我有一个服务(安装为另一个应用程序的 Helm 子图)在 Minikube 环境中可以正确访问,但在部署在远程 Kubernetes 集群上时无法访问。
应该可以通过入口访问服务。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-0.2.3"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
annotations:
# These annotations don't seem to make any difference
# traefik.ingress.kubernetes.io/ingress.class: traefik
# traefik.ingress.kubernetes.io/ssl-proxy-headers: X-Forwarded-Proto:https
# traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: "helper-service.example.com"
http:
paths:
- path: /
backend:
serviceName: helper-service
servicePort: service-port
apiVersion: v1
kind: Service
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.13.1"
app.kubernetes.io/managed-by: "Helm"
spec:
selector:
app.kubernetes.io/name: "helper-service"
type: ClusterIP
ports:
- port: 8080
name: service-port
targetPort: 8080
protocol: TCP
apiVersion: apps/v1
kind: Deployment
metadata:
name: helper-service
labels:
helm.sh/chart: "helper-service-1.0.0"
app.kubernetes.io/name: "helper-service"
app.kubernetes.io/version: "2.1"
app.kubernetes.io/managed-by: "Helm"
spec:
replicas: 1
revisionHistoryLimit: 3
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: "helper-service"
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/name: "helper-service"
spec:
containers:
- name: helper-service
image: "myregistry/myimage:myversion"
env:
- name: HELPER-SERVICE_BIND
value: ":8080"
ports:
- containerPort: 8080
向 helper-service.example.com 发送请求总是从 Nginx 返回 404 not found 错误。鉴于响应,Nginx 似乎可以访问,但无法提供对 Ingress 中指定服务的访问。
但是,在同一个集群/命名空间上的父图表 Helm 应用程序可以通过 NodePort 服务上的 Ingress 访问并且访问没有问题。
两个服务都正常运行:
$ k get all
NAME READY STATUS RESTARTS AGE
pod/myapp-645cd66d9-g84vm 2/2 Running 0 51m
pod/myapp-helper-service-fbc6bb4d8-zklf2 1/1 Running 0 4d19h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/myapp NodePort 10.10.10.11 <none> 8080:31033/TCP 110d
service/myapp-helper-service ClusterIP 10.10.10.61 <none> 8080/TCP 110d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/myapp 1/1 1 1 110d
deployment.apps/myapp-helper-service 1/1 1 1 110d
并且入口看起来正确:
$ k get ingresses
NAME HOSTS ADDRESS PORTS AGE
myapp myapp.example.com 37.44.1.172 80, 443 116d
myapp-helper-service myapp-helper-service.example.com 80 116d
入口详细信息为:
$ k describe ingress/myapp-helper-service
Name: myapp-helper-service
Namespace: my-namespace
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" is forbidden: User cannot get resource "endpoints" in API group "" in the namespace "kube-system">)
Rules:
Host Path Backends
---- ---- --------
myapp-helper-service.example.com
/ myapp-helper-service:service-port (172.25.0.207:8080)
Events: <none>
并且部署的服务是:
$ k describe service/myapp-helper-service
Name: myapp-helper-service
Namespace: mynamespace
Labels: app.kubernetes.io/instance=myapp
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=helper-service
app.kubernetes.io/version=2.1
helm.sh/chart=helper-service-0.2.3
Annotations: meta.helm.sh/release-name: myapp
meta.helm.sh/release-namespace: mynamespace
Selector: app.kubernetes.io/instance=myapp,app.kubernetes.io/name=helper-service
Type: ClusterIP
IP: 10.10.10.61
Port: service-port 8080/TCP
TargetPort: 8080/TCP
Endpoints: 172.25.0.207:8080
Port: metrics-port 8081/TCP
TargetPort: 8081/TCP
Endpoints: 172.25.0.207:8081
Session Affinity: None
Events: <none>
我尝试启用/禁用添加 Traefik annotations 以查看是否有任何更改,但结果是相同的(仍然是来自 Nginx 的 404 ?♂️)。
答案 0 :(得分:1)
我想出了解决办法。
即使创建了入口,但显然它实际上并没有起作用(或者得到了一些非更好指定的其他默认类)。
入口需要一个缺少的显式注释,指定入口类:
annotations:
kubernetes.io/ingress.class: nginx-external
添加并重新部署后,入口开始正确捕获我的请求并将它们重定向到 helper-service!
如果你知道,请写评论:
没有指定时的默认类是什么
如何确定已经在集群上运行的入口使用了什么类