Kubernetes Ingress(GCE)不断回复502错误

我正在尝试在GCE Kubernetes中设置Ingress.但是当我访问Ingress中定义的IP地址和路径组合时,我不断收到以下502错误:

这是我跑步时得到的: kubectl describe ing --namespace dpl-staging

Name:           dpl-identity
Namespace:      dpl-staging
Address:        35.186.221.153
Default backend:    default-http-backend:80 (10.0.8.5:8080)
TLS:
  dpl-identity terminates
Rules:
  Host  Path    Backends
  ----  ----    --------
  *
        /api/identity/*     dpl-identity:4000 ()
Annotations:
  https-forwarding-rule:    k8s-fws-dpl-staging-dpl-identity--5fc40252fadea594
  https-target-proxy:       k8s-tps-dpl-staging-dpl-identity--5fc40252fadea594
  url-map:          k8s-um-dpl-staging-dpl-identity--5fc40252fadea594
  backends:         {"k8s-be-31962--5fc40252fadea594":"HEALTHY","k8s-be-32396--5fc40252fadea594":"UNHEALTHY"}
Events:
  FirstSeen LastSeen    Count   From                SubObjectPath   Type        Reason  Message
  --------- --------    -----   ----                -------------   --------    ------  -------
  15m       15m     1   {loadbalancer-controller }          Normal      ADD dpl-staging/dpl-identity
  15m       15m     1   {loadbalancer-controller }          Normal      CREATE  ip: 35.186.221.153
  15m       6m      4   {loadbalancer-controller }          Normal      Service no user specified default backend, using system default

我认为问题是dpl-identity:4000 ().我不应该看到服务的IP地址dpl-identity而不是？

这是我的服务说明: kubectl describe svc --namespace dpl-staging

Name:           dpl-identity
Namespace:      dpl-staging
Labels:         app=dpl-identity
Selector:       app=dpl-identity
Type:           NodePort
IP:             10.3.254.194
Port:           http    4000/TCP
NodePort:       http    32396/TCP
Endpoints:      10.0.2.29:8000,10.0.2.30:8000
Session Affinity:   None
No events.

此外,这是执行的结果: kubectl describe ep -n dpl-staging dpl-identity

Name:       dpl-identity
Namespace:  dpl-staging
Labels:     app=dpl-identity
Subsets:
  Addresses:        10.0.2.29,10.0.2.30
  NotReadyAddresses:    
  Ports:
    Name    Port    Protocol
    ----    ----    --------
    http    8000    TCP

No events.

这是我的deployment.yaml:

apiVersion: v1
kind: Secret
metadata:
  namespace: dpl-staging
  name: dpl-identity
type: Opaque
data:
  tls.key: 
  tls.crt: 
---
apiVersion: v1
kind: Service
metadata:
  namespace: dpl-staging
  name: dpl-identity
  labels:
    app: dpl-identity
spec:
  type: NodePort
  ports:
    - port: 4000
      targetPort: 8000
      protocol: TCP
      name: http
  selector:
    app: dpl-identity
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: dpl-staging
  name: dpl-identity
  labels:
    app: dpl-identity
  annotations:
    kubernetes.io/ingress.allow-http: "false"
spec:
  tls:
  - secretName: dpl-identity
  rules:
  - http:
      paths:
        - path: /api/identity/*
          backend:
            serviceName: dpl-identity
            servicePort: 4000
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  namespace: dpl-staging
  name: dpl-identity
kind: Ingress
metadata:
  namespace: dpl-staging
  name: dpl-identity
  labels:
    app: dpl-identity
  annotations:
    kubernetes.io/ingress.allow-http: "false"
spec:
  tls:
  - secretName: dpl-identity
  rules:
  - http:
      paths:
        - path: /api/identity/*
          backend:
            serviceName: dpl-identity
            servicePort: 4000
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  namespace: dpl-staging
  name: dpl-identity
  labels:
    app: dpl-identity
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: dpl-identity
    spec:
      containers:
      - image: gcr.io/munpat-container-engine/dpl/identity:0.4.9
        name: dpl-identity
        ports:
        - containerPort: 8000
          name: http
        volumeMounts:
        - name: dpl-identity
          mountPath: /data
      volumes:
      - name: dpl-identity
        secret:
          secretName: dpl-identity

Simon I.. 30

你的后端k8s-be-32396--5fc40252fadea594显示为"UNHEALTHY".

如果后端是不健康的,Ingress将不会转发流量,这将导致您看到的502错误.

它将被标记为不健康,因为它没有通过它的健康检查,你可以检查k8s-be-32396--5fc40252fadea594的健康检查设置,看看它们是否适合你的pod,它可能是轮询URI或端口这不会返回200响应.您可以在Compute Engine> Health Checks下找到这些设置.

如果它们是正确的那么你的浏览器和容器之间有很多步骤可能会错误地传递流量,你可以尝试kubectl exec -it PODID -- bash(如果你使用的是Alpine,则使用ash),然后尝试卷曲localhost以查看容器是否按预期响应,如果是,并且运行状况检查也正确配置,那么这可能会将问题缩小到您的服务范围,然后您可以尝试将服务从NodePort类型更改为LoadBalancer,并查看是否直接从您的服务IP中获取服务IP浏览器工作.

你的后端k8s-be-32396--5fc40252fadea594显示为"UNHEALTHY".

如果后端是不健康的,Ingress将不会转发流量,这将导致您看到的502错误.

它将被标记为不健康,因为它没有通过它的健康检查,你可以检查k8s-be-32396--5fc40252fadea594的健康检查设置,看看它们是否适合你的pod,它可能是轮询URI或端口这不会返回200响应.您可以在Compute Engine> Health Checks下找到这些设置.

如果它们是正确的那么你的浏览器和容器之间有很多步骤可能会错误地传递流量,你可以尝试kubectl exec -it PODID -- bash(如果你使用的是Alpine,则使用ash),然后尝试卷曲localhost以查看容器是否按预期响应,如果是,并且运行状况检查也正确配置,那么这可能会将问题缩小到您的服务范围,然后您可以尝试将服务从NodePort类型更改为LoadBalancer,并查看是否直接从您的服务IP中获取服务IP浏览器工作.