2

我创建了一个新集群,创建了一个应用程序网关,然后按照教程安装了 AGIC。然后,我使用以下配置配置了入口控制器:

# This file contains the essential configs for the ingress controller helm chart

# Verbosity level of the App Gateway Ingress Controller
verbosityLevel: 3

################################################################################
# Specify which application gateway the ingress controller will manage
#
appgw:
    subscriptionId: <<subscriptionid>>
    resourceGroup: experimental-cluster-rg
    name: experimental-cluster-ag
    usePrivateIP: false

    # Setting appgw.shared to "true" will create an AzureIngressProhibitedTarget CRD.
    # This prohibits AGIC from applying config for any host/path.
    # Use "kubectl get AzureIngressProhibitedTargets" to view and change this.
    shared: false

################################################################################
# Specify which kubernetes namespace the ingress controller will watch
# Default value is "default"
# Leaving this variable out or setting it to blank or empty string would
# result in Ingress Controller observing all acessible namespaces.
#
# kubernetes:
#   watchNamespace: <namespace>

################################################################################
# Specify the authentication with Azure Resource Manager
#
# Two authentication methods are available:
# - Option 1: AAD-Pod-Identity (https://github.com/Azure/aad-pod-identity)
# armAuth:
#     type: aadPodIdentity
#     identityResourceID: <identityResourceId>
##     identityClientID:  <identityClientId>

## Alternatively you can use Service Principal credentials
armAuth:
    type: servicePrincipal
    secretJSON: <<hash>>

################################################################################
# Specify if the cluster is RBAC enabled or not
rbac:
    enabled: true

当我部署应用程序并检查网关时,它似乎正在通过入口控制器通过创建自己的设置来更新网关。问题似乎是应用程序永远不会暴露。我检查了健康探测,它表示由于 404 状态它不健康。我无法通过 IP 直接访问应用程序。根据我尝试访问应用程序的方式,我得到 404 或 502。

我尝试同时部署 nginx 和 agic 入口,并且 nginx 似乎工作正常:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: aks-seed-ingress-main
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    # appgw.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
    - hosts:
      - agic-cluster.company.com
      - frontend.<ip0>.nip.io
      secretName: zigzypfxtls
  rules:
  - host: agic-cluster.company.com
    http:
      paths:
      - backend:
          serviceName: aks-seed
          servicePort: 80
        path: /
  - host: frontend.<ip0>.nip.io
    http:
      paths:
      - backend:
          serviceName: aks-seed
          servicePort: 80
        path: /
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: aks-seed-ingress-nginx
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
    - hosts:
      - frontend.<ip>.nip.io
  rules:
  - host: frontend.<ip>.nip.io
    http:
      paths:
      - backend:
          serviceName: aks-seed # Modify
          servicePort: 80
        path: /

我不确定我错过了什么。我尽可能地按照教程进行操作,并且 agic 控制器和应用程序网关似乎正在通信。然而,应用程序在 agic 控制器上不可访问,但在 nginx 控制器上可访问。之后我只安装了 nginx 控制器,以确保应用程序本身没有问题。

4

3 回答 3

0

请检查分配给身份的权限可能是您缺少托管身份操作员分配,请检查它

于 2021-08-03T14:42:24.137 回答
0

检查运行状况探测。当入口控制器中的健康探测不在可接受的默认返回码范围 200-399 内时,它们将阻止您访问应用程序。在 Ingress 控制器 YAML 中(这很重要),要么将路径从“/”更改为健康探测内的适当健康端点,要么将接受的返回代码范围更新为 200-500(用于测试目的)。

带有运行状况探测的示例 YAML:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
    appgw.ingress.kubernetes.io/use-private-ip: "false"
    cert-manager.io/cluster-issuer: letsencrypt
    appgw.ingress.kubernetes.io/ssl-redirect: "true"
    appgw.ingress.kubernetes.io/health-probe-path: "/"
    appgw.ingress.kubernetes.io/health-probe-status-codes: "200-500"
spec:
  tls:
  - hosts:
    - dev.mysite.com
    secretName: secret
  rules:
  - host: dev.mysite.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: srv-mysite
            port:
              number: 80

于 2021-11-04T16:16:50.380 回答
0

我面临同样的问题,我按照下面的文章部署了资源

https://docs.microsoft.com/en-us/azure/developer/terraform/create-k8s-cluster-with-aks-applicationgateway-ingress Azure 入口从未出现就绪状态

NAME                                                              READY   STATUS    RESTARTS   AGE
aspnetapp                                                         1/1     Running   0          25h
ingress-azure-1616064464-6694ff48f8-pptnp                         0/1     Running   0          72s

    $ helm list
NAME                            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
ingress-azure-1616064464        default         1               2021-03-18 06:47:45.959459087 -0400 EDT deployed        ingress-azure-1.4.0             1.4.0
myrelease                       default         1               2021-03-18 05:45:12.419235356 -0400 EDT deployed        nginx-ingress-controller-7.4.10 0.44.0

从描述吊舱我看到下面的消息

$ kubectl describe pod ingress-azure-1616064464-6694ff48f8-pptnp
Name:         ingress-azure-1616064464-6694ff48f8-pptnp
Namespace:    default

  Warning  Unhealthy  4s (x8 over 74s)  kubelet            Readiness probe failed: Get http://15.0.0.68:8123/health/ready: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

$ kubectl get ingress
NAME                            CLASS    HOSTS              ADDRESS         PORTS   AGE
aspnetapp                       <none>   *                                  80      10s
cafe-ingress-with-annotations   <none>   cafe.example.com   20.XX.XX.XX   80      63m
于 2021-03-18T10:56:35.460 回答