问题:
Kubernetes HTTP活性探测失败,导致“连接被拒绝”,即使URL在没有它的情况下工作
杨超
Kubernetes version: v1.16.3
OS: CentOS 7
Kernel: Linux k8s02-master01 3.10.0-1062.4.3.el7.x86_64 #1 SMP Wed Nov 13 23:58:53 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
我有一个Wordpress部署,运行一个从自定义Apache/Wordpress映像构建的容器。该图像公开端口8080,而不是80(下面的Dockerfile)。该吊舱通过Traefik反向代理向世界公开。一切都很好,没有任何活性或准备检查。豆荚准备就绪,可以从https://www.example.com/访问Wordpress。
我尝试添加活跃度和准备度探测器,但它们都多次以“连接拒绝”失败。当我移除两个探测并重新应用部署时,它将再次工作。它一直工作到探测达到失败阈值,此时容器进入一个无休止的重启循环并变得不可访问。
POD事件:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned development/blog-wordpress-5dbcd9c7c7-kdgpc to gg-k8s02-worker02
Normal Killing 16m (x2 over 17m) kubelet, gg-k8s02-worker02 Container blog-wordpress failed liveness probe, will be restarted
Normal Created 16m (x3 over 18m) kubelet, gg-k8s02-worker02 Created container blog-wordpress
Normal Started 16m (x3 over 18m) kubelet, gg-k8s02-worker02 Started container blog-wordpress
Normal Pulled 13m (x5 over 18m) kubelet, gg-k8s02-worker02 Container image "wordpress-test:test12" already present on machine
Warning Unhealthy 8m17s (x35 over 18m) kubelet, gg-k8s02-worker02 Liveness probe failed: Get http://10.244.3.83/: dial tcp 10.244.3.83:80: connect: connection refused
Warning BackOff 3m27s (x27 over 11m) kubelet, gg-k8s02-worker02 Back-off restarting failed container
WordPress not found in /var/www/html - copying now...
WARNING: /var/www/html is not empty! (copying anyhow)
Complete! WordPress has been successfully copied to /var/www/html
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.244.3.83. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.244.3.83. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 11 06:39:07.502247 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Wed Dec 11 06:39:07.502323 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.244.3.1 - - [11/Dec/2019:06:39:18 +0000] "GET /index.php HTTP/1.1" 301 264 "-" "kube-probe/1.16"
10.244.3.1 - - [11/Dec/2019:06:39:33 +0000] "GET /index.php HTTP/1.1" 301 264 "-" "kube-probe/1.16"
10.244.3.1 - - [11/Dec/2019:06:39:48 +0000] "GET /index.php HTTP/1.1" 301 264 "-" "kube-probe/1.16"
10.244.3.1 - - [11/Dec/2019:06:40:03 +0000] "GET /index.php HTTP/1.1" 301 264 "-" "kube-probe/1.16"
10.244.3.1 - - [11/Dec/2019:06:40:18 +0000] "GET /index.php HTTP/1.1" 301 264 "-" "kube-probe/1.16"
FROM wordpress:5.2.4-apache
RUN sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf;
RUN sed -i 's/:80/:8080/g' /etc/apache2/sites-enabled/000-default.conf;
# RUN sed -i 's/#ServerName www.example.com/ServerName localhost/g' /etc/apache2/sites-enabled/000-default.conf;
EXPOSE 8080
CMD ["apache2-foreground"]
apiVersion: apps/v1
kind: Deployment
metadata:
name: blog-wordpress
namespace: development
labels:
app: blog
spec:
selector:
matchLabels:
app: blog
tier: wordpress
replicas: 4
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 2
template:
metadata:
labels:
app: blog
tier: wordpress
spec:
volumes:
- name: blog-wordpress
persistentVolumeClaim:
claimName: blog-wordpress
containers:
- name: blog-wordpress
# image: wordpress:5.2.4-apache
image: wordpress-test:test12
securityContext:
runAsUser: 65534
allowPrivilegeEscalation: false
capabilities:
add:
- "NET_ADMIN"
- "NET_BIND_SERVICE"
- "SYS_TIME"
resources:
requests:
cpu: "250m"
memory: "64Mi"
limits:
cpu: "500m"
memory: "128Mi"
ports:
- name: liveness-port
containerPort: 8080
readinessProbe:
initialDelaySeconds: 15
httpGet:
path: /index.php
port: 8080
timeoutSeconds: 15
periodSeconds: 15
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 10
httpGet:
path: /index.php
port: 8080
timeoutSeconds: 10
periodSeconds: 15
failureThreshold: 5
env:
# Database
- name: WORDPRESS_DB_HOST
value: blog-mysql
- name: WORDPRESS_DB_NAME
value: wordpress
- name: WORDPRESS_DB_USER
valueFrom:
secretKeyRef:
name: blog-mysql
key: username
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: blog-mysql
key: password
- name: WORDPRESS_TABLE_PREFIX
value: wp_
- name: WORDPRESS_AUTH_KEY
valueFrom:
secretKeyRef:
name: blog-wordpress
key: auth-key
- name: WORDPRESS_SECURE_AUTH_KEY
valueFrom:
secretKeyRef:
name: blog-wordpress
key: secure-auth-key
- name: WORDPRESS_LOGGED_IN_KEY
valueFrom:
secretKeyRef:
name: blog-wordpress
key: logged-in-key
- name: WORDPRESS_NONCE_KEY
valueFrom:
secretKeyRef:
name: blog-wordpress
key: nonce-key
- name: WORDPRESS_AUTH_SALT
valueFrom:
secretKeyRef:
name: blog-wordpress
key: auth-salt
- name: WORDPRESS_SECURE_AUTH_SALT
valueFrom:
secretKeyRef:
name: blog-wordpress
key: secure-auth-salt
- name: WORDPRESS_LOGGED_IN_SALT
valueFrom:
secretKeyRef:
name: blog-wordpress
key: logged-in-salt
- name: WORDPRESS_NONCE_SALT
valueFrom:
secretKeyRef:
name: blog-wordpress
key: nonce-salt
- name: WORDPRESS_CONFIG_EXTRA
value: |
define('WPLANG', 'fr_FR');
define('WP_CACHE', false);
define('WP_MEMORY_LIMIT', '64M');
volumeMounts:
- name: blog-wordpress
mountPath: "/var/www/html/wp-content"
apiVersion: v1
kind: Service
metadata:
name: blog-wordpress
namespace: development
labels:
app: blog
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: blog
tier: wordpress
type: ClusterIP
TRAEFIK IngressRoute:
##
# HTTP
##
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blog
namespace: development
spec:
entryPoints:
- http
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: blog-wordpress
port: 80
middlewares:
- name: redirect-to-https
namespace: kube-system
---
##
# HTTPS
##
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blog-https
namespace: development
spec:
entryPoints:
- https
routes:
- match: Host(`example.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: blog-wordpress
port: 80
tls:
certResolver: letsencrypt
谢谢!
共有1个答案
荣声
对于任何感兴趣的人,我已经设法解决了这个问题。
由于Wordpress强迫我的域名example.com,我收到了Wordpress的301重定向响应。通过禁用特定请求http://pod_ip:8080/index.php的Wordpress规范重定向功能,解决了这个问题。
方法如下:
- name: K8S_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
<?php
/**
* Plugin Name: Kubernetes Liveness Probe Exception
*/
add_filter('redirect_canonical', function($redirect_url, $requested_url) {
$K8S_POD_IP = getenv('K8S_POD_IP');
$LIVENESS_URL = "http://" . $K8S_POD_IP . ":8080/index.php";
if ($requested_url == $LIVENESS_URL) {
return $requested_url;
}
return $redirect_url;
}, 10, 2);
类似资料:
-
当我执行部署并描述pod时,我看到在输出底部的'Events'下列出了以下内容: (这是令人困惑的,因为它将年龄声明为2m1s-但大于这个值-所以我不确定它为什么将这个值报告为年龄) 就绪探测随后以相同错误失败。IP号与我的pod的IP匹配,我在pod描述中的下看到了这一点: 活性和就绪探针的失败导致pod不断终止和重新启动。 该应用程序有一个默认的页面,所以我相信如果健康探测能够连接,它应该会收
-
当我试图为我的awx_web容器设置活跃度和就绪度prob时,我总是得到这个错误
-
我有一个配置了外部网络虚拟交换机的HyperV。K8S被配置为使用法兰绒覆盖(vxlan),如下所示:https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/network-topologies。 你知道如何解决这个问题吗? 更新:提供YAML: 我不知道这是否相关,因为我不能像上面所说的那样从不同的
-
我在k8s https://github.com/paveldemyanenko/kubernetes-keycloak/tree/master/kubernetes中准备了一些Keycloak的基本示例,在这里我遇到了一个问题,当我在部署结束时部署Keycloak Helm Chart时,我会出现这样一个错误: 配置有什么问题,为什么它不能检查就绪探测?
-
我使用Java连接MySQL和Json将数据发送到android,当我通过URL地址将数据从Java发送到Json时: 一切都很好,但是当我在Android中解析数据时,我收到了一个错误结果,如下所示: logcat: (192.168.1.221)IP地址是我的PC机,如果我从192.168.1.221更改为本地主机,我仍然会收到相同的错误。
-
我正在尝试调试一个远程应用程序。我已经在服务器上启动了一个SOCKS代理: ssh-D 9999主机名 然后,我尝试从eclipse调试设置连接到它,其中主机名相同,端口=9999。 但是我得到了错误: 我还更新了eclipse网络连接以允许SOCKS代理。该配置在同一网络中的不同主机名上工作。 我无法解释此错误消息。有人能帮助我哪里出错了吗?我看了看这个:SSH连接成功,但localhost端口