K8s:如何通过入口公开我的应用程序

问题描述 投票:0回答:1

我正在尝试在 K8s 中公开我的应用程序。

我已经设置了一个入口控制器,它具有以下属性:

kubectl get svc,pods --namespace ingress
NAME                                  TYPE           CLUSTER-IP       EXTERNAL-IP           PORT(S)                      AGE
service/ingress-nginx-nginx-ingress   LoadBalancer   10.254.234.220   111.111.111.111       80:32097/TCP,443:32755/TCP   16d

NAME                                               READY   STATUS    RESTARTS   AGE
pod/ingress-nginx-nginx-ingress-68848c49f8-54lx4   1/1     Running   0          12d
pod/ingress-nginx-nginx-ingress-68848c49f8-5dx97   1/1     Running   0          12d
pod/ingress-nginx-nginx-ingress-68848c49f8-89grn   1/1     Running   0          12d

所以当我在浏览器中访问

https://111.111.111.111
(不是真实地址)时,我得到:

enter image description here

这是我的应用程序在 value.yaml 中的入口`

ingress:
  name: externalIngress
  enabled: true
  type: LoadBalancer
  ingressClassName: "nginx"
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  hosts:
    - host:
      paths:
      - path: "/"
        backend:
          serviceName: my-app
          servicePort: 80

使用模板:

{{- if .Values.ingress.enabled -}}
{{- $fullName := include "my-app.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
  name: {{ $fullName }}
  labels:
    {{- include "my-app.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
          {{- end }}
    {{- end }}
  {{- end }}

我为入口设置了一项服务:

kubectl get service --namespace=ingress -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      meta.helm.sh/release-name: ingress-nginx
      meta.helm.sh/release-namespace: ingress
    creationTimestamp: "2022-04-29T14:51:36Z"
    labels:
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: ingress-nginx-nginx-ingress
      helm.sh/chart: nginx-ingress-0.10.4
    name: ingress-nginx-nginx-ingress
    namespace: ingress
    resourceVersion: "4711523"
    selfLink: /api/v1/namespaces/ingress/services/ingress-nginx-nginx-ingress
    uid: a8183382-151f-499b-b06f-0a189e302226
  spec:
    clusterIP: 10.254.234.220
    externalTrafficPolicy: Local
    healthCheckNodePort: 31343
    ports:
    - name: http
      nodePort: 32097
      port: 80
      protocol: TCP
      targetPort: 80
    - name: https
      nodePort: 32755
      port: 443
      protocol: TCP
      targetPort: 443
    selector:
      app: ingress-nginx-nginx-ingress
    sessionAffinity: None
    type: LoadBalancer
  status:
    loadBalancer:
      ingress:
      - ip: 111.111.111.111
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

我为我的应用程序设置了服务

kubectl get service --namespace=my-app -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      meta.helm.sh/release-name: my-app
      meta.helm.sh/release-namespace: my-app
    creationTimestamp: "2022-05-12T12:11:47Z"
    labels:
      app.kubernetes.io/instance: my-app
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: my-app
      app.kubernetes.io/version: 1.16.0
      helm.sh/chart: my-app-0.1.0
    name: my-app
    namespace: my-app
    resourceVersion: "7395487"
    selfLink: /api/v1/namespaces/my-app/services/my-app
    uid: d72661e1-be92-42f5-a030-65bdf4da06c8
  spec:
    clusterIP: 10.254.153.184
    ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    selector:
      app.kubernetes.io/instance: my-app
      app.kubernetes.io/name: my-app
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

以及以下入口:

kubectl get ingress --namespace=my-app -o yaml
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
      meta.helm.sh/release-name: my-app
      meta.helm.sh/release-namespace: my-app
      nginx.ingress.kubernetes.io/rewrite-target: /$2
    creationTimestamp: "2022-05-16T11:38:13Z"
    generation: 3
    labels:
      app.kubernetes.io/instance: my-app
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: my-app
      app.kubernetes.io/version: 1.16.0
      helm.sh/chart: my-app-0.1.0
    name: my-app
    namespace: my-app
    resourceVersion: "8501216"
    selfLink: /apis/extensions/v1beta1/namespaces/my-app/ingresses/my-app
    uid: 27fa844e-7672-47ff-94b2-b9c18492cb5d
  spec:
    rules:
    - http:
        paths:
        - backend:
            serviceName: my-app
            servicePort: 80
          path: /
  status:
    loadBalancer: {}
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

具有以下权限的 ingress 的 clusterRole: enter image description here

基于此,我希望能够访问 http://111.111.111.111/ 并被路由到 

my-app
但我只得到 404。

入口日志给出:

 controller.go:3050[] Using the DEPRECATED annotatio │
│ n 'kubernetes.io/ingress.class'. The 'ingressClassName' field will be ignored.


event.go:285[] Event(v1.ObjectReference{Kind:"Ingre │
│ ss", Namespace:"my-app", Name:"my-app", UID:"27fa844e-7672-47ff-94b2-b9c18492cb5d", APIVersion:"networking.k8s.io/v1beta1", ResourceVersio │
│ n:"8499566", FieldPath:""}): type: 'Warning' reason: 'Rejected' my-app/my-app was rejected: with error: spec.rules[0].host: Required value

我做错了什么!?

kubernetes-helm kubernetes-ingress ingress-controller
1个回答
0
投票

在模板化之后共享 yaml 通常会更容易:)

为了使其发挥作用,您需要-

(在入口命名空间中)

  1. 一种将流量从外部世界获取到集群的方法,例如 aws 负载均衡器 - 这是特定于基础设施的
  2. svc 将流量映射到入口控制器(在支持的云部署中可以是 LoadBalancer 类型)
  3. nginx-ingress-controller 正在运行
  4. kubernetes 集群角色 + 绑定,赋予入口控制器查看每个命名空间中的入口和服务的权限

(在您的应用程序命名空间中)

  1. 其中运行您的应用程序的 Pod
  2. 与您的 Pod 匹配的 svc
  3. 与您的服务相匹配的入口

由于您没有提到服务,我猜测这就是您的问题 - 尝试将流量直接发送到 Pod,而不是通过服务。如果我的猜测是错误的,那么来自 nginx 入口控制器的日志应该更清晰。顺便说一句,您可能不需要专门运行其中的 3 个来启动;)

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.