为什么在nginx上运行的应用程序发出的请求没有命中Kubernetes服务
我在Kubernetes部署了一个运行在nginx上的应用程序,它是一个简单的静态为什么在nginx上运行的应用程序发出的请求没有命中Kubernetes服务,nginx,kubernetes,kubernetes-service,Nginx,Kubernetes,Kubernetes Service,我在Kubernetes部署了一个运行在nginx上的应用程序,它是一个简单的静态index.html。我定义了一个带有url的按钮http://backservice:8080/actionbackservice是支持Spring应用程序的k8s服务 apiVersion: v1 kind: Service metadata: name: nginx-ingress-lb namespace: kube-system spec: clusterIP: 172.21.12.220
index.html
。我定义了一个带有url的按钮http://backservice:8080/action
backservice
是支持Spring应用程序的k8s服务
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
问题是,当我点击那个按钮时,什么也没发生<代码>反向服务未命中。我预计会出现CORS
错误,但nginx似乎会阻止所有出站请求。我不想将后端服务代理到nginx中
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
Nginx配置:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
服务器配置:
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
location / {
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /svg/ {
}
location /assets/ {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
后端服务
与nginx应用程序位于同一命名空间中。您的静态应用程序在浏览器中运行。浏览器不是k8s集群的一部分,因此它不知道URLhttp://backservice:8080/action
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
使用入口公开后端服务。例如https://backend.example.com/action
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
(您也可以使用Loadbalancer类型公开,但我建议使用入口)
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
然后将前端代码更改为点击
https://backend.example.com/action
我认为主要的问题是后台服务是主机名,只能在k8s集群内部解决。如果您想从集群外部访问它,应该使用或(LoadBalancer、NodePort)公开它 您是否打开了ingress deployemnt上的8080端口
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
如果你的kubernetes在公共云上。它应该有一个由Ingress nginx使用的负载平衡器。您可以在kubernetes命名空间kube系统中的ingress部署服务中配置该负载平衡器
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
这是一个示例,如果您希望允许ingress nginx上的端口8080访问服务的端口80:
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
kgs nginx入口lb-n kube系统-o yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
spec:
clusterIP: 172.21.12.220
externalTrafficPolicy: Cluster
ports:
- name: nginx-ingress-lb-443-443
nodePort: 32672
port: 443
protocol: TCP
targetPort: 443
- name: nginx-ingress-lb-8080-80
nodePort: 32026
port: 8080
protocol: TCP
targetPort: 80
浏览器中是否有控制台错误?@DineshBalasubramanian是的,我有一个状态:失败
,错误名称未解决
后端服务
已可从外部访问。我希望避免这样的往返,我的意思是避免nginx应用程序离开集群而点击backendservice
。有可能吗?静态代码在浏览器中运行,而不是在nginx上运行!因此,您尝试进行的操作调用是从浏览器发起的,并直接命中后端,而不是通过Nginx。由于您的浏览器正在执行操作,并且浏览器不是Kubernetes群集的一部分,因此您无法使用服务名称直接访问后端。您将需要入口或类似的设置类似于此设置这里没有往返文章backendservice
是一个支持多个其他服务的网关,前端应用程序也由此网关支持。因此,为了访问前端,我定义了一个入口,默认路由/*
指向网关,网关默认路由/*
绑定到前端,该前端呈现index.html。我希望你明白我的意思,backendservice
已经可以从外部访问,我为此定义了入口。我希望避免这样的往返,我的意思是避免nginx应用程序离开集群而点击backendservice
。可能吗?但是如果您是从浏览器访问index.html,那么对/action
的请求应该使用入口或其他方式从集群外部发出。没有任何往返。