service可以访问,但ingress无法访问

来源:10-5 深入Pod - pod相关的点点滴滴(上)

LAZYR

2021-01-17

Service详情

图片描述

[root@dop-node1 ~]# kubectl get svc -o yaml -n dop discovery-server
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"discovery-server"},"name":"discovery-server","namespace":"dop"},"spec":{"ports":[{"port":8761,"protocol":"TCP","targetPort":8761}],"selector":{"app":"discovery-server"},"type":"ClusterIP"}}
  creationTimestamp: "2021-01-15T03:27:22Z"
  labels:
    app: discovery-server
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:kubectl.kubernetes.io/last-applied-configuration: {}
        f:labels:
          .: {}
          f:app: {}
      f:spec:
        f:ports:
          .: {}
          k:{"port":8761,"protocol":"TCP"}:
            .: {}
            f:port: {}
            f:protocol: {}
            f:targetPort: {}
        f:selector:
          .: {}
          f:app: {}
        f:sessionAffinity: {}
        f:type: {}
    manager: kubectl
    operation: Update
    time: "2021-01-15T03:27:22Z"
  name: discovery-server
  namespace: dop
  resourceVersion: "369990"
  selfLink: /api/v1/namespaces/dop/services/discovery-server
  uid: 64c28528-7c40-4a13-9e18-6a1603df1b8e
spec:
  clusterIP: 10.1.47.207
  ports:
  - port: 8761
    protocol: TCP
    targetPort: 8761
  selector:
    app: discovery-server
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

Ingress详情

图片描述

[root@dop-node1 ~]# kubectl get ingress -o yaml -n dop discovery-server
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.k8s.io/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"discovery-server","namespace":"dop"},"spec":{"rules":[{"host":"discovery.dop.clsaa.com","http":{"paths":[{"backend":{"serviceName":"discovery-server","servicePort":8761}}]}}]}}
    kubernetes.io/ingress.class: nginx
  creationTimestamp: "2021-01-15T12:51:05Z"
  generation: 1
  managedFields:
  - apiVersion: networking.k8s.io/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:kubectl.kubernetes.io/last-applied-configuration: {}
          f:kubernetes.io/ingress.class: {}
      f:spec:
        f:rules: {}
    manager: kubectl
    operation: Update
    time: "2021-01-15T12:51:05Z"
  name: discovery-server
  namespace: dop
  resourceVersion: "456199"
  selfLink: /apis/extensions/v1beta1/namespaces/dop/ingresses/discovery-server
  uid: d3b75e34-d5d0-4fa8-947e-e0f8d165d4ce
spec:
  rules:
  - host: discovery.dop.clsaa.com
    http:
      paths:
      - backend:
          serviceName: discovery-server
          servicePort: 8761
        pathType: ImplementationSpecific
status:
  loadBalancer: {}

Ingress-Controller详情

图片描述

[root@dop-node1 ~]# kubectl get pod -o yaml -n ingress-nginx nginx-ingress-controller-774995d8d4-rsr4k
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubernetes.io/limit-ranger: 'LimitRanger plugin set: cpu, memory request for container
      nginx-ingress-controller'
    prometheus.io/port: "10254"
    prometheus.io/scrape: "true"
  creationTimestamp: "2021-01-15T11:15:28Z"
  generateName: nginx-ingress-controller-774995d8d4-
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    pod-template-hash: 774995d8d4
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:prometheus.io/port: {}
          f:prometheus.io/scrape: {}
        f:generateName: {}
        f:labels:
          .: {}
          f:app.kubernetes.io/name: {}
          f:app.kubernetes.io/part-of: {}
          f:pod-template-hash: {}
        f:ownerReferences:
          .: {}
          k:{"uid":"9869d2ab-4778-474a-858c-a6c5160b6e15"}:
            .: {}
            f:apiVersion: {}
            f:blockOwnerDeletion: {}
            f:controller: {}
            f:kind: {}
            f:name: {}
            f:uid: {}
      f:spec:
        f:containers:
          k:{"name":"nginx-ingress-controller"}:
            .: {}
            f:args: {}
            f:env:
              .: {}
              k:{"name":"POD_NAME"}:
                .: {}
                f:name: {}
                f:valueFrom:
                  .: {}
                  f:fieldRef:
                    .: {}
                    f:apiVersion: {}
                    f:fieldPath: {}
              k:{"name":"POD_NAMESPACE"}:
                .: {}
                f:name: {}
                f:valueFrom:
                  .: {}
                  f:fieldRef:
                    .: {}
                    f:apiVersion: {}
                    f:fieldPath: {}
            f:image: {}
            f:imagePullPolicy: {}
            f:lifecycle:
              .: {}
              f:preStop:
                .: {}
                f:exec:
                  .: {}
                  f:command: {}
            f:livenessProbe:
              .: {}
              f:failureThreshold: {}
              f:httpGet:
                .: {}
                f:path: {}
                f:port: {}
                f:scheme: {}
              f:initialDelaySeconds: {}
              f:periodSeconds: {}
              f:successThreshold: {}
              f:timeoutSeconds: {}
            f:name: {}
            f:ports:
              .: {}
              k:{"containerPort":80,"protocol":"TCP"}:
                .: {}
                f:containerPort: {}
                f:hostPort: {}
                f:name: {}
                f:protocol: {}
              k:{"containerPort":443,"protocol":"TCP"}:
                .: {}
                f:containerPort: {}
                f:hostPort: {}
                f:name: {}
                f:protocol: {}
            f:readinessProbe:
              .: {}
              f:failureThreshold: {}
              f:httpGet:
                .: {}
                f:path: {}
                f:port: {}
                f:scheme: {}
              f:periodSeconds: {}
              f:successThreshold: {}
              f:timeoutSeconds: {}
            f:resources: {}
            f:securityContext:
              .: {}
              f:allowPrivilegeEscalation: {}
              f:capabilities:
                .: {}
                f:add: {}
                f:drop: {}
              f:runAsUser: {}
            f:terminationMessagePath: {}
            f:terminationMessagePolicy: {}
        f:dnsPolicy: {}
        f:enableServiceLinks: {}
        f:hostNetwork: {}
        f:nodeSelector:
          .: {}
          f:labelName: {}
        f:restartPolicy: {}
        f:schedulerName: {}
        f:securityContext: {}
        f:serviceAccount: {}
        f:serviceAccountName: {}
        f:terminationGracePeriodSeconds: {}
    manager: kube-controller-manager
    operation: Update
    time: "2021-01-15T11:15:28Z"
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:status:
        f:conditions:
          k:{"type":"ContainersReady"}:
            .: {}
            f:lastProbeTime: {}
            f:lastTransitionTime: {}
            f:status: {}
            f:type: {}
          k:{"type":"Initialized"}:
            .: {}
            f:lastProbeTime: {}
            f:lastTransitionTime: {}
            f:status: {}
            f:type: {}
          k:{"type":"Ready"}:
            .: {}
            f:lastProbeTime: {}
            f:lastTransitionTime: {}
            f:status: {}
            f:type: {}
        f:containerStatuses: {}
        f:hostIP: {}
        f:phase: {}
        f:podIP: {}
        f:podIPs:
          .: {}
          k:{"ip":"172.31.36.158"}:
            .: {}
            f:ip: {}
        f:startTime: {}
    manager: kubelet
    operation: Update
    time: "2021-01-15T11:15:43Z"
  name: nginx-ingress-controller-774995d8d4-rsr4k
  namespace: ingress-nginx
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: nginx-ingress-controller-774995d8d4
    uid: 9869d2ab-4778-474a-858c-a6c5160b6e15
  resourceVersion: "441751"
  selfLink: /api/v1/namespaces/ingress-nginx/pods/nginx-ingress-controller-774995d8d4-rsr4k
  uid: b21f90fd-4f75-48c7-8bed-2270fa6551d8
spec:
  containers:
  - args:
    - /nginx-ingress-controller
    - --configmap=$(POD_NAMESPACE)/nginx-configuration
    - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
    - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
    - --publish-service=$(POD_NAMESPACE)/ingress-nginx
    - --annotations-prefix=nginx.ingress.kubernetes.io
    env:
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.2
    imagePullPolicy: IfNotPresent
    lifecycle:
      preStop:
        exec:
          command:
          - /wait-shutdown
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 10254
        scheme: HTTP
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 10
    name: nginx-ingress-controller
    ports:
    - containerPort: 80
      hostPort: 80
      name: http
      protocol: TCP
    - containerPort: 443
      hostPort: 443
      name: https
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 10254
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 10
    resources:
      requests:
        cpu: 100m
        memory: 90Mi
    securityContext:
      allowPrivilegeEscalation: true
      capabilities:
        add:
        - NET_BIND_SERVICE
        drop:
        - ALL
      runAsUser: 33
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: nginx-ingress-serviceaccount-token-45k8c
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  hostNetwork: true
  nodeName: dop-node3
  nodeSelector:
    labelName: dop-node3
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: nginx-ingress-serviceaccount
  serviceAccountName: nginx-ingress-serviceaccount
  terminationGracePeriodSeconds: 300
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: nginx-ingress-serviceaccount-token-45k8c
    secret:
      defaultMode: 420
      secretName: nginx-ingress-serviceaccount-token-45k8c
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2021-01-15T11:15:28Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2021-01-15T11:15:43Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2021-01-15T11:15:43Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2021-01-15T11:15:28Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://90ba452a271074052a5423ecefc7c5fd78b83e5e595a9e3dd262d3900699a224
    image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.2
    imageID: docker-pullable://quay.io/kubernetes-ingress-controller/nginx-ingress-controller@sha256:675c709433f566f9872fd0d782c321da9c91b5809bb0e8cadf4996c9c6c545b1
    lastState: {}
    name: nginx-ingress-controller
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2021-01-15T11:15:29Z"
  hostIP: 172.31.36.158
  phase: Running
  podIP: 172.31.36.158
  podIPs:
  - ip: 172.31.36.158
  qosClass: Burstable
  startTime: "2021-01-15T11:15:28Z"

问题描述

  • 访问Service可以访问成功
    图片描述
  • 访问对应的Ingress却失败
    图片描述
  • 但同一集群下的另一个Ingress却可以访问成功
    图片描述
  • 请问老师该如何排查?
写回答

1回答

刘果国

2021-01-18

1、排查dns,是否正确解析到了ingress-nginx的地址

2、查看ingress-nginx的pod访问日志,可以看到请求是否到了nginx,也可以看到域名对应的svc名字和端口

0
3
LAZYR
非常感谢!
2021-01-30
共3条回复

Kubernetes生产落地全程实践

一个互联网公司落地Kubernetes全过程点点滴滴

2293 学习 · 2216 问题

查看课程