我想这是我的第一个问题。
这个问题使我发疯,我现在不知道该怎么办或搜索。
我正在尝试使用HELM和Traefik在DigitalOcean上设置k8s集群。
我遵循了此blog post
的教程我已经在DO上打开了一张票,以获取有效的SSL / HTTTS证书的帮助,并且看来可行。
但是,当我拥有有效的证书时,会收到“ 502错误的网关,该服务器返回了无效或不完整的响应”。每个配置的域名。
当我禁用SSL并删除证书时,一切正常,我可以访问每台主机,但是您知道...没有证书不好! :)
此外,当我在helm-values.yaml上激活SSL / HTTPS时,我得到了奇怪的日志!
这里有摘录,我什至不知道这里发生了什么!
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:55Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:55Z"}
{"level":"debug","msg":"http: TLS handshake error from 10.244.0.1:38666: tls: first record does not look like a TLS handshake","time":"2019-06-17T23:44:55Z"}
10.244.2.1 - - [17/Jun/2019:23:44:55 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3209 "entrypoint redirect for http" "/" 0ms
10.244.0.1 - - [17/Jun/2019:23:44:55 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3210 "entrypoint redirect for http" "/" 0ms
10.244.0.1 - - [17/Jun/2019:23:44:55 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3211 "entrypoint redirect for http" "/" 0ms
10.244.2.1 - - [17/Jun/2019:23:44:55 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3212 "entrypoint redirect for http" "/" 0ms
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:55Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:55Z"}
10.135.133.233 - - [17/Jun/2019:23:44:55 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3213 "entrypoint redirect for http" "/" 0ms
10.244.2.1 - - [17/Jun/2019:23:44:56 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3214 "entrypoint redirect for http" "/" 0ms
10.244.0.1 - - [17/Jun/2019:23:44:56 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3215 "entrypoint redirect for http" "/" 0ms
10.244.0.1 - - [17/Jun/2019:23:44:56 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3216 "entrypoint redirect for http" "/" 0ms
10.244.2.1 - - [17/Jun/2019:23:44:57 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3217 "entrypoint redirect for http" "/" 0ms
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:57Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:57Z"}
10.135.162.241 - - [17/Jun/2019:23:44:57 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3218 "entrypoint redirect for http" "/" 0ms
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:57Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:57Z"}
10.135.162.241 - - [17/Jun/2019:23:44:57 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3219 "entrypoint redirect for http" "/" 0ms
10.135.133.233 - - [17/Jun/2019:23:44:58 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3220 "entrypoint redirect for http" "/" 0ms
10.244.0.1 - - [17/Jun/2019:23:44:58 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3221 "entrypoint redirect for http" "/" 0ms
10.244.2.1 - - [17/Jun/2019:23:44:58 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3222 "entrypoint redirect for http" "/" 0ms
10.244.0.1 - - [17/Jun/2019:23:44:58 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3223 "entrypoint redirect for http" "/" 0ms
10.244.2.1 - - [17/Jun/2019:23:44:58 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3224 "entrypoint redirect for http" "/" 0ms
10.135.133.233 - - [17/Jun/2019:23:44:58 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3225 "entrypoint redirect for http" "/" 0ms
10.244.2.1 - - [17/Jun/2019:23:44:59 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3226 "entrypoint redirect for http" "/" 0ms
10.244.0.1 - - [17/Jun/2019:23:44:59 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3227 "entrypoint redirect for http" "/" 0ms
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:59Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:59Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:59Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-06-17T23:44:59Z"}
10.244.0.1 - - [17/Jun/2019:23:44:59 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3228 "entrypoint redirect for http" "/" 0ms
10.244.2.1 - - [17/Jun/2019:23:45:00 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3229 "entrypoint redirect for http" "/" 0ms
10.135.162.241 - - [17/Jun/2019:23:45:00 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3230 "entrypoint redirect for http" "/" 0ms
10.135.162.241 - - [17/Jun/2019:23:45:00 +0000] "GET / HTTP/1.0" 302 5 "-" "-" 3231 "entrypoint redirect for http" "/" 0ms
Logs from 6/17/19 11:44 PM to 6/17/19 11:45 PM UTC
我尝试了很多事情,我现在显然不是k8s的专家!
这是我的helm-values.yaml的修改版本:
ssl:
enabled: true
enforced: true
insecureSkipVerify: false
permanentRedirect: false
debug:
enabled: true
accessLogs:
enabled: true
acme:
enabled: true
staging: true
logging: true
email: email@dontworry.co
challengeType: "dns-01"
dnsProvider:
name: digitalocean
digitalocean:
DO_AUTH_TOKEN: "MY_DO_AUTH_TOKEN"
persistence:
enabled: true
domains:
enabled: true
domainsList:
- main: "*.mydomain.cloud"
service:
annotations:
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "A_CERTIFICATE_ID_VALID"
service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
service.beta.kubernetes.io/do-loadbalancer-algorithm: "round_robin"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
metrics:
prometheus:
enabled: false
rbac:
enabled: true
replicas: 1
dashboard:
enabled: true
domain: traefik.mydomain.cloud
auth:
basic:
traefik: # generated with : htpasswd -c traefik traefik
ingress:
annotations:
kubernetes.io/ingress.class: traefik
这里有一个Ingress用来访问我的API:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.rule.type: PathPrefixStrip
name: domain-network
spec:
rules:
- host:
http:
paths:
- path: /
backend:
serviceName: domain-service-gateway
servicePort: http
当然,domain-service-gateway是一项服务,公开的端口为80。
整个群集无需SSL / HTTPS设置即可使用,但是启用后... 502错误的网关!
它应该可以工作,但我想我这里缺少重要的东西。
我希望StackOverflow的众神会听到我的祈祷:)
阅读所有内容并竭力为我服务很重要!