0

请您帮助找出我的配置问题。它是在 AWS WorkShop 示例的范围内完成的,只是在另一个 HTTP 容器上重写。现在,在执行此操作后,一切都正常了,但是在进行 NLB 时,“上游不健康”。

检查了日志,在我的网关入口上只看到 503 错误。请求根本没有到达我的 pod。我在哪里配置错误?

apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualGateway
metadata:
  name: ingress-gw
  namespace: shared
spec:
  namespaceSelector:
    matchLabels:
      gateway: shared-gw
  podSelector:
    matchLabels:
      app: ingress-gw
  listeners:
    - portMapping:
        port: 8088
        protocol: http
  logging:
    accessLog:
      file:
        path: /dev/stdout
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpd-echo-deployment
  namespace: shared
  labels:
    app: httpd-echo1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpd-echo1
  template:
    metadata:
      labels:
        app: httpd-echo1
      annotations:
        appmesh.k8s.aws/mesh: shared-mesh
    spec:
      containers:
      - name: httpd
        image: hashicorp/http-echo
        args:
          - "-text=test"
        ports:
        - containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
  namespace: shared
  name: httpd-echo-service
  labels:
    app: httpd-echo1
spec:
  ports:
    - name: "http"
      port: 5678
      targetPort: 5678
  selector:
    app: httpd-echo1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
  name: shared-virtual-node-1
  namespace: shared
spec:
  podSelector:
    matchLabels:
      app: httpd-echo1
  listeners:
    - portMapping:
        port: 5678
        protocol: http
      healthCheck:
        protocol: http
        path: '/'
        healthyThreshold: 5
        unhealthyThreshold: 5
        timeoutMillis: 2000
        intervalMillis: 5000
  serviceDiscovery:
    dns:
      hostname: httpd-echo1.test.com
  logging:
    accessLog:
      file:
        path: /dev/stdout
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
  name: shared-virtual-service-1
  namespace: shared
spec:
  awsName: httpd-echo1.test.com
  provider:
    virtualNode:
      virtualNodeRef:
        name: shared-virtual-node-1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: GatewayRoute
metadata:
  name: shared-gw-route-1
  namespace: shared
spec:
  httpRoute:
    match:
      prefix: "/"
    action:
      target:
        virtualService:
          virtualServiceRef:
            name: shared-virtual-service-1
---
apiVersion: v1
kind: Service
metadata:
  name: ingress-gw
  namespace: shared
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
    service.beta.kubernetes.io/aws-load-balancer-subnets : subnet-1,subnet-2,subnet-3
    service.beta.kubernetes.io/aws-load-balancer-internal: "false"
spec:
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8088
      name: http
  selector:
    app: ingress-gw
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ingress-gw
  namespace: shared
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ingress-gw
  template:
    metadata:
      labels:
        app: ingress-gw
    spec:
      containers:
        - name: envoy
          image: 422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.16.1.1-prod
          ports:
            - containerPort: 8088

我尝试使用的示例:https ://github.com/aws-containers/eks-app-mesh-polyglot-demo/tree/cf15e0d8e10c019d332f5378d132a8d620131df8/deployment

4

1 回答 1

2

我试图在我身边重现同样的东西,它工作得很好。我对上述 yaml 进行了一些配置更改。

  1. 将网关标签“gateway: shared-gw”添加到 VirtualGateway。确保您在命名空间中也有此标签。
  2. 更正了 dns 主机名。这应该是你的应用程序 clusterIp 服务名称 serviceDiscovery: dns: hostname: httpd-echo1.shared.svc.cluster.local

此外,确保您的Laodbalancer 处于活动状态,并且此LB 的目标组侦听器显示健康状态

我在下面添加更新的 yaml。你可以试试这个,看看它是否有效。

---
apiVersion: v1
kind: Namespace
metadata:
  name: shared
  labels:
    mesh: shared-mesh
    gateway: ingress-gw
    appmesh.k8s.aws/sidecarInjectorWebhook: enabled
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: Mesh
metadata:
  name: shared-mesh
spec:
  namespaceSelector:
    matchLabels:
      mesh: shared-mesh
---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpd-echo1
  namespace: shared
  labels:
    app: httpd-echo1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpd-echo1
  template:
    metadata:
      labels:
        app: httpd-echo1
      annotations:
        appmesh.k8s.aws/mesh: shared-mesh
    spec:
      containers:
      - name: httpd
        image: hashicorp/http-echo
        args:
          - "-text=test"
        ports:
        - containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
  namespace: shared
  name: httpd-echo1
  labels:
    app: httpd-echo1
spec:
  ports:
    - name: "http"
      port: 5678
      targetPort: 5678
  selector:
    app: httpd-echo1
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
  name: shared-virtual-node-1
  namespace: shared
spec:
  podSelector:
    matchLabels:
      app: httpd-echo1
  listeners:
    - portMapping:
        port: 5678
        protocol: http
      healthCheck:
        protocol: http
        path: '/'
        healthyThreshold: 5
        unhealthyThreshold: 5
        timeoutMillis: 2000
        intervalMillis: 5000
  serviceDiscovery:
    dns:
      hostname: httpd-echo1.shared.svc.cluster.local
  logging:
    accessLog:
      file:
        path: /dev/stdout
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualService
metadata:
  name: shared-virtual-service-1
  namespace: shared
spec:
  awsName: httpd-echo1.shared.svc.cluster.local
  provider:
    virtualNode:
      virtualNodeRef:
        name: shared-virtual-node-1
---

apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualGateway
metadata:
  name: ingress-gw
  namespace: shared
spec:
  namespaceSelector:
    matchLabels:
      gateway: ingress-gw
  podSelector:
    matchLabels:
      app: ingress-gw
  listeners:
    - portMapping:
        port: 8088
        protocol: http
  logging:
    accessLog:
      file:
        path: /dev/stdout
---
apiVersion: v1
kind: Service
metadata:
  name: ingress-gw
  namespace: shared
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8088
      name: http
  selector:
    app: ingress-gw
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ingress-gw
  namespace: shared
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ingress-gw
  template:
    metadata:
      labels:
        app: ingress-gw
    spec:
      containers:
        - name: envoy
          image: 422531588944.dkr.ecr.eu-south-1.amazonaws.com/aws-appmesh-envoy:v1.16.1.1-prod
          ports:
            - containerPort: 8088
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: GatewayRoute
metadata:
  name: shared-gw-route-1
  namespace: shared
spec:
  httpRoute:
    match:
      prefix: "/"
    action:
      target:
        virtualService:
          virtualServiceRef:
            name: shared-virtual-service-1
---
于 2021-04-09T18:22:59.260 回答