问题描述
我的应用程序由使用 GKE 部署的 play 网络应用程序组成。应用程序运行良好(使用 Deployment 和 Loadbalancer 服务),然后我决定使用 Ingress。我进行了以下更改,使应用程序无法访问。当我尝试使用 502 IP 连接应用程序时,出现 ingress 错误。
应用类型为 Deployment。
apiVersion: apps/v1
kind: Deployment
Metadata:
name: webapp
spec:
replicas: 2
selector:
matchLabels:
app: webapp
它有一个与之关联的 service
apiVersion: v1
kind: Service
Metadata:
name: webapp-service
spec:
selector:
app: webapp
ports:
- protocol: TCP
port: 9000 #this service is reachable at this port
targetPort: 9000 #this service will forward the request to correspoding nodes of the service at this port
#type: LoadBalancer
type: NodePort
然后我应用以下文件来创建 ingress
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
Metadata:
name: webapp-https-loadbalancer-ingress
annotations:
kubernetes.io/ingress.class: "gce"
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: webapp-service
servicePort: 9000
当我运行时,我可以看到有一个 IP 地址(也可以从外部访问)
kubectl describe ingress webapp-https-loadbalancer-ingress
Name: webapp-https-loadbalancer-ingress
Namespace: default
Address: 3x.yyy.zzz.pq
Default backend: default-http-backend:80 (10.88.0.5:8080)
Rules:
Host Path Backends
---- ---- --------
*
... Type Reason Age From Message
---- ------ ---- ---- -------
normal ADD 10m loadbalancer-controller default/webapp-https-loadbalancer-ingress
normal CREATE 9m10s loadbalancer-controller ip: 3x.yyy.zzz.pq
但我无法使用 https://3x.yyy.zzz.pq 访问该应用程序。我尚未将域与 IP 关联。我尝试使用 curl 进行连接,但出现错误 - 502 bad gateway 错误
curl -v 3x.xxx.xxx.xxx
* Expire in 0 ms for 6 (transfer 0x55d4c5258f90)
* Trying 3x.xxx.xxx.xxx...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55d4c5258f90)
* Connected to 3x.xxx.xxx.xxx (3x.xxx.xxx.xxx) port 80 (#0)
> GET / HTTP/1.1
> Host: 3x.xxx.xxx.xxx
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Content-Length: 332
< Date: Tue,22 Dec 2020 22:27:23 GMT
<
<html><head>
<Meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>502 Server Error</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Server Error</h1>
<h2>The server encountered a temporary error and Could not complete your request.<p>Please try again in 30 seconds.</h2>
<h2></h2>
</body></html>
* Connection #0 to host 3x.xxx.xxx.xxx left intact
解决方法
问题是负载均衡器的 IP 不在服务器的 allowed-hosts 列表中。作为临时修复,我在服务器配置中使用了通配符以允许来自所有主机的流量。我仍在研究如何将其限制为负载均衡器的内部 IP