service可以访问,但ingress无法访问
来源:10-5 深入Pod - pod相关的点点滴滴(上)
LAZYR
2021-01-17
Service详情
[root@dop-node1 ~]# kubectl get svc -o yaml -n dop discovery-server
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"discovery-server"},"name":"discovery-server","namespace":"dop"},"spec":{"ports":[{"port":8761,"protocol":"TCP","targetPort":8761}],"selector":{"app":"discovery-server"},"type":"ClusterIP"}}
creationTimestamp: "2021-01-15T03:27:22Z"
labels:
app: discovery-server
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app: {}
f:spec:
f:ports:
.: {}
k:{"port":8761,"protocol":"TCP"}:
.: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector:
.: {}
f:app: {}
f:sessionAffinity: {}
f:type: {}
manager: kubectl
operation: Update
time: "2021-01-15T03:27:22Z"
name: discovery-server
namespace: dop
resourceVersion: "369990"
selfLink: /api/v1/namespaces/dop/services/discovery-server
uid: 64c28528-7c40-4a13-9e18-6a1603df1b8e
spec:
clusterIP: 10.1.47.207
ports:
- port: 8761
protocol: TCP
targetPort: 8761
selector:
app: discovery-server
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
Ingress详情
[root@dop-node1 ~]# kubectl get ingress -o yaml -n dop discovery-server
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"discovery-server","namespace":"dop"},"spec":{"rules":[{"host":"discovery.dop.clsaa.com","http":{"paths":[{"backend":{"serviceName":"discovery-server","servicePort":8761}}]}}]}}
kubernetes.io/ingress.class: nginx
creationTimestamp: "2021-01-15T12:51:05Z"
generation: 1
managedFields:
- apiVersion: networking.k8s.io/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:kubernetes.io/ingress.class: {}
f:spec:
f:rules: {}
manager: kubectl
operation: Update
time: "2021-01-15T12:51:05Z"
name: discovery-server
namespace: dop
resourceVersion: "456199"
selfLink: /apis/extensions/v1beta1/namespaces/dop/ingresses/discovery-server
uid: d3b75e34-d5d0-4fa8-947e-e0f8d165d4ce
spec:
rules:
- host: discovery.dop.clsaa.com
http:
paths:
- backend:
serviceName: discovery-server
servicePort: 8761
pathType: ImplementationSpecific
status:
loadBalancer: {}
Ingress-Controller详情
[root@dop-node1 ~]# kubectl get pod -o yaml -n ingress-nginx nginx-ingress-controller-774995d8d4-rsr4k
apiVersion: v1
kind: Pod
metadata:
annotations:
kubernetes.io/limit-ranger: 'LimitRanger plugin set: cpu, memory request for container
nginx-ingress-controller'
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
creationTimestamp: "2021-01-15T11:15:28Z"
generateName: nginx-ingress-controller-774995d8d4-
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
pod-template-hash: 774995d8d4
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:prometheus.io/port: {}
f:prometheus.io/scrape: {}
f:generateName: {}
f:labels:
.: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/part-of: {}
f:pod-template-hash: {}
f:ownerReferences:
.: {}
k:{"uid":"9869d2ab-4778-474a-858c-a6c5160b6e15"}:
.: {}
f:apiVersion: {}
f:blockOwnerDeletion: {}
f:controller: {}
f:kind: {}
f:name: {}
f:uid: {}
f:spec:
f:containers:
k:{"name":"nginx-ingress-controller"}:
.: {}
f:args: {}
f:env:
.: {}
k:{"name":"POD_NAME"}:
.: {}
f:name: {}
f:valueFrom:
.: {}
f:fieldRef:
.: {}
f:apiVersion: {}
f:fieldPath: {}
k:{"name":"POD_NAMESPACE"}:
.: {}
f:name: {}
f:valueFrom:
.: {}
f:fieldRef:
.: {}
f:apiVersion: {}
f:fieldPath: {}
f:image: {}
f:imagePullPolicy: {}
f:lifecycle:
.: {}
f:preStop:
.: {}
f:exec:
.: {}
f:command: {}
f:livenessProbe:
.: {}
f:failureThreshold: {}
f:httpGet:
.: {}
f:path: {}
f:port: {}
f:scheme: {}
f:initialDelaySeconds: {}
f:periodSeconds: {}
f:successThreshold: {}
f:timeoutSeconds: {}
f:name: {}
f:ports:
.: {}
k:{"containerPort":80,"protocol":"TCP"}:
.: {}
f:containerPort: {}
f:hostPort: {}
f:name: {}
f:protocol: {}
k:{"containerPort":443,"protocol":"TCP"}:
.: {}
f:containerPort: {}
f:hostPort: {}
f:name: {}
f:protocol: {}
f:readinessProbe:
.: {}
f:failureThreshold: {}
f:httpGet:
.: {}
f:path: {}
f:port: {}
f:scheme: {}
f:periodSeconds: {}
f:successThreshold: {}
f:timeoutSeconds: {}
f:resources: {}
f:securityContext:
.: {}
f:allowPrivilegeEscalation: {}
f:capabilities:
.: {}
f:add: {}
f:drop: {}
f:runAsUser: {}
f:terminationMessagePath: {}
f:terminationMessagePolicy: {}
f:dnsPolicy: {}
f:enableServiceLinks: {}
f:hostNetwork: {}
f:nodeSelector:
.: {}
f:labelName: {}
f:restartPolicy: {}
f:schedulerName: {}
f:securityContext: {}
f:serviceAccount: {}
f:serviceAccountName: {}
f:terminationGracePeriodSeconds: {}
manager: kube-controller-manager
operation: Update
time: "2021-01-15T11:15:28Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:conditions:
k:{"type":"ContainersReady"}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
k:{"type":"Initialized"}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
k:{"type":"Ready"}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
f:containerStatuses: {}
f:hostIP: {}
f:phase: {}
f:podIP: {}
f:podIPs:
.: {}
k:{"ip":"172.31.36.158"}:
.: {}
f:ip: {}
f:startTime: {}
manager: kubelet
operation: Update
time: "2021-01-15T11:15:43Z"
name: nginx-ingress-controller-774995d8d4-rsr4k
namespace: ingress-nginx
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: nginx-ingress-controller-774995d8d4
uid: 9869d2ab-4778-474a-858c-a6c5160b6e15
resourceVersion: "441751"
selfLink: /api/v1/namespaces/ingress-nginx/pods/nginx-ingress-controller-774995d8d4-rsr4k
uid: b21f90fd-4f75-48c7-8bed-2270fa6551d8
spec:
containers:
- args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.2
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
name: nginx-ingress-controller
ports:
- containerPort: 80
hostPort: 80
name: http
protocol: TCP
- containerPort: 443
hostPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 33
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: nginx-ingress-serviceaccount-token-45k8c
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
hostNetwork: true
nodeName: dop-node3
nodeSelector:
labelName: dop-node3
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: nginx-ingress-serviceaccount
serviceAccountName: nginx-ingress-serviceaccount
terminationGracePeriodSeconds: 300
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: nginx-ingress-serviceaccount-token-45k8c
secret:
defaultMode: 420
secretName: nginx-ingress-serviceaccount-token-45k8c
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-01-15T11:15:28Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-01-15T11:15:43Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-01-15T11:15:43Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-01-15T11:15:28Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://90ba452a271074052a5423ecefc7c5fd78b83e5e595a9e3dd262d3900699a224
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.2
imageID: docker-pullable://quay.io/kubernetes-ingress-controller/nginx-ingress-controller@sha256:675c709433f566f9872fd0d782c321da9c91b5809bb0e8cadf4996c9c6c545b1
lastState: {}
name: nginx-ingress-controller
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2021-01-15T11:15:29Z"
hostIP: 172.31.36.158
phase: Running
podIP: 172.31.36.158
podIPs:
- ip: 172.31.36.158
qosClass: Burstable
startTime: "2021-01-15T11:15:28Z"
问题描述
- 访问Service可以访问成功
- 访问对应的Ingress却失败
- 但同一集群下的另一个Ingress却可以访问成功
请问老师该如何排查?
写回答
1回答
-
1、排查dns,是否正确解析到了ingress-nginx的地址
2、查看ingress-nginx的pod访问日志,可以看到请求是否到了nginx,也可以看到域名对应的svc名字和端口
032021-01-30
相似问题