routing - GKE istio-ingressgateway 需要帮助解决 HTTP 错误 503
问题描述
在过去的一周里,我一直在尝试在 Google 的 Kubernetes Engine 中与 Istio 一起设置 sock-shop 演示应用程序。curl -I http://${GATEWAY_URL}/
但是,当我使用(其中 ${GATEWAY_URL} 对应于我运行时收到的外部 IP )卷曲到我的入口网关的外部 IP 地址时kubectl get service istio-ingressgateway -n istio-system
,我得到这个作为响应:
HTTP/1.1 503 Service Unavailable
date: Mon, 22 Jul 2019 13:50:11 GMT
server: envoy
transfer-encoding: chunked
的输出kubectl logs -n istio-system istio-ingressgateway-64d6cfc6cb-m4sbx
如下:
[2019-07-22T13:50:12.021Z] "HEAD /HTTP/1.1" 503 NR 0 0 2 - "10.132.0.4" "curl/7.52.1" "25ea898e-0f51-4997-b3bc-a08f586dcf8a" "35.240.37.125" "-" - - 10.4.0.4:80 10.132.0.4:52250
我为 sock-shop 使用以下部署(它基本上是传统的 sock-shop,除了我已将http-
-prefix 添加到侦听端口 80 的服务端口):
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: carts-db
labels:
name: carts-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: carts-db
spec:
containers:
- name: carts-db
image: mongo
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: carts-db
labels:
name: carts-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: carts-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: carts
labels:
name: carts
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: carts
spec:
containers:
- name: carts
image: weaveworksdemos/carts:0.4.8
ports:
- containerPort: 80
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: carts
labels:
name: carts
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-carts
selector:
name: carts
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: catalogue-db
labels:
name: catalogue-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: catalogue-db
spec:
containers:
- name: catalogue-db
image: weaveworksdemos/catalogue-db:0.3.0
env:
- name: MYSQL_ROOT_PASSWORD
value: fake_password
- name: MYSQL_DATABASE
value: socksdb
ports:
- name: mysql
containerPort: 3306
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: catalogue-db
labels:
name: catalogue-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 3306
targetPort: 3306
name: mysql-catalogue-db
selector:
name: catalogue-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: catalogue
labels:
name: catalogue
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: catalogue
spec:
containers:
- name: catalogue
image: weaveworksdemos/catalogue:0.3.5
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: catalogue
labels:
name: catalogue
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-catalogue
selector:
name: catalogue
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: front-end
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: front-end
spec:
containers:
- name: front-end
image: weaveworksdemos/front-end:0.3.12
resources:
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 8079
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: front-end
labels:
name: front-end
namespace: sock-shop
spec:
type: NodePort
ports:
- port: 80
targetPort: 8079
nodePort: 30001
name: http-frontend
selector:
name: front-end
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orders-db
labels:
name: orders-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: orders-db
spec:
containers:
- name: orders-db
image: mongo
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: orders-db
labels:
name: orders-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: orders-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orders
labels:
name: orders
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: orders
spec:
containers:
- name: orders
image: weaveworksdemos/orders:0.4.7
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: orders
labels:
name: orders
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-orders
selector:
name: orders
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: payment
labels:
name: payment
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: payment
spec:
containers:
- name: payment
image: weaveworksdemos/payment:0.4.3
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: payment
labels:
name: payment
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-payment
selector:
name: payment
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: queue-master
labels:
name: queue-master
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: queue-master
spec:
containers:
- name: queue-master
image: weaveworksdemos/queue-master:0.3.1
ports:
- containerPort: 80
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: queue-master
labels:
name: queue-master
annotations:
prometheus.io/path: "/prometheus"
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-queue-master
selector:
name: queue-master
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: rabbitmq
labels:
name: rabbitmq
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: rabbitmq
spec:
containers:
- name: rabbitmq
image: rabbitmq:3.6.8
ports:
- containerPort: 5672
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: rabbitmq
labels:
name: rabbitmq
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 5672
targetPort: 5672
selector:
name: rabbitmq
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: shipping
labels:
name: shipping
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: shipping
spec:
containers:
- name: shipping
image: weaveworksdemos/shipping:0.4.8
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: shipping
labels:
name: shipping
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-shipping
selector:
name: shipping
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: user-db
labels:
name: user-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: user-db
spec:
containers:
- name: user-db
image: weaveworksdemos/user-db:0.4.0
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: user-db
labels:
name: user-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: user-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: user
labels:
name: user
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: user
spec:
containers:
- name: user
image: weaveworksdemos/user:0.4.7
ports:
- containerPort: 80
env:
- name: MONGO_HOST
value: user-db:27017
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: user
labels:
name: user
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-user
selector:
name: user
使用以下网关gateway.yaml
...
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
和虚拟服务virtual.yaml
:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: external-services
spec:
hosts:
- "*"
gateways:
- gateway # 1
http:
- route:
- destination:
host: front-end # 2
port:
number: 80
我不知道前面提到的 503 错误可能是什么原因。日志的输出状态为“NR”,这表明它没有找到适用的路线,但这就是虚拟服务的用途,所以我认为这是我犯错的地方,但我无法弄清楚它到底是什么。
解决方案
在您的部署中,您使用了命名空间sock-shop
所以需要指定虚拟服务指向这个服务:
- destination: host: front-end.sock-shop.svc.cluster.local