Question

我已经使用GKE设置了Kubernetes集群，并以Traefik的实例作为入口控制器，但是尝试访问资源时，我总是以502 Bad Gateway作为响应（在本例中为traefik仪表板）

我遵循的步骤基于本文：https://medium.com/@kita_no_tori/setting-up-a-service-mesh-in-gke-using-linkerd2-and-traefik-2-0-a0518cfc7625

我的入口控制器部署：

kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: traefik
  name: traefik
  labels:
    app: traefik
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - name: traefik
        image: traefik:2.1.4
        ports:
        - name: https
          containerPort: 443
          hostPort: 443
        - name: dashboard
          containerPort: 8080
          hostPort: 8080
        args:
        - --entryPoints.traefik.address=:8100
        - --entryPoints.web.address=:80
        - --entryPoints.websecure.address=:443
        - --api.dashboard=true
        - --log.level=INFO
        - --global.sendanonymoususage=false
        - --global.checknewversion=false
        # TLS CHALLENGE (single certificates)
        - --certificatesresolvers.le.acme.tlschallenge
        - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
        - --certificatesresolvers.le.acme.email=<MY_EMAIL>
        - --certificatesresolvers.le.acme.storage=acme.json
        # DNS CHALLENGE (wildcards certificates)
        - --certificatesresolvers.ledns.acme.email=<MY_EMAIL>
        - --certificatesresolvers.ledns.acme.storage=acme-dns.json
        - --certificatesresolvers.ledns.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
        - --certificatesresolvers.ledns.acme.dnschallenge=true
        - --certificatesresolvers.ledns.acme.dnschallenge.provider=ovh
        - --certificatesresolvers.ledns.acme.dnschallenge.delaybeforecheck=10
        - --certificatesresolvers.ledns.acme.dnschallenge.resolvers=213.186.33.99,1.1.1.1:53,8.8.8.8:53
        - --providers.kubernetescrd
        env:
         - name: OVH_ENDPOINT
           value: "ovh-eu"
         - name: OVH_APPLICATION_KEY
           value: <MY_KEY>
         - name: OVH_APPLICATION_SECRET
           value: <MY_SECRET>
         - name: OVH_CONSUMER_KEY
           value: <MY_CONSUMER_KEY>
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 180
          periodSeconds: 3
          timeoutSeconds: 1

我的服务：

# Connects Traefik with cloud provider's load balancer.
# All external traffic comes through here.
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-controller
  namespace: default
spec:
  type: LoadBalancer
  loadBalancerIP: <MY_LOAD_BALANCER_IP>
  selector:
    app: traefik
  ports:
  - name: https
    port: 443
    targetPort: 443
---
# Exposes Traefik dashboard inside the cluster.
# External access is provided by IngressRoute.
kind: Service
apiVersion: v1
metadata:
  name: traefik-dashboard
  namespace: traefik
spec:
  type: ClusterIP
  selector:
    app: traefik
  ports:
  - name: dashboard
    port: 8080
    targetPort: 8080

我的IngressRoute：

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: traefik-dashboard
  namespace: traefik
spec:
  entryPoints: 
    - websecure
  tls:
    certResolver: le
  routes:
  - match: Host(`traefik.dashboard.mydomain.com`)
    kind: Rule
    services:
    - name: traefik-dashboard
      port: 8080

欢迎任何帮助。

谢谢。

Traefik GKE 502错误网关

0 个答案: