Nginx中的动态proxy_pass传递到Kubernetes中的另一个Pod [英] Dynamic proxy_pass in nginx to another pod in Kubernetes

问题描述

我正在尝试创建一个将请求转发到/<service>到http://<service>的nginx代理.我首先尝试了以下方法:

I'm trying to create an nginx proxy that forwards requests to /<service> to http://<service>. I first tried the following:

location ~ ^/(.+)$ {
    set $backend "http://$1:80";
    proxy_pass $backend;
}

但是它无法说出类似的内容(调用/myservice时):

But it fails saying something like (when calling /myservice):

[error] 7741#0: *1 no resolver defined to resolve http://myservice

由于myservice无法从外部访问，因此我尝试将 go-dnsmasq 安装为同一个吊舱中的小车，我尝试将其用于DNS解析(就像我在

Since myservice is not externally accessible I've tried to install go-dnsmasq as a sidecar in the same pod and I try to use it for DNS resolution (like I've seen in this example) and change my nginx config to look like this:

location ~ ^/(.+)$ {
        resolver 127.0.0.1:53;
        set $backend "http://$1:80";
        proxy_pass $backend;
}

但是现在nginx失败了:

But now nginx fails with:

[error] 9#9: *734 myservice could not be resolved (2: Server failure), client: 127.0.0.1, server: nginx-proxy, request: "GET /myservice HTTP/1.1", host: "localhost:8080"
127.0.0.1 - xxx [30/May/2016:10:34:23 +0000] "GET /myservice HTTP/1.1" 502 173 "-" "curl/7.38.0" "-"

我的Kubernetes窗格如下所示:

My Kubernetes pod looks like this:

spec:
  containers:
    - name: nginx
      image: "nginx:1.10.0"
      ports:
        - containerPort: 8080
          name: "external"
          protocol: "TCP"
    - name: dnsmasq
      image: "janeczku/go-dnsmasq:release-1.0.5"
      args:
        - --listen
        - "0.0.0.0:53"

在dnsmasq容器中运行netstat -ntlp会给我:

Running netstat -ntlp in the dnsmasq container gives me:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      -
tcp        0      0 :::53                   :::*                    LISTEN      1/go-dnsmasq

并在nginx容器中运行nmap --min-parallelism 100 -sT -sU localhost:

And running nmap --min-parallelism 100 -sT -sU localhost in the nginx container:

Starting Nmap 6.47 ( http://nmap.org ) at 2016-05-30 10:33 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00055s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 1997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
8080/tcp open  http-proxy
53/udp   open  domain

那么看来dnsmasq和nginx确实已启动并正在运行?我可能做错了什么?

So it seems that dnsmasq and nginx are indeed up and running? What could I be doing wrong?

推荐答案

经过大量研究和反复试验，我设法解决了这个问题.首先，我将pod规范更改为:

After much research and trial and error I managed to solve this. First I changed the pod specification to:

spec:
  containers:
    - name: nginx
      image: "nginx:1.10.0"
      ports:
        - containerPort: 8080
          name: "external"
          protocol: "TCP"
    - name: dnsmasq
      image: "janeczku/go-dnsmasq:release-1.0.5"
      args:
        - --listen
        - "127.0.0.1:53"
        - --default-resolver
        - --append-search-domains
        - --hostsfile=/etc/hosts
        - --verbose

然后我还必须在nginx中禁用解析器的ipv6:

then I also had to disable the ipv6 for the resolver in nginx:

location ~ ^/(.+)$ {
        resolver 127.0.0.1:53 ipv6=off;
        set $backend "http://$1:80";
        proxy_pass $backend;
}

然后按预期运行！

这篇关于Nginx中的动态proxy_pass传递到Kubernetes中的另一个Pod的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！