/gate/info
default backend - 404
$ kubectl describe ing
Name: global-ingress
Namespace: global
Address: 130.211.33.150
Default backend: default-http-backend:80 (10.0.2.3:8080)
TLS:
tls-secret terminates
Rules:
Host Path Backends
---- ---- --------
*
/gate gate-front:80 (<none>)
Annotations:
https-forwarding-rule: k8s-fws-global-global2-ingress--f3f0bf21d171a625
https-target-proxy: k8s-tps-global-global2-ingress--f3f0bf21d171a625
url-map: k8s-um-global-global2-ingress--f3f0bf21d171a625
backends: {"k8s-be-31966--f3f0bf21d171a625":"HEALTHY","k8s-be-32552--f3f0bf21d171a625":"HEALTHY"}
如果我添加主机并使用curl -k --resolve ...,我会得到相同的行为。
我浏览了以下文档和示例:
有人可以对此有所了解吗?
答案 0 :(得分:2)
https://github.com/kubernetes/ingress-gce/blob/master/README.md#paths
如果它解决了这个问题,你能看一下这部分并发表评论:
注意刚发生的事情,端点公开/主机名,负载均衡器将整个匹配的URL转发给端点。这意味着如果你有&#39; / foo&#39;在Ingress并尝试访问/ hostname,您的端点将收到/ foo / hostname,而不知道如何路由它。现在更新Ingress以通过/ fs端点访问静态内容:
答案 1 :(得分:-1)
我遇到了类似的问题,如果您使用GCE,请记住每个入口控制器都会获得一个新IP。
我已将DNS指向我制作的第一个入口控制器,并且不知道新的入口控制器获得了新的IP。来自错误主机的流量被发送到我的第一个入口控制器,因此404响应是正确的。
确保通过使用kubectl检查入口控制器来正确指出DNS:
public static string ConvertHex(String hexString)
{
try
{
string ascii = string.Empty;
for (int i = 0; i < hexString.Length; i += 2)
{
String hs = string.Empty;
hs = hexString.Substring(i, 2);
uint decval = System.Convert.ToUInt32(hs, 16);
char character = System.Convert.ToChar(decval);
ascii += character;
}
return ascii;
}
catch (Exception ex) { Console.WriteLine(ex.Message); }
return string.Empty;
}
private static string HexString2Ascii(string hexString)
{
StringBuilder sb = new StringBuilder();
for (int i = 0; i <= hexString.Length - 2; i += 2)
{
sb.Append(Convert.ToString(Convert.ToChar(Int32.Parse(hexString.Substring(i, 2), System.Globalization.NumberStyles.HexNumber))));
}
return sb.ToString();
}
public static byte[] FromHex(string hex)
{
hex = hex.Replace("-", "");
byte[] raw = new byte[hex.Length / 2];
for (int i = 0; i < raw.Length; i++)
{
raw[i] = Convert.ToByte(hex.Substring(i * 2, 2), 16);
}
return raw;
}
static string HexStringToString(string hexString)
{
if (hexString == null || (hexString.Length & 1) == 1)
{
throw new ArgumentException();
}
var sb = new StringBuilder();
for (var i = 0; i < hexString.Length; i += 2)
{
var hexChar = hexString.Substring(i, 2);
sb.Append((char)Convert.ToByte(hexChar, 16));
}
return sb.ToString();
}