我创建了一个 Ingress,我正在尝试使用 pathRouting 访问 Prometheus
入口yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
name: ingress-prometheus-nginx-pathchange-strimzi
namespace: monitoring
spec:
rules:
- host: prometheus-nginx-pathchange
http:
paths:
- backend:
service:
name: prometheus-operated
port:
number: 9090
path: "/prometheus(/|$)(.*)"
pathType: Prefix
后端服务
Karans-MacBook-Pro:ingress-ns karanalang$ kc describe svc prometheus-operated -n monitoring
Name: prometheus-operated
Namespace: monitoring
Labels: operated-prometheus=true
Annotations: cloud.google.com/neg: {"ingress":true}
cloud.google.com/neg-status:
{"network_endpoint_groups":{"9090":"k8s1-45a575f7-monitoring-prometheus-operated-9090-d19ceff1"},"zones":["us-east1-b"]}
Selector: app.kubernetes.io/name=prometheus
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: None
IPs: None
Port: web 9090/TCP
TargetPort: web/TCP
Endpoints: <none>
Session Affinity: None
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Detach 55m neg-controller Detach 2 network endpoint(s) (NEG "k8s1-45a575f7-monitoring-prometheus-operated-9090-d19ceff1" in zone "us-east1-b")
Normal Detach 23m (x525 over 16h) neg-controller Detach 1 network endpoint(s) (NEG "k8s1-45a575f7-monitoring-prometheus-operated-9090-d19ceff1" in zone "us-east1-b")
Normal Attach 16m (x527 over 16h) neg-controller Attach 1 network endpoint(s) (NEG "k8s1-45a575f7-monitoring-prometheus-operated-9090-d19ceff1" in zone "us-east1-b")
当我做卷曲时,它给出了 - 503 Service Temporarily Unavailable
Karans-MacBook-Pro:ingress-ns karanalang$ curl prometheus-nginx-pathchange/prometheus
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>
另外,请注意:在 prometheus.yaml 中,添加了以下内容:
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: prometheus
labels:
app: strimzi
spec:
externalUrl: 'http://prometheus-nginx-pathchange/prometheus/'
routePrefix: '/'
关于如何调试/修复此问题的任何想法?蒂亚!
更新:我添加了 TLS 证书,这是 curl 命令的输出
Karans-MacBook-Pro:ingress-ns karanalang$ curl -v -L prometheus-nginx-pathchange/prometheus
* Trying 104.196.128.221...
* TCP_NODELAY set
* Connected to prometheus-nginx-pathchange (104.196.128.221) port 80 (#0)
> GET /prometheus HTTP/1.1
> Host: prometheus-nginx-pathchange
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Date: Wed, 19 Jan 2022 18:57:39 GMT
< Content-Type: text/html
< Content-Length: 164
< Connection: keep-alive
< Location: https://prometheus-nginx-pathchange/prometheus
<
* Ignoring the response-body
* Connection #0 to host prometheus-nginx-pathchange left intact
* Issue another request to this URL: 'https://prometheus-nginx-pathchange/prometheus'
* Trying 104.196.128.221...
* TCP_NODELAY set
* Connected to prometheus-nginx-pathchange (104.196.128.221) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 1
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
* Closing connection 0
请注意:我使用的是自签名证书,关于如何解决这个问题的任何想法?