Fatal编程技术网
  • kubernetes/
  • 具有2个服务的Kubernetes入口并不总是找到正确的服务

具有2个服务的Kubernetes入口并不总是找到正确的服务

kubernetes

具有2个服务的Kubernetes入口并不总是找到正确的服务,kubernetes,google-kubernetes-engine,kubernetes-ingress,Kubernetes,Google Kubernetes Engine,Kubernetes Ingress,我有一个Kubernetes集群,带有后端服务和安全服务。 入口定义如下: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: solidary-life annotations: kubernetes.io/ingress.global-static-ip-name: sl-ip certmanager.k8s.io/acme-http01-edit-in-place: "true" ingr

我有一个Kubernetes集群,带有后端服务和安全服务。 入口定义如下:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: solidary-life
  annotations:
    kubernetes.io/ingress.global-static-ip-name: sl-ip
    certmanager.k8s.io/acme-http01-edit-in-place: "true"
    ingress.kubernetes.io/force-ssl-redirect: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
  labels:
    app: sl
spec:
  rules:
    - host: app-solidair-vlaanderen.com
      http:
        paths:
        - path: /v0.0.1/*
          backend:
            serviceName: backend-backend
            servicePort: 8080
        - path: /auth/*
          backend:
            serviceName: security-backend
            servicePort: 8080
  tls:
  - secretName: solidary-life-tls
    hosts:
    - app-solidair-vlaanderen.com
后端服务的配置如下:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: backend
  labels:
    app: sl
spec:
  template:
    metadata:
      labels:
        app: sl
        tier: web
    spec:
      containers:
      - name: backend-app
        image: gcr.io/solidary-life-218713/sv-backend:0.0.6
        ports:
          - name: http
            containerPort: 8080
        readinessProbe:
          httpGet:
            path: /v0.0.1/api/online
            port: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: backend-backend
  labels:
    app: sl
spec:
  type: NodePort
  selector:
    app: sl
    tier: web
  ports:
  - port: 8080
    targetPort: 8080
和身份验证服务器服务:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: security
  labels:
    app: sl-security
spec:
  template:
    metadata:
      labels:
        app: sl
        tier: web
    spec:
      containers:
      - name: security-app
        image: gcr.io/solidary-life-218713/sv-security:0.0.1
        ports:
          - name: http
            containerPort: 8080
          - name: management
            containerPort: 9090
          - name: jgroups-tcp
            containerPort: 7600
          - name: jgroups-tcp-fd
            containerPort: 57600
          - name: jgroups-udp
            containerPort: 55200
            protocol: UDP
          - name: jgroups-udp-mc
            containerPort: 45688
            protocol: UDP
          - name: jgroups-udp-fd
            containerPort: 54200
            protocol: UDP
          - name: modcluster
            containerPort: 23364
          - name: modcluster-udp
            containerPort: 23365
            protocol: UDP
          - name: txn-recovery-ev
            containerPort: 4712
          - name: txn-status-mgr
            containerPort: 4713
        readinessProbe:
          httpGet:
            path: /auth/
            port: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: security-backend
  labels:
    app: sl
spec:
  type: NodePort
  selector:
    app: sl
    tier: web
  ports:
  - port: 8080
    targetPort: 8080
现在我可以转到url:

有时这样行,有时我得到404。这很烦人,我对库伯内特斯还很陌生。我没有发现错误

它是否与后端和安全服务定义上的“sl”标签有关?

是。假设您的所有服务都位于同一个Kubernetes命名空间上,至少这是问题的开始。您能为每个标签使用不同的标签吗

因此,本质上,您有两个服务随机选择属于安全部署和后端部署的pod。确定服务真正发送请求的一种方法是查看其端点并运行:

kubectl -n <your-namespace> <get or describe> ep 

kubectl-n ep