[解决方案]:我的 nginx.conf 没有监听正确的端口。只要我听到正确的端口,它就起作用了。
我的目标是使用 nginx 控制器和两个入口规则将流量路由到前端 ( web-frontend) 和后端 ( ) 服务。工作了,但没有,并返回 502 Bad Gateway。每个服务都有自己的入口,以允许单独的 url 重写。我正在使用 aws nginx 控制器(https://kubernetes.github.io/ingress-nginx/deploy/#aws)。public-apipublic-apihttpsweb-frontend
public-api正在监听 8000 并且其 dockerfile 中没有公开端口。在web-frontends dockerfile 中,已经公开了几个端口以进行良好的测量(80、443、8080)。
我不明白为什么public-api当它的入口配置几乎与web-frontend. 在添加 tls 证书管理之前,这两条路由都有效。
谢谢您的帮助!
基础网络:
public-api入口/v1/-> public-api:443->NodePort服务 -> 8000-> 部署监听8000。
web-frontend入口/-> public-api:443->NodePort服务 -> 8080-> 部署监听8080。
入口描述:
public-api:
Name: public-api-rule
Namespace: default
Address: localhost
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
staging-certificate terminates <domain>
Rules:
Host Path Backends
---- ---- --------
staging.grouphouse.io
/v([0-9])/(.*) public-api:443 (10.1.3.158:8000)
Annotations: cert-manager.io/cluster-issuer: letsencrypt-staging
external-dns.alpha.kubernetes.io/hostname: <domain>
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /v$1/$2
nginx.ingress.kubernetes.io/use-regex: true
web-frontend:
Name: web-frontend-rule
Namespace: default
Address: localhost
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
staging-certificate terminates <domain>
Rules:
Host Path Backends
---- ---- --------
staging.grouphouse.io
/(.*) web-frontend:443 (10.1.3.163:8080)
Annotations: cert-manager.io/cluster-issuer: letsencrypt-staging
external-dns.alpha.kubernetes.io/hostname: <domain>
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: true
YAML:
public-api:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: public-api-rule
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-staging"
nginx.ingress.kubernetes.io/rewrite-target: /v$1/$2
nginx.ingress.kubernetes.io/use-regex: "true"
external-dns.alpha.kubernetes.io/hostname: {{ .Values.domain }}
spec:
tls:
- hosts:
- {{ .Values.domain }}
secretName: staging-certificate
rules:
- host: {{ .Values.domain }}
http:
paths:
- path: /v([0-9])/(.*)
pathType: Prefix
backend:
service:
name: public-api
port:
number: 443
apiVersion: v1
kind: Service
metadata:
name: public-api
spec:
type: NodePort
selector:
app: public-api
ports:
- port: 443
protocol: TCP
targetPort: 8000
apiVersion: apps/v1
kind: Deployment
metadata:
name: public-api
labels:
app: public-api
spec:
selector:
matchLabels:
app: public-api
template:
metadata:
labels:
app: public-api
spec:
containers:
- name: public-api
image: <image>
imagePullPolicy: Always
ports:
- containerPort: 8000
web-frontend:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-frontend-rule
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-staging"
external-dns.alpha.kubernetes.io/hostname: {{ .Values.domain }}
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
tls:
- hosts:
- {{ .Values.domain }}
secretName: staging-certificate
rules:
- host: {{ .Values.domain }}
http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: web-frontend
port:
number: 443
apiVersion: v1
kind: Service
metadata:
name: web-frontend
spec:
type: NodePort
selector:
app: web-frontend
ports:
- port: 443
protocol: TCP
targetPort: 8080
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-frontend
labels:
app: web-frontend
spec:
replicas: 1
selector:
matchLabels:
app: web-frontend
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
template:
metadata:
labels:
app: web-frontend
spec:
containers:
- name: web-frontend
image: <image>
imagePullPolicy: Always
ports:
- name: web-frontend
containerPort: 8080