Node.js Kubernetes Ingress 502网关连接被拒绝
我正试图通过服务Node.js Kubernetes Ingress 502网关连接被拒绝,node.js,angular,docker,nginx,kubernetes,Node.js,Angular,Docker,Nginx,Kubernetes,我正试图通过服务lawyerlyui服务访问部署到AKS集群的角度前端。集群正在使用通过HELM部署的nginx,并带有官方图表() 我部署了其他后端.net核心服务,我可以通过入口访问这些服务 但是,当我尝试访问Angular应用程序时,我得到以下错误(取自nginx pod日志) 以下是nginx、Dockerfile、deployment.yml和ingres.yml NGINX日志 2021/01/29 20:31:59 [error] 1304#1304: *7634340 conne
lawyerlyui服务访问部署到AKS集群的角度前端。集群正在使用通过HELM部署的nginx,并带有官方图表()
我部署了其他后端.net核心服务,我可以通过入口访问这些服务
但是,当我尝试访问Angular应用程序时,我得到以下错误(取自nginx pod日志)
以下是nginx
、Dockerfile
、deployment.yml
和ingres.yml
NGINX日志
2021/01/29 20:31:59 [error] 1304#1304: *7634340 connect() failed (111: Connection refused) while connecting to upstream, client: 10.244.0.1,
server: uat.redactedapp.co.za, request: "GET / HTTP/2.0", upstream: "http://10.244.0.88:80/", host: "uat.redactedapp.co.za"
Dockerfile
FROM node:8.12.0-alpine
EXPOSE 80
RUN npm -v
RUN mkdir -p /usr/src
WORKDIR /usr/src
# To handle 'not get uid/gid'
RUN npm config set unsafe-perm true
RUN npm install -g \
typescript@2.8.3 \
@angular/compiler-cli \
@angular-devkit/core
RUN npm install -g @angular/cli@7.0.3
RUN ln -s /usr/src/node_modules/@angular/cli/bin/ng /bin/ng
COPY package.json /usr/src/
RUN npm install
COPY . /usr/src
CMD ["ng", "build", "--configuration", "uat"]
入口
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: redacted-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, PATCH, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
tls:
- hosts:
- uat.redactedapp.co.za
secretName: secret-tls
rules:
- host: uat.redactedapp.co.za
http:
paths:
- path: /otp-api(/|$)(.*)
pathType: Prefix
backend:
service:
name: otpapi-service
port:
number: 80
- path: /search-api(/|$)(.*)
pathType: Prefix
backend:
service:
name: searchapi-service
port:
number: 80
- path: /notifications-api(/|$)(.*)
pathType: Prefix
backend:
service:
name: notificationsapi-service
port:
number: 80
- path: /user-api(/|$)(.*)
pathType: Prefix
backend:
service:
name: userapi-service
port:
number: 80
- path: /insurance-api(/|$)(.*)
pathType: Prefix
backend:
service:
name: insuranceapi-service
port:
number: 80
- path: /client-api(/|$)(.*)
pathType: Prefix
backend:
service:
name: clientsapi-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: lawyerlyui-service
port:
number: 80
部署.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: lawyerlyui
spec:
selector:
matchLabels:
app: lawyerlyui
replicas: 1
template:
metadata:
labels:
app: lawyerlyui
spec:
containers:
- name: lawyerlyui
image: redacted.azurecr.io/lawyerly:latest
ports:
- containerPort: 80
imagePullSecrets:
- name: uat-acr-auth
---
apiVersion: v1
kind: Service
metadata:
name: lawyerlyui-service
spec:
type: ClusterIP
selector:
app: lawyerlyui
ports:
- name: http
protocol: TCP
# Port accessible inside cluster
port: 80
# Port to forward to inside the pod
targetPort: 80
因此,在阅读了@mdaniels评论之后,我创建了一个新的Dockerfile.uat。前一个文件只是构建src代码,但从未为其提供服务
据我所知,您需要提供构建的Angular代码,这不再是给我一个502坏网关
# Stage 0, "build-stage", based on Node.js, to build and compile the frontend
FROM node:10.8.0 as build-stage
WORKDIR /app
COPY package*.json /app/
RUN npm install
COPY ./ /app/
ARG configuration=uat
EXPOSE 80
RUN npm run build --configuration $configuration
# Stage 1, based on Nginx, to have only the compiled app, ready for production with Nginx
FROM nginx:1.15
#Copy ci-dashboard-dist
COPY --from=build-stage /app/dist/lfa/ /usr/share/nginx/html
#Copy default nginx configuration
COPY ./nginx/nginx-custom.conf /etc/nginx/conf.d/default.conf
您有ng build
,但这会启动服务器监听端口80吗?你有没有检查过kubectl logs-l app=lawyerlyui
,看看它是否在做你期望的事情,使用:latest
而不使用imagePullPolicy:Always
会导致事情与您期望的不同be@mdaniel我尝试了kubectl日志-l app=lawyerlyui
,但没有从容器日志中获得任何输出。我不太熟悉Angular,我知道在这个项目中有一个单独的dockerfile,它的末尾有这个cmdCMD[“ng”、“serve”、“--host”、“0.0.0.0”]
docker是否将基本dockerfile与特定于环境的dockerfile.uat相结合?我试图看看是否可以在uat dockerfile中添加另一个CMD,但只能指定一个;或者,除非有一些潜在的细微差别,我相信您可以通过在部署中设置命令:[ng,service,--host,0.0.0.0]
来测试这一理论,看看它是否开始工作。如果部署在:80上有一个正确的livenessProbe:
on:80,那么当没有人在监听时,它会正确地轰炸卷展栏:80