0

我正在对接我们当前的应用程序并在 kubernetes 集群上进行部署。我们有 2 个服务,即服务 A 和服务 B。我们的一项服务(例如 service-A)使用 websocket。我们在 ingress 中配置了一条规则,将 websocket 请求直接路由到端口 8080 上的 service-A。还有一个规则将其他请求路由到端口 443 上的 service-B。但是 ingress 控制器总是将 websocket 请求路由到 service-B路由到服务-A。

因此,我从入口中删除了 service-B 规则,但仍将其路由为 tls 请求,并且请求永远不会到达 service-A。不知道为什么它被重新路由为 TLS 而不是 http 请求升级到 websocket 连接。

请在下面找到我的入口配置:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    field.cattle.io/publicEndpoints: '[{"addresses":[""],"port":443,"protocol":"HTTPS","serviceName":"cluster42:service-B","ingressName":"cluster42:my-ingress","hostname":"cluster42-phase-0 ","path":"/","allNodes":false},{"addresses":[""],"port":443,"protocol":"HTTPS","serviceName":"cluster42:service-A","ingressName":"cluster42:my-ingress","hostname":"cluster42-phase-0 ","path":"/ws-service","allNodes":false}]'
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/","nginx.ingress.kubernetes.io/ssl-passthrough":"true"},"labels":{"app":"ingress","chart":" myapplication-chart","heritage":"Tiller","release":"installation-cluster42"},"name":"my-ingress","namespace":"cluster42"},"spec":{"rules":[{"host":"cluster42-phase-0 ","http":{"paths":[{"backend":{"serviceName":"service-B","servicePort":443},"path":"/"}]}}],"tls":[{"hosts":["cluster42-phase-0 "]}]}}
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.org/websocket-services: "service-A"
  creationTimestamp: "2019-05-24T11:46:40Z"
  generation: 31
  labels:
    app: ingress
    chart:  myapplication-chart
    heritage: Tiller
    release: installation-cluster42
  name: my-ingress
  namespace: cluster42
  resourceVersion: "57549362"
  selfLink: /apis/extensions/v1beta1/namespaces/cluster42/ingresses/my-ingress
  uid: 98784b1f-7e19-11e9-b2f1-005056b0b58e
spec:
  rules:
  - host: cluster42-phase-0 
    http:
      paths:
      - backend:
          serviceName: service-B
          servicePort: 443
        path: /
      - backend:
          serviceName: service-A
          servicePort: 8080
        path: /ws-service
  tls:
  - hosts:
    - cluster42-phase-0 
status:
  loadBalancer:
    ingress:
    - {}

我希望将请求路由到服务 A 而不是服务 B。如果我在配置中遗漏了什么或做错了什么,请告诉我。

提前致谢。

4

1 回答 1

0

检查目标端口是否已打开且未使用。

然后检查您是否有足够的权限通过分蘖访问 kube-system 命名空间。否则你必须创建 RBAC 和特殊服务。您可以在这里找到更多信息: tiller-rbac.

您在规范部分的入口配置文件中有一些错误。

请注意,当前 Ingress 仅支持单个 TLS 端口443,并假定 TLS 终止。因此很明显,目标服务将是端口为 443 的服务 B。因此您可以从配置文件中删除 tls 部分。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    field.cattle.io/publicEndpoints: '[{"addresses":[""],"port":443,"protocol":"HTTPS","serviceName":"cluster42:service-B","ingressName":"cluster42:my-ingress","hostname":"cluster42-phase-0 ","path":"/","allNodes":false},{"addresses":[""],"port":443,"protocol":"HTTPS","serviceName":"cluster42:service-A","ingressName":"cluster42:my-ingress","hostname":"cluster42-phase-0 ","path":"/ws-service","allNodes":false}]'
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/rewrite-target":"/","nginx.ingress.kubernetes.io/ssl-passthrough":"true"},"labels":{"app":"ingress","chart":" myapplication-chart","heritage":"Tiller","release":"installation-cluster42"},"name":"my-ingress","namespace":"cluster42"},"spec":{"rules":[{"host":"cluster42-phase-0 ","http":{"paths":[{"backend":{"serviceName":"service-B","servicePort":443},"path":"/"}]}}],"tls":[{"hosts":["cluster42-phase-0 "]}]}}
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.org/websocket-services: "service-A"
  creationTimestamp: "2019-05-24T11:46:40Z"
  generation: 31
  labels:
    app: ingress
    chart:  myapplication-chart
    heritage: Tiller
    release: installation-cluster42
  name: my-ingress
  namespace: cluster42
  resourceVersion: "57549362"
  selfLink: /apis/extensions/v1beta1/namespaces/cluster42/ingresses/my-ingress
  uid: 98784b1f-7e19-11e9-b2f1-005056b0b58e
spec:
  rules:
  - host: cluster42-phase-0 
    http:
      paths:
      - path: /
        backend:
          serviceName: service-B
          servicePort: 443
      - path: /ws-service
        backend:
          serviceName: service-A
          servicePort: 8080
status:
  loadBalancer:
    ingress:
    - {}
于 2019-06-26T07:51:38.617 回答