0
我有Docker,Kubernetes(1.7)和Nginx都在我的RHEL7服務器上運行,我自己的服務位於碼頭集裝箱內並被Kubernetes拾起。我知道Kubernetes正在與碼頭工作,因爲我可以使用自己的IP:PORT地址來調用Kubernete吊艙的獲取請求,並且它可以工作。我設置了默認後端的Nginx,並使所有這些工作。我通過調用get pods和get svc命令知道這一點,並且所有事情都按照它應該運行。當我創建入口時,我知道Nginx正在挑選它,因爲當我使用命令kubectl describe pods {NGNIX-CONTROLLER}時,我發現它更新了它的入口,甚至記錄了我命名它的內容。現在我使用kubectl clusterinfo獲得Kubernetes主站的IP地址,並且我使用此IP地址嘗試呼叫我的服務,沿線爲http://KUBEIPADDRESS/PATH/TO/MY/SERVICE,沒有端口號,但不起作用。我不知道發生了什麼事。有人可以幫我解釋爲什麼Ingress和/或Nnginx不能正確地路由到我的服務?我會在下面給我的入口和nginx文件。Nginx和Ingress與Kubernetes沒有路由我的請求
(注意,對於nginx的YAML文件中,Nginx的控制器的部署是在底部一路)。
入口YAML
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gateway-ingress
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/rewrite-target:/
spec:
backend:
serviceName: default-http-backend
servicePort: 80
rules:
- host: testhost
http:
paths:
- path: /customer
backend:
serviceName: customer
servicePort: 9001
nginx的控制器YAML
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: ingress
rules:
- apiGroups:
- ""
- "extensions"
resources:
- configmaps
- secrets
- services
- endpoints
- ingresses
- nodes
- pods
verbs:
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- apiGroups:
- ""
resources:
- events
- services
verbs:
- create
- list
- update
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
- ingresses
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: ingress-ns
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- services
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: ingress-ns-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-ns
subjects:
- kind: ServiceAccount
name: ingress
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: ingress-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress
subjects:
- kind: ServiceAccount
name: ingress
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
k8s-app: default-http-backend
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissable as long as:
# 1. It serves a 404 page at/
# 2. It serves 200 on a /healthz endpoint
image: gcr.io/google_containers/defaultbackend:1.0
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: kube-system
labels:
k8s-app: default-http-backend
spec:
ports:
- port: 80
targetPort: 8080
selector:
k8s-app: default-http-backend
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
labels:
k8s-app: nginx-ingress-controller
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: nginx-ingress-controller
spec:
# hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
# however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
# that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
# like with kubeadm
hostNetwork: true
terminationGracePeriodSeconds: 60
serviceAccountName: ingress
containers:
- image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3
name: nginx-ingress-controller
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
也當我做kubectl describe ing我得到
Name: gateway-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
testhost
/customer customer:9001 ({IP}:9001,{IP}:9001)
Annotations:
rewrite-target: /
Events: <none>
這裏是我的部署和的情況下,任何人都需要一個
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: customer
labels:
run: customer
spec:
replicas: 2
template:
metadata:
labels:
run: customer
spec:
containers:
- name: customer
image: customer
imagePullPolicy: Always
ports:
- containerPort: 9001
protocol: TCP
---
kind: Service
apiVersion: v1
metadata:
name: customer
spec:
selector:
run: customer
type: NodePort
ports:
- name: port1
protocol: TCP
port: 9001
targetPort: 9001
感謝您的回覆!幾個語法問題,我會添加這樣的新服務嗎? '--service-node-port-range = 80-32767',當我調用url時,我通常只輸入'curl http:// testhost/customer',是否有任何特定的參數需要添加以確保curl在內部調用url?再次感謝! – anonuser1234
'--service-node-port-range = 80-32767'是kubernetes的api-server組件的參數。您需要修改該組件的啓動方式。在哪裏取決於你如何安裝kubernetes。 我不明白你的第二個問題。您不需要爲該curl命令添加參數,您需要配置執行curl的機器,以便'testhost'解析爲k8s節點IP。例如。在linux上你可以在'/ etc/hosts'中做到這一點。 –
我的計算機上沒有'/ etc/hosts',如果這有所幫助,我正在運行RHEL7。我添加了'--service-node-port-range'並使用ip地址對其進行了測試,但它不起作用。此外,我不完全確定這是否是問題。使用'KUBEIPADDRESS'是因爲當我使用它時,它默認爲後端,不僅如此,而且使用Kubernetes給出的客戶端口,例如'http:// KUBEIPADDRESS:CUSTOMER_PORT/get',它的工作原理應該如此。我想擺脫使用端口號的需要,直接去「客戶/獲取」。謝謝 – anonuser1234