我对Azure,Kubernetes,甚至是Docker本身都很陌生,并且在系统中学习和评估以后可能的部署。到目前为止,我已经对我的服务进行了docker化,并成功部署了它们,并使用类型为LoadBalancer的服务将Web前端公开为可见。Kubernetes Azure上无法访问Kubernetes nginx入口控制器
现在我想添加TLS终止并了解到,我应该配置一个入口控制器,其中最常提到的一个是nginx入口控制器。
严格歪理邪说的例子,然后试图阅读文档我已经到达了一个看起来很有趣但不起作用的设置。也许某种灵魂可以指出我的错误,或者给我指出如何调试以及在哪里阅读更多信息。
我kubectl apply'd以下文件:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend-deployment
namespace: kube-system
spec:
template:
metadata:
labels:
app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: gcr.io/google_containers/defaultbackend:1.0
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend-service
namespace: kube-system
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
selector:
app: default-http-backend
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-ingress-controller-conf
namespace: kube-system
data:
# enable-vts-status: 'true'
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller-deployment
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: nginx-ingress-controller
spec:
terminationGracePeriodSeconds: 60
containers:
- image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.13
name: nginx-ingress-controller
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-ingress-controller-conf
---
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-controller-service
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: 443
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-ingress-controller
sessionAffinity: None
type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: kube-system
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host:
http:
paths:
- path:/
backend:
serviceName: default-http-backend-service
servicePort: 80
这给了我两个吊舱:
c:\Projects\Release-Management\Azure>kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
<some lines removed>
kube-system default-http-backend-deployment-3108185104-68xnk 1/1 Running 0 39m
<some lines removed>
kube-system nginx-ingress-controller-deployment-4106313651-v7p03 1/1 Running 0 24s
还有两个新的服务。请注意,我还使用类型LoadBalancer配置了default-http-backend-service,这仅用于调试。我已经包括了我的网络的前端被称为webcms:
c:\Projects\Release-Management\Azure>kubectl get services --all-namespaces
NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
<some lines removed>
default webcms 10.0.105.59 13.94.250.173 80:31400/TCP 23h
<some lines removed>
kube-system default-http-backend-service 10.0.106.233 13.80.68.38 80:31639/TCP 41m
kube-system nginx-ingress-controller-service 10.0.33.80 13.95.30.39 443:31444/TCP,80:31452/TCP 37m
最后一个入口:
c:\Projects\Release-Management\Azure>kubectl get ingress --all-namespaces
NAMESPACE NAME HOSTS ADDRESS PORTS AGE
kube-system nginx-ingress * 10.240.0.5 80 39m
没有错误,我可以立即检测。然后我去了Azure仪表板,查看负载均衡器及其规则,这对我的(严重未受过训练的)眼睛来说看起来不错。我没有碰到这些,负载均衡器和规则是由系统创建的。这里有一个截图:
https://qvwx.de/tmp/azure-loadbalancer.png
不过遗憾的是它不工作。我可以卷曲我webcms服务:
c:\Projects\Release-Management\Azure>curl -v http://13.94.250.173
* Rebuilt URL to: http://13.94.250.173/
* Trying 13.94.250.173...
* TCP_NODELAY set
* Connected to 13.94.250.173 (13.94.250.173) port 80 (#0)
<more lines removed, success>
但无论是默认的HTTP后台,也没有进入工作:
c:\Projects\Release-Management\Azure>curl -v http://13.80.68.38
* Rebuilt URL to: http://13.80.68.38/
* Trying 13.80.68.38...
* TCP_NODELAY set
* connect to 13.80.68.38 port 80 failed: Timed out
* Failed to connect to 13.80.68.38 port 80: Timed out
* Closing connection 0
curl: (7) Failed to connect to 13.80.68.38 port 80: Timed out
(入口给出了一个不同的IP相同)
如果您阅读这些:感谢您的时间,我会很感激任何提示。
玛丽安
感谢您的反馈,它受到了我的欢迎,并给了我很多帮助。我取得了进展,并且能够很好地工作。 为了记录我认为我的问题并不是在所示的配置中,而是使用DNS解析,我只是普遍困惑。近来情况好转多了。 有没有必要为我感到难过,我发现来自core-Kubernetes,nginx入口控制器甚至Microsoft的Azure集成文档相当有帮助。 只有很多东西需要接收。 再次感谢您的非常有帮助的答案。 –