无法通过AKS上的Azure Traffic Manager和Nginx Ingress访问服务 [英] Unable to reach services via Azure Traffic Manager and Nginx Ingress on AKS

问题描述

我在两个不同的区域中有两个作为主要和次要的AKS群集. 我想将Azure通信管理器用于主要群集和辅助群集上的基于优先级的终结点监视和故障转移机制. 我得到了两个服务:A和B分别在相对路径/service-a 和/service-b 中进行路由.我在每个群集上都有nginx入口控制器，其PIP分别映射到自定义主机 aks-primary.xyz.com 和 aks-secondary.xyz.com .

I have two AKS clusters as primary and secondary in two different regions. I want to use Azure traffic manager for the the Priority based endpoint monitoring and fail-over mechanism on the primary and secondary clusters. I got two services: A and B that routes at the relative path /service-a and /service-b respectively. I have nginx ingress controller on each cluster with PIP mapped to the custom host aks-primary.xyz.com and aks-secondary.xyz.com respectively.

可通过以下路径访问服务:

The services are reachable on the below paths:

在主要客户群上:

https://aks-primary.xyz.com/service-a

https://aks-primary.xyz.com/service-b

在辅助群集上:

https://aks-secondary.xyz.com/service-a

https://aks-secondary.xyz.com/service-b

我将主要和辅助主机 aks-primary.xyz.com 和 aks-secondary.xyz.com 添加为Azure Traffic Manager中的终结点，以基于优先级路由.我添加了探测路径/healthz 和端口443. 我的端点在线.

I added the primary and secondary host aks-primary.xyz.com and aks-secondary.xyz.com as the endpoint in the Azure Traffic Manager for priority based routing. I added the probe path /healthz and port 443. My endpoints are online.

我将ATM FQDN my-atm.trafficmanager.net的自定义域添加到aks.xyz.com 我无法通过以下路径访问我的服务

I added the custom domain for the ATM FQDN my-atm.trafficmanager.net to aks.xyz.com I am unable to reach to my services on below paths

https://aks.xyz.com/service-a

https://aks.xyz.com/service-b

请提出建议.

推荐答案

我解决了这个问题.

我在每个群集上添加了带有两台主机的入口.

I added the ingress with two hosts on each cluster.

主机:主要集群aks上的 aks-primary.xyz.com 和 aks.xyz.com .

hosts: aks-primary.xyz.com and aks.xyz.com on cluster aks primary.

主机: seconds群集上的 aks-secondary.xyz.com 和 aks.xyz.com .

主要集群aks上的示例入口:

A sample ingress on cluster aks primary:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-atm
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: aks-primary.xyz.com
    http:
      paths:
      - backend:
          serviceName: service-a
          servicePort: 80
        path: /service-a
      - backend:
          serviceName: service-b
          servicePort: 80
        path: /service-b
  - host: aks.xyz.com
    http:
      paths:
      - backend:
          serviceName: service-a
          servicePort: 80
        path: /service-a
      - backend:
          serviceName: service-b
          servicePort: 80
        path: /service-b
  tls:
  - hosts:
    - aks-primary.xyz.com
    secretName: tls-secret-wildcard-for-xyz-com
  - hosts:
    - aks.xyz.com
    secretName: tls-secret-wildcard-for-xyz-com`

干杯！

这篇关于无法通过AKS上的Azure Traffic Manager和Nginx Ingress访问服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！