问题:
TLS上的Ingress-Default backend-404
汲睿
我正在使用Rancher2.4.7在客户环境中部署应用程序。我成功地为生产环境创建了一个新集群,但是,每当我使用特定的主机名(证书有效)创建入口资源时:我在访问应用程序时会得到default backend-404消息。
如果我使用embedxip.io主机名创建了一个入口资源,我就可以按预期的方式访问应用程序。
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
spec:
selector:
matchLabels:
app: nginx
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
workload.user.cattle.io/workloadselector: deployment-default-nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
name: nginx
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: false
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
tty: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
spec:
ports:
- name: nginx
port: 80
protocol: TCP
targetPort: 80
selector:
workload.user.cattle.io/workloadselector: deployment-default-nginx
sessionAffinity: None
type: ClusterIP
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx
namespace: default
spec:
rules:
- host: mydomain.com
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
path: /
tls:
- hosts:
- mydomain.com
secretName: mycertificate
I0111 16:13:02.868872 6 flags.go:204] Watching for Ingress class: nginx
W0111 16:13:02.869187 6 flags.go:249] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W0111 16:13:02.869225 6 client_config.go:543] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0111 16:13:02.869357 6 main.go:220] Creating API client for https://10.43.0.1:443
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: 0.32.0
Build: git-29dd9760f
Repository: https://github.com/rancher/ingress-nginx.git
nginx version: nginx/1.17.10
-------------------------------------------------------------------------------
I0111 16:13:02.879836 6 main.go:264] Running in Kubernetes cluster version v1.18 (v1.18.6) - git (clean) commit dff82dc0de47299ab66c83c626e08b245ab19037 - platform linux/amd64
I0111 16:13:02.884023 6 main.go:94] Validated ingress-nginx/default-http-backend as the default backend.
I0111 16:13:03.022518 6 main.go:105] SSL fake certificate created /etc/ingress-controller/ssl/default-fake-certificate.pem
I0111 16:13:03.023350 6 main.go:113] Enabling new Ingress features available since Kubernetes v1.18
E0111 16:13:03.024271 6 main.go:122] Unexpected error searching IngressClass: ingressclasses.networking.k8s.io "nginx" is forbidden: User "system:serviceaccount:ingress-nginx:nginx-ingress-serviceaccount" cannot get resource "ingressclasses" in API group "networking.k8s.io" at the cluster scope
W0111 16:13:03.024285 6 main.go:125] No IngressClass resource with name nginx found. Only annotation will be used.
I0111 16:13:03.060623 6 nginx.go:263] Starting NGINX Ingress controller
I0111 16:13:03.077607 6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"tcp-services", UID:"eb5e7318-e99c-428f-82a0-4321925fdc4e", APIVersion:"v1", ResourceVersion:"610", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/tcp-services
I0111 16:13:03.077660 6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"udp-services", UID:"91590425-b422-4c4b-829d-a0be04973a9d", APIVersion:"v1", ResourceVersion:"611", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/udp-services
I0111 16:13:03.077677 6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"nginx-configuration", UID:"20b82b4a-e536-4a63-9fd2-20e17489b1ab", APIVersion:"v1", ResourceVersion:"607", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/nginx-configuration
I0111 16:13:04.168739 6 backend_ssl.go:66] Adding Secret "default/mycertificate" to the local store
I0111 16:13:04.261564 6 nginx.go:307] Starting NGINX process
I0111 16:13:04.261672 6 leaderelection.go:242] attempting to acquire leader lease ingress-nginx/ingress-controller-leader-nginx...
I0111 16:13:04.262436 6 controller.go:139] Configuration changes detected, backend reload required.
I0111 16:13:04.363051 6 leaderelection.go:252] successfully acquired lease ingress-nginx/ingress-controller-leader-nginx
I0111 16:13:04.363157 6 status.go:86] new leader elected: nginx-ingress-controller-5dwhm
I0111 16:13:04.385580 6 controller.go:155] Backend successfully reloaded.
I0111 16:13:04.385608 6 controller.go:164] Initial sync, sleeping for 1 second.
E0111 16:14:14.950751 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:161: Failed to watch *v1.Pod: Get "https://10.43.0.1:443/api/v1/namespaces/ingress-nginx/pods?allowWatchBookmarks=true&labelSelector=app%3Dingress-nginx%2Ccontroller-revision-hash%3D55dd558cd5%2Cpod-template-generation%3D1&resourceVersion=1028734&timeout=9m32s&timeoutSeconds=572&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0111 16:14:14.950798 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:159: Failed to watch *v1.Service: Get "https://10.43.0.1:443/api/v1/services?allowWatchBookmarks=true&resourceVersion=1028611&timeout=5m1s&timeoutSeconds=301&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0111 16:14:14.950816 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:157: Failed to watch *v1.Secret: Get "https://10.43.0.1:443/api/v1/secrets?allowWatchBookmarks=true&resourceVersion=1028785&timeout=9m23s&timeoutSeconds=563&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0111 16:14:14.950847 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:182: Failed to watch *v1beta1.Ingress: Get "https://10.43.0.1:443/apis/networking.k8s.io/v1beta1/ingresses?allowWatchBookmarks=true&resourceVersion=1028611&timeout=8m58s&timeoutSeconds=538&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0111 16:14:14.951438 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:160: Failed to watch *v1.ConfigMap: Get "https://10.43.0.1:443/api/v1/configmaps?allowWatchBookmarks=true&resourceVersion=1028928&timeout=9m58s&timeoutSeconds=598&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0111 16:14:14.951936 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:158: Failed to watch *v1.Endpoints: Get "https://10.43.0.1:443/api/v1/endpoints?allowWatchBookmarks=true&resourceVersion=1028926&timeout=9m48s&timeoutSeconds=588&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
I0112 09:02:55.888418 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 09:02:55.969141 6 controller.go:155] Backend successfully reloaded.
I0112 09:22:55.591923 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 09:22:55.591920 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"5121fa4a-a2c1-445a-a65a-da5ad64088f1", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1173601", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress default/nginx
I0112 09:22:55.676508 6 controller.go:155] Backend successfully reloaded.
I0112 09:23:04.372633 6 status.go:275] updating Ingress default/nginx status from [] to [{10.107.129.176 }]
I0112 09:23:04.380700 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"5121fa4a-a2c1-445a-a65a-da5ad64088f1", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1173626", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/nginx
I0112 09:23:04.388779 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"5121fa4a-a2c1-445a-a65a-da5ad64088f1", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1173628", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/nginx
I0112 09:23:04.402679 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"5121fa4a-a2c1-445a-a65a-da5ad64088f1", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1173629", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/nginx
I0112 09:23:07.714377 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 09:23:07.791810 6 controller.go:155] Backend successfully reloaded.
10.117.131.141 - - [12/Jan/2021:09:23:11 +0000] "GET / HTTP/1.1" 200 414 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36" 504 0.006 [default-nginx-80] [] 10.42.0.168:80 612 0.004 200 0bb06b53bbc47c83854cf8e19fde2e4a
I0112 09:24:06.033945 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 09:24:06.114217 6 controller.go:155] Backend successfully reloaded.
E0112 09:35:32.853089 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:161: Failed to watch *v1.Pod: Get "https://10.43.0.1:443/api/v1/namespaces/ingress-nginx/pods?allowWatchBookmarks=true&labelSelector=app%3Dingress-nginx%2Ccontroller-revision-hash%3D55dd558cd5%2Cpod-template-generation%3D1&resourceVersion=1173526&timeout=8m3s&timeoutSeconds=483&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0112 09:35:32.853089 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:160: Failed to watch *v1.ConfigMap: Get "https://10.43.0.1:443/api/v1/configmaps?allowWatchBookmarks=true&resourceVersion=1175379&timeout=6m4s&timeoutSeconds=364&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0112 09:35:32.853156 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:182: Failed to watch *v1beta1.Ingress: Get "https://10.43.0.1:443/apis/networking.k8s.io/v1beta1/ingresses?allowWatchBookmarks=true&resourceVersion=1173916&timeout=6m15s&timeoutSeconds=375&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0112 09:35:32.853566 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:159: Failed to watch *v1.Service: Get "https://10.43.0.1:443/api/v1/services?allowWatchBookmarks=true&resourceVersion=1173495&timeout=9m31s&timeoutSeconds=571&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0112 09:35:32.854106 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:158: Failed to watch *v1.Endpoints: Get "https://10.43.0.1:443/api/v1/endpoints?allowWatchBookmarks=true&resourceVersion=1175377&timeout=6m14s&timeoutSeconds=374&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0112 09:35:32.854378 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:157: Failed to watch *v1.Secret: Get "https://10.43.0.1:443/api/v1/secrets?allowWatchBookmarks=true&resourceVersion=1173561&timeout=9m27s&timeoutSeconds=567&watch=true": dial tcp 10.43.0.1:443: connect: connection refused
E0112 09:35:36.334273 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:157: Failed to watch *v1.Secret: unknown (get secrets)
E0112 09:35:36.334349 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:160: Failed to watch *v1.ConfigMap: unknown (get configmaps)
E0112 09:35:36.334520 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:159: Failed to watch *v1.Service: unknown (get services)
E0112 09:35:36.334538 6 reflector.go:382] k8s.io/ingress-nginx/internal/ingress/controller/store/store.go:158: Failed to watch *v1.Endpoints: unknown (get endpoints)
I0112 10:18:11.687109 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 10:18:11.775731 6 controller.go:155] Backend successfully reloaded.
I0112 10:48:25.950829 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 10:48:26.033626 6 controller.go:155] Backend successfully reloaded.
W0112 10:49:21.912963 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 11:05:53.875160 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 11:05:53.875312 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 11:05:53.942794 6 controller.go:155] Backend successfully reloaded.
I0112 11:05:53.990374 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"5121fa4a-a2c1-445a-a65a-da5ad64088f1", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1188099", FieldPath:""}): type: 'Normal' reason: 'DELETE' Ingress default/nginx
I0112 11:05:57.208715 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 11:05:57.297730 6 controller.go:155] Backend successfully reloaded.
I0112 11:06:15.724049 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"c230bb3e-7e0c-4ffa-b8a3-24e437a11b7c", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1188154", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress default/nginx
W0112 11:06:15.725433 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 11:06:15.725612 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 11:06:15.808897 6 controller.go:155] Backend successfully reloaded.
I0112 11:07:04.375801 6 status.go:275] updating Ingress default/nginx status from [] to [{10.107.129.176 }]
I0112 11:07:04.386737 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"c230bb3e-7e0c-4ffa-b8a3-24e437a11b7c", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1188268", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/nginx
W0112 11:07:04.386900 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 11:07:04.399808 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"c230bb3e-7e0c-4ffa-b8a3-24e437a11b7c", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1188270", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/nginx
W0112 11:07:07.720456 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 12:37:09.436273 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 12:37:09.436524 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"c230bb3e-7e0c-4ffa-b8a3-24e437a11b7c", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1200926", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/nginx
W0112 12:37:32.812935 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 12:37:43.751781 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 12:37:47.085248 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 13:29:48.126896 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 13:29:48.127046 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 13:29:48.194086 6 controller.go:155] Backend successfully reloaded.
W0112 13:34:18.155900 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 13:34:18.156070 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 13:34:18.231656 6 controller.go:155] Backend successfully reloaded.
W0112 13:50:31.577308 6 main.go:60] Protocol "HTTPS" is not a valid value for the backend-protocol annotation. Using HTTP as protocol
W0112 13:50:31.578553 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 13:50:50.699484 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 14:34:11.399326 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 14:34:11.399493 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 14:34:11.494728 6 controller.go:155] Backend successfully reloaded.
W0112 14:35:04.385107 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 14:35:07.718580 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
I0112 14:35:07.718815 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 14:35:07.819621 6 controller.go:155] Backend successfully reloaded.
W0112 14:35:11.052037 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 14:35:33.306202 6 controller.go:909] Service "default/nginx" does not have any active Endpoint.
W0112 14:37:02.428966 6 controller.go:822] Error obtaining Endpoints for Service "default/nginx": no object matching key "default/nginx" in local store
I0112 14:37:02.429111 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 14:37:02.493923 6 controller.go:155] Backend successfully reloaded.
I0112 14:37:05.762583 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 14:37:05.859639 6 controller.go:155] Backend successfully reloaded.
10.117.131.141 - - [12/Jan/2021:14:37:07 +0000] "GET / HTTP/1.1" 200 414 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36" 618 0.002 [default-nginx-80] [] 10.42.0.168:80 612 0.000 200 4e6feb07a8d5e16a9d2592272ca338fd
I0112 15:24:28.246019 6 controller.go:139] Configuration changes detected, backend reload required.
I0112 15:24:28.316464 6 controller.go:155] Backend successfully reloaded.
I0112 15:25:31.398134 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"nginx", UID:"c230bb3e-7e0c-4ffa-b8a3-24e437a11b7c", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"1224608", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/nginx
共有1个答案
梁丘柏
spec:
defaultBackend:
serviceName: ingress-nginx-controller
servicePort: 80
在规则之前添加以下内容
类似资料:
-
上节课给大家展示了 traefik 的安装使用以及简单的 ingress 的配置方法,这节课我们来学习一下 ingress tls 以及 path 路径在 ingress 对象中的使用方法。 TLS 认证 在现在大部分场景下面我们都会使用 https 来访问我们的服务,这节课我们将使用一个自签名的证书,当然你有在一些正规机构购买的 CA 证书是最好的,这样任何人访问你的服务的时候都是受浏览器信任的
-
我在EKS上运行服务已经有一段时间了,今天无意中删除了nginx入口。现在,当我尝试使用以下url中的入口控制器模板设置入口时,只需稍加修改: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/aws/deploy-tls-termination.
-
下面是一个例子: 我还将ingress配置为在所有主机名上使用机密,而不指定host:tls:-secretname:******WTE-Ingress
-
我们正在研究kubernetes可用的各种开源入口控制器,需要从中选择最好的一个。我们正在评估以下四个入口控制器 Nginx入口控制器 这些在特性和性能方面有什么区别,在生产中应该采用哪一种。请提供您的建议
-
申请 Domain Name 首先就是申请一个你要的网域, 这边网路上资源很多都可以查一下哪个网域商或是一些相关的建议, 这边我就先不去多做介绍了, 文章中会以 sam.nctu.me 来作范例 用 Letsencrypt 来签发凭证 这边我们用手动的把它先签下来, 上 Letsencrypt 去安装 certbot, 手动签的方式也可以参考签 letsencrpyt 凭证 文章, 输入以下指令来
-
虽然 minikube 支持 LoadBalancer 类型的服务,但它并不会创建外部的负载均衡器,而是为这些服务开放一个 NodePort。这在使用 Ingress 时需要注意。 本节展示如何在 minikube 上开启 Ingress Controller 并创建和管理 Ingress 资源。 启动 Ingress Controller minikube 已经内置了 ingress addon