时间戳

首页 > 解决方案 > 无法通过 nginx-ingress-controller 访问 Kubernetes ClusterIP 服务

nginx - 无法通过 nginx-ingress-controller 访问 Kubernetes ClusterIP 服务

问题描述

我是一名 Kubernetes 业余爱好者,试图在 GKE 上使用 NGINX 入口控制器。我正在按照这个谷歌云文档为我的服务设置 NGINX Ingress,但是,我在访问 NGINX 位置时遇到了问题。

什么在起作用?

  1. 使用 Helm 部署 Ingress-Controller(启用 RBAC)
  2. ClusterIP 服务部署

什么不工作?

  1. 使用唯一路径(扇出路由)公开多个 ClusterIP 服务的入口资源

K8S 服务

[msekar@ebs kube-base]$ kubectl get services -n payment-gateway-7682352
NAME                            TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
nginx-ingress-controller        LoadBalancer   10.35.241.255   35.188.161.171   80:31918/TCP,443:31360/TCP   6h
nginx-ingress-default-backend   ClusterIP      10.35.251.5     <none>           80/TCP                       6h
payment-gateway-dev             ClusterIP      10.35.254.167   <none>           5000/TCP                     6h
payment-gateway-qa              ClusterIP      10.35.253.94    <none>           5000/TCP                     6h

K8S 入口

[msekar@ebs kube-base]$ kubectl get ing -n payment-gateway-7682352
NAME                HOSTS     ADDRESS          PORTS     AGE
pgw-nginx-ingress   *         104.198.78.169   80        6h

[msekar@ebs kube-base]$ kubectl describe ing pgw-nginx-ingress -n payment-gateway-7682352
Name:             pgw-nginx-ingress
Namespace:        payment-gateway-7682352
Address:          104.198.78.169
Default backend:  default-http-backend:80 (10.32.1.4:8080)
Rules:
  Host  Path  Backends
  ----  ----  --------
  *     
        /dev/   payment-gateway-dev:5000 (<none>)
        /qa/    payment-gateway-qa:5000 (<none>)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/ssl-redirect":"false"},"name":"pgw-nginx-ingress","namespace":"payment-gateway-7682352"},"spec":{"rules":[{"http":{"paths":[{"backend":{"serviceName":"payment-gateway-dev","servicePort":5000},"path":"/dev/"},{"backend":{"serviceName":"payment-gateway-qa","servicePort":5000},"path":"/qa/"}]}}]}}

  kubernetes.io/ingress.class:               nginx
  nginx.ingress.kubernetes.io/ssl-redirect:  false
Events:                                      <none>

注释中的最后应用配置(入口描述输出)显示入口资源清单。但是,我将其粘贴在下面以供参考

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: pgw-nginx-ingress
  namespace: payment-gateway-7682352
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: payment-gateway-dev
          servicePort: 5000
        path: /dev/
      - backend:
          serviceName: payment-gateway-qa
          servicePort: 5000
        path: /qa/

附加信息

我尝试访问的服务是使用上下文的 springboot 服务,因此,根位置不是有效的端点。

容器的就绪和活跃度探针被相应地定义。

例如,“payment-gateway-dev”服务使用上下文 /pgw/v1 上下文,因此,部署只能通过上下文访问。要访问应用程序的 swagger 规范,您可以使用 URL

http://<>/pgw/v1/swagger-ui.html

我的部署行为

入口控制器-LB-ip = 35.188.161.171

任何关于我可能做错的建议或见解将不胜感激。

标签: nginxkuberneteskubernetes-ingress

解决方案

+1 这个问得很好的问题。

你的设置对我来说似乎是正确的。在您的解释中,我可以发现您的服务需要http://<>/pgw/v1/swagger-ui.html作为上下文。但是,在您的设置中,http://<>/qa/pgw/v1/swagger-ui.html如果您的路线是/qa/.

要删除前缀,您需要做的是rewrite向您的入口添加一条规则:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: pgw-nginx-ingress
  namespace: payment-gateway-7682352
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: payment-gateway-dev
          servicePort: 5000
        path: /dev/(.+)
      - backend:
          serviceName: payment-gateway-qa
          servicePort: 5000
        path: /qa/(.+)

在此之后,您的服务应该会收到正确的上下文。

参考:

推荐阅读