GKE-无法部署入口:获取“默认后端-404”或“502”
我目前有一个部署和一个服务在GKE上运行良好。我的问题是,我想将我的外部IP:端口“绑定”到域名(在OVH上),例如:
http://www.example.com/api/grpc -
http://www.example.com/api/rest -
经过多次搜索,我终于发现入侵可能是我的解决方案。然后,我更新了yaml,以便将部署、服务、入口三者结合起来。
这是我的yaml:
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License
# Use this file to deploy the container for the grpc-bookstore sample
# and the container for the Extensible Service Proxy (ESP) to
# Google Kubernetes Engine (GKE).
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myservice
labels:
app: myservice
spec:
replicas: 1
selector:
matchLabels:
app: myservice
template:
metadata:
labels:
app: myservice
spec:
containers:
- name: myservice
image: gcr.io/<project_id>/myservice:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
- containerPort: 8081
---
apiVersion: v1
kind: Service
metadata:
name: myservice
spec:
type: NodePort
selector:
app: myservice
ports:
# Port that accepts gRPC and JSON/HTTP2 requests over HTTP.
- port: 8080
targetPort: 8080
protocol: TCP
name: grpc
# Port that accepts gRPC and JSON/HTTP2 requests over HTTP.
- port: 8081
targetPort: 8081
protocol: TCP
name: rest
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myservice-ingress
spec:
rules:
- http:
paths:
- path: /grpc
backend:
serviceName: myservice
servicePort: 8080
- path: /rest
backend:
serviceName: myservice
servicePort: 8081
然后,我尝试使用:<代码>http://www.example.com/api/rest/test带有包含我的名字的POST json正文。API应该返回Hello%s,但不是,我得到:
- 默认后端-404
- 502服务器错误(服务器遇到临时错误,无法完成您的请求。请在30秒后重试。)
我完全不知道会是什么问题,因为我遵循了谷歌文档
我输入<代码>http://www.example.com/api/rest在我的示例中,以下内容也不起作用:
http://www.example.com/rest
http://12.345.67.89/rest
所以,我可以继续前进,现在我的服务(这是不健康的)是健康的,我可以连接到它,在我的readinessProbe/livenessProbeendpoint上运行CURL并获得200 OK。
my yaml的更新版本如下所示:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myservice
namespace: default
spec:
replicas: 1
selector:
matchLabels:
run: myservice
template:
metadata:
labels:
run: myservice
spec:
containers:
- name: myservice
image: gcr.io/<project_id>/myservice:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
- containerPort: 8081
readinessProbe:
httpGet:
path: /health_check
port: 8081
livenessProbe:
httpGet:
path: /health_check
port: 8081
---
apiVersion: v1
kind: Service
metadata:
name: myservice
namespace: default
spec:
type: NodePort
selector:
run: myservice
ports:
# Port that accepts gRPC and JSON/HTTP2 requests over HTTP.
- port: 8080
targetPort: 8080
protocol: TCP
name: grpc
# Port that accepts gRPC and JSON/HTTP2 requests over HTTP.
- port: 8081
targetPort: 8081
protocol: TCP
name: rest
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myservice-ingress
spec:
backend:
serviceName: myservice
servicePort: 8081
kubectl描述吊舱
MacBook-Pro-de-Emixam23:~ emixam23$ kubectl describe pods
Name: myservice-c57d64669-phrzr
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: gke-cluster-kuberne-default-pool-8b65afeb-qgcm/10.166.0.31
Start Time: Thu, 19 Mar 2020 11:36:35 -0400
Labels: pod-template-hash=c57d64669
run=myservice
Annotations: kubernetes.io/limit-ranger: LimitRanger plugin set: cpu request for container myservice
Status: Running
IP: 10.4.2.28
Controlled By: ReplicaSet/myservice-c57d64669
Containers:
myservice:
Container ID: docker://3f9df91ec4e2631d85e0becdb8d1be64bf97fadb5a5b7049c7391eb8cfdf3eee
Image: gcr.io/<project_id>/myservice:latest
Image ID: docker-pullable://gcr.io/<project_id>/myservice@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Ports: 8080/TCP, 8081/TCP
Host Ports: 0/TCP, 0/TCP
State: Running
Started: Thu, 19 Mar 2020 11:36:40 -0400
Ready: True
Restart Count: 0
Requests:
cpu: 100m
Liveness: http-get http://:8081/health_check delay=0s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:8081/health_check delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-6cppb (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-6cppb:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-6cppb
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 8m36s default-scheduler Successfully assigned default/myservice-c57d64669-phrzr to gke-cluster-kuberne-default-pool-8b65afeb-qgcm
Normal Pulling 8m35s kubelet, gke-cluster-kuberne-default-pool-8b65afeb-qgcm Pulling image "gcr.io/<project_id>/myservice:latest"
Normal Pulled 8m32s kubelet, gke-cluster-kuberne-default-pool-8b65afeb-qgcm Successfully pulled image "gcr.io/<project_id>/myservice:latest"
Normal Created 8m31s kubelet, gke-cluster-kuberne-default-pool-8b65afeb-qgcm Created container myservice
Normal Started 8m31s kubelet, gke-cluster-kuberne-default-pool-8b65afeb-qgcm Started container myservice
kubectl描述入口myservice入口
MacBook-Pro-de-Emixam23:~ emixam23$ kubectl describe ingress myservice-ingress
Name: myservice-ingress
Namespace: default
Address: XX.XXX.XXX.XXX
Default backend: myservice:8081 (10.4.2.28:8081)
Rules:
Host Path Backends
---- ---- --------
* * myservice:8081 (10.4.2.28:8081)
Annotations:
ingress.kubernetes.io/backends: {"k8s-be-31336--d1838223483f8e56":"HEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-myservice-ingress--d1838223483f8e0
ingress.kubernetes.io/target-proxy: k8s-tp-default-myservice-ingress--d1838223483f8e0
ingress.kubernetes.io/url-map: k8s-um-default-myservice-ingress--d1838223483f8e0
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"myservice-ingress","namespace":"default"},"spec":{"backend":{"serviceName":"myservice","servicePort":8081}}}
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 11m loadbalancer-controller default/myservice-ingress
Normal CREATE 11m loadbalancer-controller ip: XX.XXX.XXX.XXX
我没有看到任何错误,但当我尝试点击XX时,我一直得到404。XXX。XXX。XXX/健康检查
我的入口现在看起来像这样:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myservice-ingress
spec:
rules:
- http:
paths:
- path: /grpc/*
backend:
serviceName: myservice
servicePort: 8080
- path: /rest/*
backend:
serviceName: myservice
servicePort: 8081
/rest/*endpoint返回404,gRPC尚未测试。关于健康,现在,我有3个服务,其中一个不健康,我不知道为什么:
MacBook-Pro-de-Emixam23:~ emixam23$ kubectl describe ingress myservice-ingress
Name: myservice-ingress
Namespace: default
Address: XX.XXX.XXX.XXX
Default backend: default-http-backend:80 (10.4.2.7:8080)
Rules:
Host Path Backends
---- ---- --------
*
/grpc/* myservice:8080 (10.4.1.23:8080)
/rest/* myservice:8081 (10.4.1.23:8081)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"myservice-ingress","namespace":"default"},"spec":{"rules":[{"http":{"paths":[{"backend":{"serviceName":"myservice","servicePort":8080},"path":"/grpc/*"},{"backend":{"serviceName":"myservice","servicePort":8081},"path":"/rest/*"}]}}]}}
ingress.kubernetes.io/backends: {"k8s-be-30181--d1838223483f8e56":"UNHEALTHY","k8s-be-30368--d1838223483f8e56":"HEALTHY","k8s-be-31613--d1838223483f8e56":"HEALTHY"}
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-myservice-ingress--d1838223483f8e0
ingress.kubernetes.io/target-proxy: k8s-tp-default-myservice-ingress--d1838223483f8e0
ingress.kubernetes.io/url-map: k8s-um-default-myservice-ingress--d1838223483f8e0
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ADD 14m loadbalancer-controller default/myservice-ingress
Normal CREATE 13m loadbalancer-controller ip: XX.XXX.XXX.XXX
此外:https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer#step_6_optional_serve_multiple_applications_on_a_load_balancer
共有1个答案
您提供的错误:
- 404(未找到)
- 502(坏网关)
与错误的入口配置有关。当请求与路径不匹配时,会将其转发到默认后端。
例子:
- path: /rest
backend:
serviceName: myservice
servicePort: 8081
只有在请求中指定了/rest时,此定义才会将流量路由到myservice。它不适用于/api/rest以及/rest/某事。
您的后端可能无法正常工作,因为资源没有足够的时间完成配置。
要检查Inete资源是否配置正确,您可以使用以下方式对其进行描述:
$kubectl描述入口NAME_OF_INGRESS_RESOURCE
请查看上面命令的以下部分,该命令检查后端是否处于正常或不正常状态:
ingress.kubernetes.io/backends: {"k8s-be-31720--0838d11870ae50b1":"HEALTHY","k8s-be-32475--0838d11870ae50b1":"HEALTHY"}
有关更多信息,请访问:Google云平台-
继续之前,请确保所有后端都处于正常状态。请参考云上的官方文档。谷歌。com:Kubernetes引擎:入口健康检查并根据您的需要进行配置。
默认情况下,GKE入口资源在端口上运行:
80(超文本传输协议)- 443(https)
请通过以下官方文档查看支持的协议:云。谷歌。com:负载平衡入口
如果您有兴趣在不同的端口上公开应用程序,请考虑使用自定义部署的入口控制器之一,如:
Nginx入口特拉菲克
请看看官方留档Kubernetes.io:入口控制器
此外,请验证您的POD是否正常运行,并运行一些测试,如果它们有适当的响应。您可以通过以下任一方式完成:
kubectl exec-it NAME\u OF THE\u POD--/path/to/shell并从此应用程序POD内部进行检查- 运行ubuntu pod,在其中执行并向应用程序pod发送请求
如果有帮助,请告诉我。
尝试此入口定义:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: domain-ingress
spec:
rules:
- host: DOMAIN.NAME
http:
paths:
- path: /api/*
backend:
serviceName: myservice
servicePort: 8081
- path: /admin/*
backend:
serviceName: myservice
servicePort: 8081
请更改域。为一个适合您的案例命名。
-
我是库伯内特斯的新手。我正在为K8S使用GKE托管服务。有2个部署nginx、httpd,并为这2个部署创建了NodePort服务。 我正在尝试为服务创建入口规则。nginx入口控制器是通过helm安装的。我有一个来自freenom的域,并将Google云DNS设置为使用静态公共IP。当我尝试点击入口URL(domain/nginx)时,它会给出: "默认后端-404" 部署: 服务: 与http
-
我正试图将一个war文件(Oracle的APEX Listener)部署到部署在RHEL服务器上的Glassfish3.1.2.2服务器上(我也在家里的Ubuntu服务器上看到了同样的问题)。 我使用以下命令创建域: $GLASSFISH_HOME/bin/asadmin创建域--portbase 8100 myDomain [我还在同一台GlassFish服务器上创建多个域(一个GF实例有多个域
-
我正在学习如何使用入口在谷歌Kubernetes引擎上公开我的应用程序。我学习了几本教程,大致了解了需要什么。然而,我不知道为什么我的服务被标记为不健康,尽管它们可以从我直接定义的NodePort服务访问。 这是我的部署文件:(我删除了一些数据,但大部分保持不变) 在阅读时,我需要一个ReadinessProbe和LivinessProbe,以便GKE在我定义的路径上运行健康检查,并且通过使用我自
-
在GKE clsuter中,我不能在内部http loadbalancer配置中使用主机名调用。这是生成的入口yaml文件。 :区域/私有集群/1.18.16-gke.302/2节点/控制平面172.16.0.0/28,禁用全局访问/启用http负载平衡 :hellorest-backend-service/3 pods/80到8080 tcp转发/默认命名空间/nodeport :hellore
-
我正在从另一个设置了特定入口点的图像创建一个图像。但是,我希望我的图像有一个默认的。如何重置入口点? 我尝试了以下Dockerfile: 不幸的是,它不像默认的入口点那样工作,因为它需要引用命令。 如何在不引用的情况下使用命令?
-
我无法通过入口路径url访问Kibana服务器UI我已经在库伯内特斯集群上部署了Kibanapod和Elasticsearch。访问UI时,它声明为“503服务不可用”,并将路径重定向为https://myserver.com/spaces/enter.elasticsearch和kibana pod都在运行。我可以通过入口路径url卷曲我的elasticsearch pod。有人能帮助解决这个问