microk8s +入口:入口服务始终解析为127.0.0.1,而不是pod ip [英] microk8s + ingress: ingressed service always resolves to 127.0.0.1 and not pod ip
问题描述
我正在学习microk8以及入口如何工作.
I am learning about microk8s and how ingress works.
我有一个带有以下附加组件的单节点microk8s(v1.18.4):DNS,入口,RBAC,存储
I have a single node microk8s (v1.18.4) with the following add-ons: DNS, ingress, RBAC, storage
我正在尝试使其与微型机器人示例一起使用.我已经阅读(并重新阅读了)该教程,但是,一旦将入口清单应用了微型机器人服务的结果,该地址就会路由到127.0.0.1
(而不是内部Pod IP).
I am trying to get it working with the microbot example. I've read (and reread) through the tutorial but, the address, once the ingress manifest is applied results with the microbot service, routed to 127.0.0.1
(and not the internal pod IP).
我正尝试通过运行在内部的vm外部的Web访问该应用程序:http://192.168.91.166/microbot
(并在登录vm时尝试curl),这将导致返回错误页面. 192.168.91.166
是虚拟机的IP.
I am attempting to access the app: http://192.168.91.166/microbot
via web external to the vm that it's running inside (and have tried curl while logged into the vm) it would result in an error page being returned. 192.168.91.166
is the vm's ip.
# kubectl get all -A
NAMESPACE NAME READY STATUS RESTARTS AGE
development pod/microbot-7dcc49575f-fqttp 1/1 Running 1 22h
ingress pod/nginx-ingress-microk8s-controller-phjgl 1/1 Running 1 21h
kube-system pod/coredns-588fd544bf-lb8mx 1/1 Running 3 37h
kube-system pod/hostpath-provisioner-75fdc8fccd-4klwh 1/1 Running 5 37h
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 37h
development service/microbot ClusterIP 10.152.183.19 <none> 80/TCP 22h
kube-system service/kube-dns ClusterIP 10.152.183.10 <none> 53/UDP,53/TCP,9153/TCP 37h
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ingress daemonset.apps/nginx-ingress-microk8s-controller 1 1 1 1 1 <none> 21h
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
development deployment.apps/microbot 1/1 1 1 22h
kube-system deployment.apps/coredns 1/1 1 1 37h
kube-system deployment.apps/hostpath-provisioner 1/1 1 1 37h
NAMESPACE NAME DESIRED CURRENT READY AGE
development replicaset.apps/microbot-7dcc49575f 1 1 1 22h
kube-system replicaset.apps/coredns-588fd544bf 1 1 1 37h
kube-system replicaset.apps/hostpath-provisioner-75fdc8fccd 1 1 1 37h
microbot svc说明
# kubectl describe svc microbot -n development
Name: microbot
Namespace: development
Labels: <none>
Annotations: Selector: name=microbot
Type: ClusterIP
IP: 10.152.183.19
Port: <unset> 80/TCP
TargetPort: 8080/TCP
Endpoints: 10.1.62.21:8080
Session Affinity: None
Events: <none>
入口描述
# kubectl describe ingress microbot -n development
Name: microbot
Namespace: development
Address: 127.0.0.1
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
/microbot microbot:80 (10.1.62.21:8080)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal UPDATE 14s nginx-ingress-controller Ingress development/microbot
入口豆荚日志
# kubectl logs -n ingress nginx-ingress-microk8s-controller-phjgl
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: 0.33.0
Build: git-589187c35
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.0
-------------------------------------------------------------------------------
W0715 13:52:22.191579 6 flags.go:249] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W0715 13:52:22.192057 6 client_config.go:552] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0715 13:52:22.194678 6 main.go:218] Creating API client for https://10.152.183.1:443
W0715 13:52:53.301344 6 main.go:259] Initial connection to the Kubernetes API server was retried 1 times.
I0715 13:52:53.301361 6 main.go:262] Running in Kubernetes cluster version v1.18+ (v1.18.4-1+6f17be3f1fd54a) - git (clean) commit 6f17be3f1fd54a88681869d1cf8bedd5a2174504 - platform linux/amd64
I0715 13:52:53.538979 6 main.go:103] SSL fake certificate created /etc/ingress-controller/ssl/default-fake-certificate.pem
I0715 13:52:53.539788 6 main.go:111] Enabling new Ingress features available since Kubernetes v1.18
E0715 13:52:53.542526 6 main.go:120] Unexpected error searching IngressClass: ingressclasses.networking.k8s.io "nginx" is forbidden: User "system:serviceaccount:ingress:nginx-ingress-microk8s-serviceaccount" cannot get resource "ingressclasses" in API group "networking.k8s.io" at the cluster scope
W0715 13:52:53.542574 6 main.go:123] No IngressClass resource with name nginx found. Only annotation will be used.
I0715 13:52:53.590982 6 nginx.go:263] Starting NGINX Ingress controller
I0715 13:52:53.604026 6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress", Name:"nginx-ingress-tcp-microk8s-conf", UID:"5f1b23d0-297c-4b2f-ac43-f3dc7256f684", APIVersion:"v1", ResourceVersion:"14859", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress/nginx-ingress-tcp-microk8s-conf
I0715 13:52:53.604099 6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress", Name:"nginx-ingress-udp-microk8s-conf", UID:"abbfd3c7-c38c-43df-ae0c-7c26abcdb9cc", APIVersion:"v1", ResourceVersion:"14860", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress/nginx-ingress-udp-microk8s-conf
I0715 13:52:53.604190 6 event.go:278] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress", Name:"nginx-load-balancer-microk8s-conf", UID:"bc525770-be0a-4303-b26d-7e1c1d424d39", APIVersion:"v1", ResourceVersion:"14858", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress/nginx-load-balancer-microk8s-conf
I0715 13:52:54.694319 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"development", Name:"microbot", UID:"58d26f3e-d19a-4c53-8a47-1223b3ccc300", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"22517", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress development/microbot
I0715 13:52:54.791730 6 nginx.go:307] Starting NGINX process
I0715 13:52:54.791929 6 leaderelection.go:242] attempting to acquire leader lease ingress/ingress-controller-leader-nginx...
I0715 13:52:54.793717 6 controller.go:139] Configuration changes detected, backend reload required.
I0715 13:52:54.805276 6 leaderelection.go:252] successfully acquired lease ingress/ingress-controller-leader-nginx
I0715 13:52:54.805481 6 status.go:86] new leader elected: nginx-ingress-microk8s-controller-phjgl
I0715 13:52:55.235056 6 controller.go:155] Backend successfully reloaded.
I0715 13:52:55.235148 6 controller.go:164] Initial sync, sleeping for 1 second.
2020/07/15 15:49:54 [error] 38#38: *57190 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
2020/07/15 15:49:54 [error] 38#38: *57190 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
2020/07/15 15:49:54 [error] 38#38: *57190 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
127.0.0.1 - - [15/Jul/2020:15:49:54 +0000] "GET /microbot HTTP/1.1" 502 157 "-" "curl/7.68.0" 81 0.000 [development-microbot-80] [] 10.1.62.21:8080, 10.1.62.21:8080, 10.1.62.21:8080 0, 0, 0 0.000, 0.000, 0.000 502, 502, 502 f4a04290c54d7562d01c2b2ef7b68d6b
2020/07/15 15:50:03 [error] 36#36: *57305 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
2020/07/15 15:50:03 [error] 36#36: *57305 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
2020/07/15 15:50:03 [error] 36#36: *57305 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
127.0.0.1 - - [15/Jul/2020:15:50:03 +0000] "GET /microbot HTTP/1.1" 502 157 "-" "curl/7.68.0" 81 0.000 [development-microbot-80] [] 10.1.62.21:8080, 10.1.62.21:8080, 10.1.62.21:8080 0, 0, 0 0.000, 0.000, 0.000 502, 502, 502 58813a2861ae850b96d10ab9482aaaae
2020/07/15 15:54:44 [error] 37#37: *60738 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
2020/07/15 15:54:44 [error] 37#37: *60738 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
2020/07/15 15:54:44 [error] 37#37: *60738 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /microbot HTTP/1.1", upstream: "http://10.1.62.21:8080/", host: "127.0.0.1"
127.0.0.1 - - [15/Jul/2020:15:54:44 +0000] "GET /microbot HTTP/1.1" 502 157 "-" "curl/7.68.0" 81 0.000 [development-microbot-80] [] 10.1.62.21:8080, 10.1.62.21:8080, 10.1.62.21:8080 0, 0, 0 0.000, 0.000, 0.000 502, 502, 502 b2bc837c1eb56d5e598f8160e4f2e3cb
I0715 16:36:08.010736 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"development", Name:"microbot", UID:"58d26f3e-d19a-4c53-8a47-1223b3ccc300", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"94444", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress development/microbot
I0715 16:36:08.011329 6 controller.go:139] Configuration changes detected, backend reload required.
I0715 16:36:08.116361 6 controller.go:155] Backend successfully reloaded.
I0715 16:41:19.262503 6 store.go:383] removing ingress microbot based on annotation kubernetes.io/ingress.class
I0715 16:41:19.262648 6 controller.go:139] Configuration changes detected, backend reload required.
I0715 16:41:19.262688 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"development", Name:"microbot", UID:"58d26f3e-d19a-4c53-8a47-1223b3ccc300", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"94444", FieldPath:""}): type: 'Normal' reason: 'DELETE' Ingress development/microbot
I0715 16:41:19.343023 6 controller.go:155] Backend successfully reloaded.
I0715 16:42:53.063307 6 store.go:324] ignoring delete for ingress microbot based on annotation kubernetes.io/ingress.class
I0715 16:43:26.671104 6 store.go:349] ignoring add for ingress microbot based on annotation kubernetes.io/ingress.class with value
部署清单:
apiVersion: v1
kind: Namespace
metadata:
name: development
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: microbot
namespace: development
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
name: microbot
template:
metadata:
labels:
name: microbot
spec:
containers:
- name: microbot
image: dontrebootme/microbot:v1
imagePullPolicy: Always
envFrom:
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: microbot
namespace: development
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
name: microbot
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: microbot
namespace: development
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /microbot
backend:
serviceName: microbot
servicePort: 80
我想知道是否有些事情我做得不正确.任何帮助将不胜感激.
I'm wondering if there's something I am not doing correctly. Any help would be much appreciated.
推荐答案
在microK8中,您应该使用http://127.0.0.1/microbot
从集群外部(即浏览器)通过入口访问Pod.这使您在nginx入口控制器日志中出现502
错误.没什么要检查的
In microK8s you should be using http://127.0.0.1/microbot
to access a pod via ingress from outside the cluster i.e a browser. This is giving you 502
error in nginx ingress controller log. Few things to check
-
使用
kubectl describe svc microbot -n development
检查pod内的容器是否正在监听端口8080
.也许是80
或其他名称.
Check if container inside pod is listening on port 8080
. Maybe it's 80
or something else.
在容器中作为容器运行的应用程序需要在0.0.0.0
而不是127.0.0.1
The application running as a container in the pod need to listen on 0.0.0.0
instead of 127.0.0.1
这篇关于microk8s +入口:入口服务始终解析为127.0.0.1,而不是pod ip的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!