Traefik-ingress仪表板返回404

时间:2018-11-21 00:02:08

标签: kubernetes amazon-elb traefik kubernetes-ingress amazon-eks

我先部署traefik ingress controller吊舱,然后再部署两项服务,其中一项是用于反向代理的LoadBalancer类型,另一项是用于仪表板的ClusterIP类型。

我还创建了将所有<elb-address>/dashboard重定向到我的traefik仪表板的入口。

但是由于某些原因,当我尝试在aws-ip/dashboard上请求仪表板时收到404错误代码

那是我用来设置traefik的清单Yamls 

---
apiVersion: v1
kind: ServiceAccount
metadata:
 name: traefik-ingress-controller
 namespace: kube-system
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
        - name: admin
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      targetPort: 80
      port: 80
  type: LoadBalancer
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - name: web
      port: 80
      targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: kube-system
  name: traefik-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - http:
      paths:
      - path: /dashboard
        backend:
          serviceName: traefik-web-ui
          servicePort: web

更新

我正在查看日志,并在激活rbac并创建ClusterRole,ServiceRole和ServiceAccount的情况下收到以下错误:

E1124 18:56:23.267560       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kube-system:traefik-ingress" cannot list endpoints in the namespace "default"
E1124 18:56:23.648207       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kube-system:traefik-ingress" cannot list services in the namespace "default"
E1124 18:56:23.267560       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kube-system:traefik-ingress" cannot list endpoints in the namespace "default"

这是我的serviceAccount,clusterRole和RoleBingind 

kind: ServiceAccount
apiVersion: v1
metadata:
  name: traefik-ingress
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress
rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses/status
    verbs:
      - update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress
subjects:
- kind: ServiceAccount
  name: traefik-ingress
  namespace: default

2 个答案:

答案 0 :(得分:1)

我自己尝试过。因此,基本上,当您创建Ingress时,它是使用host(默认值)的traefik-ui.minikube创建的,因此您将无法使用<elb-address>/dashboard/访问仪表板。

您将必须使用traefik-ui.minikube/dashboard/访问它。例如:

$ kubectl -n kube-system get ingress
NAME              HOSTS                 ADDRESS                  PORTS   AGE
traefik-ingress   *                                                                                              80      8m13s
traefik-web-ui    traefik-ui.minikube   xxxx.elb.amazonaws.com   80      71d

$ curl -H 'Host: traefik-ui.minikube' xxxx.elb.amazonaws.com/dashboard/
<!doctype html><html class="has-navbar-fixed-top">
...
</html>

如果您想在浏览器中查看,也可以将条目添加到/etc/hosts文件中。

 <one-of-the-ips-of-your-elb> traefik-ui.minikube

您还可以在Ingress定义中使用hostrules

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: kube-system
  name: traefik-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: yourown.hostname.com
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: traefik-web-ui
          servicePort: web

答案 1 :(得分:1)

解决方案

我应用

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

,然后安装带有头盔的稳定/ traefik模板

helm install stable/traefik --name=traefik-ingress-controller --values values.yaml

values.yaml文件是:     仪表板:       已启用:true       域:traefik-ui.k8s.io     rbac:       已启用:true     kubernetes:       命名空间:         -默认         -kube系统

感谢帮助

相关问题
最新问题