kubernetes ingress-nginx:客户端向https服务器发送http请求

xsuvu9jc  于 2023-08-03  发布在  Kubernetes
关注(0)|答案(2)|浏览(140)

我的目标是在我的kubernetes集群中设置一个ingress nginx。部署似乎工作,因为我猜,日志看起来不错。

NAME                                            READY   STATUS      RESTARTS   AGE
pod/ingress-nginx-admission-create--1-n5h28     0/1     Completed   0          4d8h
pod/ingress-nginx-admission-patch--1-czsfn      0/1     Completed   0          4d8h
pod/ingress-nginx-controller-7f7f8685b8-xvldg   1/1     Running     0          10m
pod/web-app-59555dbf95-slqc4                    1/1     Running     0          20m

NAME                                         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
service/ingress-nginx-controller             NodePort    10.97.224.250   <none>        80:32666/TCP,443:31657/TCP   4d8h
service/ingress-nginx-controller-admission   ClusterIP   10.100.7.97     <none>        443/TCP                      4d8h
service/web-app-internal                     ClusterIP   10.103.22.145   <none>        80/TCP                       20m

NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   1/1     1            1           4d8h
deployment.apps/web-app                    1/1     1            1           20m

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx-controller-55b65fcbff   0         0         0       22h
replicaset.apps/ingress-nginx-controller-5f7d486f4d   0         0         0       43m
replicaset.apps/ingress-nginx-controller-76bdf9b5f6   0         0         0       3h47m
replicaset.apps/ingress-nginx-controller-7d7489d947   0         0         0       44m
replicaset.apps/ingress-nginx-controller-7f7f8685b8   1         1         1       10m
replicaset.apps/ingress-nginx-controller-7fdc4896dd   0         0         0       22h
replicaset.apps/ingress-nginx-controller-86668dc4fc   0         0         0       22h
replicaset.apps/ingress-nginx-controller-8cf5559f8    0         0         0       4d8h
replicaset.apps/ingress-nginx-controller-f58499759    0         0         0       62m
replicaset.apps/web-app-59555dbf95                    1         1         1       20m

NAME                                       COMPLETIONS   DURATION   AGE
job.batch/ingress-nginx-admission-create   1/1           2s         4d8h
job.batch/ingress-nginx-admission-patch    1/1           7s         4d8h

字符串
我已经经历了一些问题,在this question中陈述。我使用的部署如下:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  namespace: ingress-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web-app
  template:
    metadata:
      labels:
        app: web-app
    spec:
      containers:
      - name: web-app
        image: registry/web-app:latest
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: web-app-internal
  namespace: ingress-nginx
spec:
  selector:
      app: web-app
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/enable-access-log: "true"
  name: web-app-ingress
  namespace: ingress-nginx
  labels:
    name: web-app-ingress
spec:
  rules:
  - host: web.app
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: web-app-internal
            port: 
              number: 80


首先,让我解释一下,我试图通过http在内部访问入口。当这起作用时,下一步将是建立ssl认证连接。
最后但并非最不重要的是,一些更相关的数据:

  • 在ingress规则中定义的主机解析为我自己网络中群集外的外部托管负载平衡器的IP
  • curl -v http://web.app返回以下输出:
*   Trying x.x.x.x...
* TCP_NODELAY set
* Connected to web.app (x.x.x.x) port 80 (#0)
> GET / HTTP/1.1
> Host: web.app
> User-Agent: curl/7.64.1
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< 
Client sent an HTTP request to an HTTPS server.
* Closing connection 0


我是一个新手的所有事情k8s有关,任何猜测我错过了什么?
非常感谢您的建议!

jgzswidk

jgzswidk1#

不,问题解决了。这是一个不正确的nginx负载均衡器设置。确实传递了44380流量,但没有传递到ingress-nginx-controller服务分配给我的工作节点上http的暴露端口。在这之后,一切都很好。

bakd9h0s

bakd9h0s2#

尝试将此注解添加到您的入口。

nginx.ingress.kubernetes.io/backend-protocol: HTTPS

字符串

相关问题