我正在k8s
上从deployment, service, and ingress
练习here GKE
。点击模拟器可以帮助我快速理解概念,但是当我亲自动手时。我卡住了default backend - 404
。这是我的清单文件和bash
描述。
deployment.yaml
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: tunnel-deployment
labels:
app: tunnel
spec:
replicas: 1
selector:
matchLabels:
app: tunnel
template:
metadata:
labels:
app: tunnel
spec:
containers:
- name: tunnel
image: gcr.io/k8s-v1-235608/tunnel:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: MONGODB_HOST
value: moon-mongodb-replicaset-client
- name: RABBIT_HOST
value: rodent-rabbitmq-headless
- name: RABBIT_PASSWORD
valueFrom:
secretKeyRef:
name: rodent-rabbitmq
key: rabbitmq-password
- name: REDIS_HOST
value: ninja-redis-ha
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 15
periodSeconds: 20
请参阅deployments
中的bash
$ kubectl get deployments -o wide
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
tunnel-deployment 1 1 1 1 11m tunnel gcr.io/k8s-v1-235608/tunnel:latest app=tunnel
请参阅po
中的bash
$ kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
bbox 1/1 Running 0 1d 10.4.0.6 gke-doom-default-pool-4b763b09-pxnz <none>
moon-mongodb-replicaset-0 1/1 Running 0 1d 10.4.2.9 gke-doom-default-pool-4b763b09-lcs6 <none>
moon-mongodb-replicaset-1 1/1 Running 0 1d 10.4.0.8 gke-doom-default-pool-4b763b09-pxnz <none>
moon-mongodb-replicaset-2 1/1 Running 0 1d 10.4.2.10 gke-doom-default-pool-4b763b09-lcs6 <none>
ninja-redis-ha-server-0 2/2 Running 0 1d 10.4.0.9 gke-doom-default-pool-4b763b09-pxnz <none>
ninja-redis-ha-server-1 2/2 Running 0 1d 10.4.1.11 gke-doom-default-pool-4b763b09-85ch <none>
ninja-redis-ha-server-2 2/2 Running 0 1d 10.4.2.11 gke-doom-default-pool-4b763b09-lcs6 <none>
rodent-rabbitmq-0 1/1 Running 0 1d 10.4.2.12 gke-doom-default-pool-4b763b09-lcs6 <none>
tunnel-deployment-fddf78dcc-lpq8l 1/1 Running 0 11m 10.4.1.37 gke-doom-default-pool-4b763b09-85ch <none>
service.yaml
。我使用NodePort
和我的tunnel-service
。用我的selection.app
apiVersion: v1
kind: Service
metadata:
name: tunnel-service
labels:
app: tunnel
spec:
type: NodePort
ports:
- name: tunnel-port
port: 80
targetPort: 8080
selector:
app: tunnel
然后我有单个IP
地址来代表我的service
。
$ kubectl describe svc tunnel-service
Name: tunnel-service
Namespace: default
Labels: app=tunnel
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"tunnel"},"name":"tunnel-service","namespace":"default"},...
Selector: app=tunnel
Type: NodePort
IP: 10.7.242.110
Port: tunnel-port 80/TCP
TargetPort: 8080/TCP
NodePort: tunnel-port 32713/TCP
Endpoints: 10.4.1.37:8080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
qazxsw poi。我将qazxsw poi路由到我的qazxsw poi
ingress.yaml
/
在我的浏览器中。我已将我的主机名路由到正确的DNS并获得了tunnel-service
我确认我在apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tunnel-ingress
spec:
rules:
- host: abc.hbot.io
http:
paths:
- path: /
backend:
serviceName: tunnel-service
servicePort: 80
工作的$ kubectl describe ingress
Name: tunnel-ingress
Namespace: default
Address: 35.244.186.216
Default backend: default-http-backend:80 (10.4.1.9:8080)
Rules:
Host Path Backends
---- ---- --------
abc.hbot.io
/ tunnel-service:80 (<none>)
Annotations:
ingress.kubernetes.io/backends: {"k8s-be-31768--d2232907436d0807":"HEALTHY","k8s-be-32713--d2232907436d0807":"UNHEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/target-proxy: k8s-tp-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/url-map: k8s-um-default-tunnel-ingress--d2232907436d0807
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"tunnel-ingress","namespace":"default"},"spec":{"rules":[{"host":"abc.hbot.io","http":{"paths":[{"backend":{"serviceName":"tunnel-service","servicePort":80},"path":"/"}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 16m loadbalancer-controller default/tunnel-ingress
Normal CREATE 15m loadbalancer-controller ip: 35.244.186.216
。我的端点根据我的请求做出响应。
default backend - 404
尝试#1的更新:
在pod
和deployment
之后添加bash-4.3# curl http://localhost:8080/api
Hi I'm API Interface
*
不行。
尝试#2
添加/
apply
检查$ kubectl apply -f ingress.yaml
ingress.extensions/tunnel-ingress configured
$ kubectl describe ingress
Name: tunnel-ingress
Namespace: default
Address: 35.244.186.216
Default backend: default-http-backend:80 (10.4.1.9:8080)
Rules:
Host Path Backends
---- ---- --------
abc.hbot.io
/* tunnel-service:80 (<none>)
Annotations:
ingress.kubernetes.io/backends: {"k8s-be-31768--d2232907436d0807":"HEALTHY","k8s-be-32713--d2232907436d0807":"UNHEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/target-proxy: k8s-tp-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/url-map: k8s-um-default-tunnel-ingress--d2232907436d0807
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"tunnel-ingress","namespace":"default"},"spec":{"rules":[{"host":"abc.hbot.io","http":{"paths":[{"backend":{"serviceName":"tunnel-service","servicePort":80},"path":"/*"}]}}]}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 42m loadbalancer-controller default/tunnel-ingress
Normal CREATE 40m loadbalancer-controller ip: 35.244.186.216
annotations
错误:服务器错误服务器遇到临时错误,无法完成您的请求。请在30秒后再试一次。
Attemp#3
将apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tunnel-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: abc.hbot.io
http:
paths:
- path: /
backend:
serviceName: tunnel-service
servicePort: 80
安装到群集。我跟随ingress
$ kubectl describe ingress
Name: tunnel-ingress
Namespace: default
Address: 35.244.186.216
Default backend: default-http-backend:80 (10.4.1.9:8080)
Rules:
Host Path Backends
---- ---- --------
abc.hbot.io
/ tunnel-service:80 (<none>)
Annotations:
ingress.kubernetes.io/backends: {"k8s-be-31768--d2232907436d0807":"HEALTHY","k8s-be-32713--d2232907436d0807":"UNHEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/target-proxy: k8s-tp-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/url-map: k8s-um-default-tunnel-ingress--d2232907436d0807
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"tunnel-ingress","namespace":"default"},"spec":{"rules":[{"host":"abc.hbot.io","http":{"paths":[{"backend":{"serviceName":"tunnel-service","servicePort":80},"path":"/"}]}}]}}
kubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 54m loadbalancer-controller default/tunnel-ingress
Normal CREATE 53m loadbalancer-controller ip: 35.244.186.216
。因为我曾使用过前一个集群。
遵循相同的名称。
ingress-nginx
cert-manager
doc
在我的笔记本电脑上用$ helm install stable/nginx-ingress --name quickstart
NAME: quickstart
LAST DEPLOYED: Wed Mar 27 16:09:15 2019
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
quickstart-nginx-ingress-controller 1 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
quickstart-nginx-ingress-controller-5b8d54d964-rnvw6 0/1 ContainerCreating 0 0s
quickstart-nginx-ingress-default-backend-57bdfdcd46-vtf4h 0/1 Pending 0 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
quickstart-nginx-ingress-controller LoadBalancer 10.7.241.190 <pending> 80:32341/TCP,443:32762/TCP 0s
quickstart-nginx-ingress-default-backend ClusterIP 10.7.254.207 <none> 80/TCP 0s
==> v1/ServiceAccount
NAME SECRETS AGE
quickstart-nginx-ingress 1 0s
==> v1beta1/ClusterRole
NAME AGE
quickstart-nginx-ingress 0s
==> v1beta1/ClusterRoleBinding
NAME AGE
quickstart-nginx-ingress 0s
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
quickstart-nginx-ingress-controller 0/1 1 0 0s
quickstart-nginx-ingress-default-backend 0/1 1 0 0s
==> v1beta1/Role
NAME AGE
quickstart-nginx-ingress 0s
==> v1beta1/RoleBinding
NAME AGE
quickstart-nginx-ingress 0s
NOTES:
The nginx-ingress controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace default get services -o wide -w quickstart-nginx-ingress-controller'
An example Ingress that makes use of the controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
serviceName: exampleService
servicePort: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
测试
describe ingress
尝试第4次:
解决$ kubectl describe ingress
Name: tunnel-ingress
Namespace: default
Address: 35.244.186.216
Default backend: default-http-backend:80 (10.4.1.9:8080)
Rules:
Host Path Backends
---- ---- --------
abc.hbot.io
/ tunnel-service:80 (<none>)
Annotations:
ingress.kubernetes.io/backends: {"k8s-be-31768--d2232907436d0807":"HEALTHY","k8s-be-32713--d2232907436d0807":"UNHEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/target-proxy: k8s-tp-default-tunnel-ingress--d2232907436d0807
ingress.kubernetes.io/url-map: k8s-um-default-tunnel-ingress--d2232907436d0807
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"tunnel-ingress","namespace":"default"},"spec":{"rules":[{"host":"abc.hbot.io","http":{"paths":[{"backend":{"serviceName":"tunnel-service","servicePort":80},"path":"/"}]}}]}}
kubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 5m12s nginx-ingress-controller Ingress default/tunnel-ingress
Normal CREATE 7s (x7 over 92m) loadbalancer-controller ip: 35.244.186.216
Normal UPDATE 7s (x13 over 5m12s) nginx-ingress-controller Ingress default/tunnel-ingress
否则我的新curl
不会运行$ curl -H 'Host: abc.hbot.io' 35.244.186.216/api
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>502 Server Error</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Server Error</h1>
<h2>The server encountered a temporary error and could not complete your request.<p>Please try again in 30 seconds.</h2>
<h2></h2>
</body></html>
insufficient cpu
安装pods
values.yaml
controller:
resources:
limits:
cpu: 100m
memory: 64Mi
requests:
cpu: 100m
memory: 64Mi
defaultBackend:
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
ingress-nginx
helm install --values values.yaml stable/nginx-ingress --name quickstart
ingress.yaml
我删除并再次申请入口。 IP地址已更改
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tunnel-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: abc.hbot.io
http:
paths:
- backend:
serviceName: tunnel-service
servicePort: 80
path: /
我的情况更糟。
describe ingress
最后的尝试#5:
我放弃使用普通的$ kubectl describe ingress
Name: tunnel-ingress
Namespace: default
Address: 35.240.162.185
Default backend: default-http-backend:80 (10.4.1.9:8080)
Rules:
Host Path Backends
---- ---- --------
abc.hbot.io
/ tunnel-service:80 (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"tunnel-ingress","namespace":"default"},"spec":{"rules":[{"host":"abc.hbot.io","http":{"paths":[{"backend":{"serviceName":"tunnel-service","servicePort":80},"path":"/"}]}}]}}
kubernetes.io/ingress.class: nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 14m nginx-ingress-controller Ingress default/tunnel-ingress
Normal CREATE 14m nginx-ingress-controller Ingress default/tunnel-ingress
Normal UPDATE 14m nginx-ingress-controller Ingress default/tunnel-ingress
Normal CREATE 9m27s nginx-ingress-controller Ingress default/tunnel-ingress
设置。并从$ kubectl get ingress -o wide
NAME HOSTS ADDRESS PORTS AGE
tunnel-ingress abc.hbot.io 35.240.162.185 80 15m
方法开始。通过跟随$ curl -H 'Host: abc.hbot.io' http://35.240.162.185/api
curl: (7) Failed to connect to 35.240.162.185 port 80: Connection refused
然后用我的服务取代http
服务。然后它完成了!
题: 我哪里错了?
我从未使用过GKE,但是使用AWS和ALB,路径需要包含通配符。它似乎在GKE上是一样的。 https
cert-manager
尝试按如下方式配置入口:
kuard