当我使用端口转发并将get请求发送到localhost时,我的服务运行良好,但是将get请求发送到publicDomain则显示503错误消息。 这是我的配置文件:
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: default
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
- port: 9000
targetPort: 9000
protocol: TCP
name: http1
- port: 9001
targetPort: 9001
protocol: TCP
name: http2
selector:
app: my-app
部署配置:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- image: myrepo.azurecr.io/my-app:12
name: my-app
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8000
protocol: TCP
- containerPort: 9000
protocol: TCP
- containerPort: 9001
protocol: TCP
VirtualService配置:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app
namespace: default
spec:
hosts:
- "app.mydomain.com"
gateways:
- mygateway.istio-system.svc.cluster.local
http:
- match:
- uri:
prefix: /myprefix
route:
- destination:
host: my-app
port:
number: 9001
- match:
- uri:
prefix: /
route:
- destination:
host: my-app
port:
number: 9000
corsPolicy:
allowOrigin:
- "https://test1.domain.com"
- "https://test2.domain.com"
allowMethods:
- POST
- PATCH
allowCredentials: false
allowHeaders:
- X-Tenant-Identifier
- Content-Type
maxAge: "24h"
网关配置:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*.mydomain.com"
#tls:
#httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*.mydomain.com"
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
以下是更多信息:
$ kubectl get ep my-app
NAME ENDPOINTS AGE
my-app 10.244.1.169:9000,10.244.1.169:9001,10.244.1.169:8080 26h
如果我转发端口:
$ kubectl port-forward my-app-podid 6001:9001
,然后使用邮递员将Get请求发送到localhost:6001 / myprefix,它工作正常并返回200 OK响应,但是,如果将Get请求发送到publicdomain app.mydomain.com/myprefix,我也会使用curl收到503错误:
kubectl exec -n istio-system istio-ingressgateway-podid -- curl -v http://my-app.default.svc.cluster.local:9001/myprefix
已连接到my-app.default.svc.cluster.local(10.0.71.212)端口9001(#0)
GET / myprefix HTTP / 1.1 主机:my-app.default.svc.cluster.local:9001 用户代理:curl / 7.47.0 接受: /
上游连接错误或在标头之前断开连接/重置。重置原因:连接终止
Ingress网关的日志提供的信息不只是503错误消息。 有人知道缺少什么吗?
答案 0 :(得分:1)
问题在于在“服务”下设置了错误的端口名称。 因此正确的Service.yaml文件如下所示:
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: default
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http-debug
- port: 9000
targetPort: 9000
protocol: TCP
name: http-app
- port: 9001
targetPort: 9001
protocol: TCP
name: http-monitoring
selector:
app: my-app