如何使用入口公开服务?
我创建了一个docker镜像(java Web应用程序),创建了一个包含1个主节点和1个工作节点的kubernetes集群,创建了一个部署和一个服务。所有的资源似乎都运行良好,因为我已经通过“kubectl描述资源资源名”进行了检查。最后,我使用了入口来公开集群之外的服务。入口资源似乎工作正常,因为在描述入口对象时没有错误。但是,在从另一台机器访问浏览器上的主机时,我得到了“您的连接不是私有的”错误。我对库伯内特斯很陌生,我无法调试原因。
以下是服务/部署yaml文件、入口文件内容和资源状态。
服务和部署YAML:
kind: Service
apiVersion: v1
metadata:
name: hotelapplication
labels:
name: hotelapplication
spec:
ports:
- name: appport
port: 8080
targetPort: 8080
selector:
app: hotelapplication
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hotelapplication
spec:
selector:
matchLabels:
app: hotelapplication
replicas: 1
template:
metadata:
labels:
app: hotelapplication
spec:
containers:
- name: hotelapplication
image: myname/hotelapplication:2.0
imagePullPolicy: Always
ports:
- containerPort: 8080
env: # Setting Enviornmental Variables
- name: DB_HOST # Setting Database host address from configMap
valueFrom:
configMapKeyRef:
name: db-config # name of configMap
key: host
- name: DB_NAME # Setting Database name from configMap
valueFrom:
configMapKeyRef:
name: db-config
key: name
- name: DB_USERNAME # Setting Database username from Secret
valueFrom:
secretKeyRef:
name: db-user # Secret Name
key: username
- name: DB_PASSWORD # Setting Database password from Secret
valueFrom:
secretKeyRef:
name: db-user
key: password
以下是入口yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
所有资源—POD、部署、服务和endpoint—似乎都工作正常。
进入:
Name: springboot-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
testing.mydomain.dev
hotelapplication:8080 (192.168.254.51:8080)
Annotations: ingress.kubernetes.io/rewrite-target: /
Events: <none>
服务:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hotelapplication ClusterIP 10.109.220.90 <none> 8080/TCP 37m
部署:
NAME READY UP-TO-DATE AVAILABLE AGE
hotelapplication 1/1 1 1 5h55m
mysql-hotelapplication 1/1 1 1 22h
nfs-client-provisioner 1/1 1 1 23h
Pods对象:
NAME READY STATUS RESTARTS AGE
hotelapplication-596f65488f-cnhlc 1/1 Running 0 149m
mysql-hotelapplication-65587cb8c8-crx4v 1/1 Running 0 22h
nfs-client-provisioner-64f4fb59d8-cb6hd 1/1 Running 0 23h
我删除了服务/部署/POD并重试,但都没有成功。请帮我修一下这个。
编辑1:
我在入口服务定义中添加了nginx.ingress.kubernetes.io/ssl-redirect:"false"。但是,我面临着同样的问题。在访问主机的公共IP时,我面临502错误网关错误。
在入口日志中,我发现了以下错误:
P/1.1", upstream: "http://192.168.254.56:8081/", host: "myip"
2021/05/06 06:01:33 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:33 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:34 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:35 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.254.56:8081/", host: "<myhostipaddress>"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
2021/05/06 06:01:36 [error] 115#115: *272 connect() failed (111: Connection refused) while connecting to upstream, client: <clientipaddress>, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.254.56:8081/favicon.ico", host: "<myhostipaddress>", referrer: "http://<myhostipaddress>/"
W0506 06:06:46.328727 6 controller.go:391] Service "ingress-nginx/default-http-backend" does not have any active Endpoint
W0506 06:09:06.921564 6 controller.go:391] Service "ingress-nginx/default-http-backend" does not have any active Endpoint
共有2个答案
显然,我在部署中配置了不正确的容器端口。入口配置没有问题。但是,kubernetes实际上并没有在日志中显示任何错误,这使得调试非常困难。
对于初学者来说,在尝试公开您的服务之前,请通过将服务定义中的“类型”配置为“NodePort”来测试服务。这样我们就可以确保服务配置正确,只需在集群之外轻松访问服务即可。
由于您的入口没有SSL/TLS证书并且您尝试过通过HTTPS访问域名,因此“您的连接不是私有的”,因此出现错误。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
如果要在浏览器中打开URL,请执行测试。mydomain。dev和它显示的错误意味着安格尔没有使用HTTPS,但浏览器可能正在尝试使用HTTPS。
您可以添加类似ingress的注释。库伯内特斯。io/入口。允许http:“false”一次尝试
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/ingress.allow-http: "false"
spec:
rules:
- host: testing.mydomain.dev
http:
paths:
- backend:
serviceName: hotelapplication
servicePort: 8080
尝试在匿名中访问HTTP://code>上的数据
-
我有多个运行RDP应用程序的部署,它们都是通过ClusterIP服务公开的。我的k8s群集中有nginx ingress controller,为了允许tcp,我在nginx ingress controller部署中添加了tcp services configmap标志,并为其创建了configmap,如下所示 这将公开“rdp-service1”服务。我还有10个这样的服务需要在相同的端口号上
-
我对Kubernetes是新来的。我跟随Kubernetes艰难的方式从凯斯利Hightower,也是为了建立Kubernetes在Azure。现在所有的服务都启动了,运行良好。但是我不能使用负载平衡器公开流量。我试图添加类型的对象,但外部IP显示为。我需要添加入口来暴露流量。
-
问题内容: 所以我有3个端口应该暴露在机器的接口中。使用Docker容器可以做到这一点吗? 问题答案: 要只暴露一个端口,这是您需要做的: 要公开多个端口,只需提供多个参数:
-
我在一个基于OpenStack的私有云上有一个Kubernetes集群。需要在特定端口上公开我的服务。我可以使用Nodeport来完成此操作。但是,如果我尝试创建与第一个类似的另一个服务,我将无法公开它,因为我必须使用相同的端口,并且它已经被第一个服务占用了。 我注意到我可以在公共云中使用LoadBalancer,但我假设这在OpenStack中是不可能的?我也尝试使用Kubernetes的Ing
-
我基本上希望通过URL从外部访问Nginx hello页面。我已经为运行kubernetes和Nginx ingress:vps的v服务器的子域创建了一个(工作)a记录。我的域名。通用域名格式 我使用以下教程在CoreOS上通过kubeadm将Kubernetes安装为单节点集群:https://kubernetes.io/docs/setup/independent/install-kubead