0
我有Docker,Kubernetes(1.7)和Nginx都在我的RHEL7服务器上运行,我自己的服务位于码头集装箱内并被Kubernetes拾起。我知道Kubernetes正在与码头工作,因为我可以使用自己的IP:PORT地址来调用Kubernete吊舱的获取请求,并且它可以工作。我设置了默认后端的Nginx,并使所有这些工作。我通过调用get pods和get svc命令知道这一点,并且所有事情都按照它应该运行。当我创建入口时,我知道Nginx正在挑选它,因为当我使用命令kubectl describe pods {NGNIX-CONTROLLER}时,我发现它更新了它的入口,甚至记录了我命名它的内容。现在我使用kubectl clusterinfo获得Kubernetes主站的IP地址,并且我使用此IP地址尝试呼叫我的服务,沿线为http://KUBEIPADDRESS/PATH/TO/MY/SERVICE,没有端口号,但不起作用。我不知道发生了什么事。有人可以帮我解释为什么Ingress和/或Nnginx不能正确地路由到我的服务?我会在下面给我的入口和nginx文件。Nginx和Ingress与Kubernetes没有路由我的请求
(注意,对于nginx的YAML文件中,Nginx的控制器的部署是在底部一路)。
入口YAML
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gateway-ingress
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/rewrite-target:/
spec:
backend:
serviceName: default-http-backend
servicePort: 80
rules:
- host: testhost
http:
paths:
- path: /customer
backend:
serviceName: customer
servicePort: 9001
nginx的控制器YAML
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: ingress
rules:
- apiGroups:
- ""
- "extensions"
resources:
- configmaps
- secrets
- services
- endpoints
- ingresses
- nodes
- pods
verbs:
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- apiGroups:
- ""
resources:
- events
- services
verbs:
- create
- list
- update
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
- ingresses
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: ingress-ns
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- services
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: ingress-ns-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-ns
subjects:
- kind: ServiceAccount
name: ingress
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: ingress-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress
subjects:
- kind: ServiceAccount
name: ingress
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
k8s-app: default-http-backend
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissable as long as:
# 1. It serves a 404 page at/
# 2. It serves 200 on a /healthz endpoint
image: gcr.io/google_containers/defaultbackend:1.0
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: kube-system
labels:
k8s-app: default-http-backend
spec:
ports:
- port: 80
targetPort: 8080
selector:
k8s-app: default-http-backend
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
labels:
k8s-app: nginx-ingress-controller
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: nginx-ingress-controller
spec:
# hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
# however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
# that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
# like with kubeadm
hostNetwork: true
terminationGracePeriodSeconds: 60
serviceAccountName: ingress
containers:
- image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3
name: nginx-ingress-controller
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
也当我做kubectl describe ing我得到
Name: gateway-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
testhost
/customer customer:9001 ({IP}:9001,{IP}:9001)
Annotations:
rewrite-target: /
Events: <none>
这里是我的部署和的情况下,任何人都需要一个
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: customer
labels:
run: customer
spec:
replicas: 2
template:
metadata:
labels:
run: customer
spec:
containers:
- name: customer
image: customer
imagePullPolicy: Always
ports:
- containerPort: 9001
protocol: TCP
---
kind: Service
apiVersion: v1
metadata:
name: customer
spec:
selector:
run: customer
type: NodePort
ports:
- name: port1
protocol: TCP
port: 9001
targetPort: 9001
感谢您的回复!几个语法问题,我会添加这样的新服务吗? '--service-node-port-range = 80-32767',当我调用url时,我通常只输入'curl http:// testhost/customer',是否有任何特定的参数需要添加以确保curl在内部调用url?再次感谢! – anonuser1234
'--service-node-port-range = 80-32767'是kubernetes的api-server组件的参数。您需要修改该组件的启动方式。在哪里取决于你如何安装kubernetes。 我不明白你的第二个问题。您不需要为该curl命令添加参数,您需要配置执行curl的机器,以便'testhost'解析为k8s节点IP。例如。在linux上你可以在'/ etc/hosts'中做到这一点。 –
我的计算机上没有'/ etc/hosts',如果这有所帮助,我正在运行RHEL7。我添加了'--service-node-port-range'并使用ip地址对其进行了测试,但它不起作用。此外,我不完全确定这是否是问题。使用'KUBEIPADDRESS'是因为当我使用它时,它默认为后端,不仅如此,而且使用Kubernetes给出的客户端口,例如'http:// KUBEIPADDRESS:CUSTOMER_PORT/get',它的工作原理应该如此。我想摆脱使用端口号的需要,直接去“客户/获取”。谢谢 – anonuser1234