【发布时间】:2021-05-22 09:50:31
【问题描述】:
我在 GKE 集群上设置入口资源时遇到了一些麻烦。 我对任何类型的 HTTP 请求都有 404 错误响应。 以下是我的部署、服务和入口配置:
部署与服务:
apiVersion: apps/v1
kind: Deployment
metadata:
name: snap-api
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: snap-api
template:
metadata:
labels:
app: snap-api
spec:
serviceAccountName: snap-ksa
containers:
- image: eu.gcr.io/snap-xxx/services/snap-api:latest
imagePullPolicy: Always
name: snap-api
ports:
- containerPort: 5001
protocol: TCP
resources:
requests:
memory: "200Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1"
env:
- name: ASPNETCORE_ENVIRONMENT
value: Production
- name: CONFIG_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: snap-secrets
key: config_connection_string
- name: DATA_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: snap-secrets
key: data_connection_string
# TODO: Dev cert
- name: TLS_KEY_PATH
value: /app/aspnetapp.pfx
- name: TLS_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: snap-secrets
key: tls_key_passphrase
- name: cloud-sql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.17
command:
- "/cloud_sql_proxy"
- "-instances=snap-xxx:europe-west1:snap-tenant-db=tcp:1433"
securityContext:
runAsNonRoot: true
ports:
- containerPort: 1433
protocol: TCP
resources:
requests:
memory: "500Mi"
cpu: "1"
limits:
memory: "2Gi"
cpu: "1"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: snap-api-service
namespace: default
spec:
type: NodePort
selector:
app: snap-api
ports:
- targetPort: 5001
name: http
protocol: TCP
port: 60000
还有入口:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: snap-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- pathType: Prefix
path: /api/*
backend:
service:
name: snap-api-service
port:
number: 60000
我在想,可以通过防火墙的问题吗?我的服务也没有进行健康检查... 以下是“kubectl describe ingress snap-ingress”命令的输出:
Name: snap-ingress
Namespace: default
Address: x.x.x.x
Default backend: default-http-backend:80 (10.6.0.2:8080)
Rules:
Host Path Backends
---- ---- --------
*
/api/* snap-api-service:60000 (10.6.0.130:5001)
Annotations: ingress.kubernetes.io/backends:
{"k8s-be-31084--19bd63f37342a0f0":"HEALTHY","k8s1-19bd63f3-default-snap-api-service-60000-d79961e6":"UNHEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s2-fr-2zv080r1-default-snap-ingress-4rmjay2y
ingress.kubernetes.io/target-proxy: k8s2-tp-2zv080r1-default-snap-ingress-4rmjay2y
ingress.kubernetes.io/url-map: k8s2-um-2zv080r1-default-snap-ingress-4rmjay2y
nginx.ingress.kubernetes.io/rewrite-target: /
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 7m18s loadbalancer-controller UrlMap "k8s2-um-2zv080r1-default-snap-ingress-4rmjay2y" created
Normal Sync 7m16s loadbalancer-controller TargetProxy "k8s2-tp-2zv080r1-default-snap-ingress-4rmjay2y" created
Normal Sync 7m6s loadbalancer-controller ForwardingRule "k8s2-fr-2zv080r1-default-snap-ingress-4rmjay2y" created
Normal IPChanged 7m6s loadbalancer-controller IP is now x.x.x.x
Normal Sync 112s (x6 over 8m50s) loadbalancer-controller Scheduled for sync
【问题讨论】:
-
您测试了哪个 url 以获得 404?
-
入口公共 ip: ``` Normal IPChanged 7m6s loadbalancer-controller IP 现在是 x.x.x.x ```
-
你试过x.x.x.x/api/了吗?
-
x.x.x.x 只是一个占位符,以避免写入我的集群的真实公共 ip。我尝试使用 POST 请求登录我的 snap-api 应用程序:http://
/api/users/login -
您在 Cloud Logging 中的容器上是否有日志?您是否看到请求的 URL?我怀疑你的入口有错误的重写。
标签: kubernetes google-cloud-platform google-kubernetes-engine