Nginx在Digital Ocean Kubernetes环境中出现400 Bad Request错误。

huangapple go评论61阅读模式
英文:

Nginx 400 Bad Request in Digital Ocean Kubernetes environment

问题

以下是翻译好的部分:

  1. "The domain configured is ticket.devaibhav.live" 翻译为 "配置的域名是 ticket.devaibhav.live。"

  2. "ping ticket.devaibhav.live is pointing to the correct IP address of the load balancer provisioned by Digital Ocean." 翻译为 "ping ticket.devaibhav.live 指向由Digital Ocean提供的负载均衡器的正确IP地址。"

  3. "I haven't configured SSL on the cluster yet, but if I try to access my website http://ticket.devaibhav.live gives a 400 bad request." 翻译为 "我还没有在集群上配置SSL,但如果我尝试访问我的网站 http://ticket.devaibhav.live,会出现400 Bad Request错误。"

  4. "According to my understanding, when the browser sends a request to http://ticket.devaibhav.live, the request is sent to the Digital Ocean Load balancer and then the ingress service (Ingress-nginx by Kubernetes in my case) routes the traffic based on the rules I have defined." 翻译为 "根据我的理解,当浏览器发送请求到 http://ticket.devaibhav.live 时,请求被发送到Digital Ocean负载均衡器,然后由Ingress服务(在我的情况下是Kubernetes的Ingress-nginx)根据我定义的规则路由流量。"

  5. "essentially when I hit http://ticket.devaibhav.live the request should be mapped to the last rule where it must be routed to client-srv." 翻译为 "基本上,当我访问 http://ticket.devaibhav.live 时,请求应该被映射到最后一条规则,必须路由到 client-srv。"

  6. "The above configuration works well on the development server where I am using minikube." 翻译为 "上述配置在我使用Minikube的开发服务器上运行良好。"

  7. "I am unable to understand where I am going wrong with the configuration. I will provide more details as I feel it would be necessary." 翻译为 "我不明白我在配置上哪里出了问题。如果需要的话,我会提供更多细节。"

  8. "on the cluster that is deployed" 翻译为 "在部署的集群上"。

希望这些翻译对您有所帮助。

英文:

The domain configured is ticket.devaibhav.live

ping ticket.devaibhav.live is pointing to the correct IP address of the load balancer provisioned by Digital Ocean. I haven't configured SSL on the cluster yet, but if I try to access my website http://ticket.devaibhav.live gives an 400 bad request. I am new to kubernetes and networking inside a cluster.

According to my understanding, when browser sends request to http://ticket.devaibhav.live the request is sent to the Digital Ocean Load balancer and then the ingress service (Ingress-nginx by kubernetes in my case) routes the traffic based on the rules I have defined.

ingress-nginx service

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
    service.beta.kubernetes.io/do-loadbalancer-hostname: 'ticket.devaibhav.live'
  labels:
    helm.sh/chart: ingress-nginx-2.0.3
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.32.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/component: controller

ingress resource rules

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-service
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
  rules:
    - host: ticket.devaibhav.live
      http:
        paths:
          - path: /api/users/?(.*)
            pathType: Prefix
            backend:
              service:
                name: auth-srv
                port:
                  number: 3000
          - path: /api/tickets/?(.*)
            pathType: Prefix
            backend:
              service:
                name: tickets-srv
                port:
                  number: 3000
          - path: /api/orders/?(.*)
            pathType: Prefix
            backend:
              service:
                name: orders-srv
                port:
                  number: 3000
          - path: /api/payments/?(.*)
            pathType: Prefix
            backend:
              service:
                name: payments-srv
                port:
                  number: 3000
          - path: /?(.*)
            pathType: Prefix
            backend:
              service:
                name: client-srv
                port:
                  number: 3000

essentially when I hit http://ticket.devaibhav.live the request should be mapped to the last rule where it must be routed to client-srv.

client deployment and service

apiVersion: apps/v1
kind: Deployment
metadata:
  name: client-depl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: client
  template:
    metadata:
      labels:
        app: client
    spec:
      containers:
        - name: client
          image: vaibhav908/client

---
apiVersion: v1
kind: Service
metadata:
  name: client-srv
spec:
  selector:
    app: client
  ports:
    - name: client
      protocol: TCP
      port: 3000
      targetPort: 3000

The above configuration works well on the development server where I am using minikube.
I am unable to understand where I am going wrong with the configuration. I will provide more details as I feel it would be necessary.

[edit]
on the cluster that is deployed
kubectl get services

NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
client-srv             ClusterIP   10.245.100.25    <none>        3000/TCP            2d17h
and some other services

kubectl describe ingress

Name:             ingress-service
Labels:           <none>
Namespace:        default
Address:          ticket.devaibhav.live
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                   Path  Backends
  ----                   ----  --------
  ticket.devaibhav.live  
                         /api/users/?(.*)      auth-srv:3000 (10.244.1.76:3000)
                         /api/tickets/?(.*)    tickets-srv:3000 (10.244.0.145:3000)
                         /api/orders/?(.*)     orders-srv:3000 (10.244.1.121:3000)
                         /api/payments/?(.*)   payments-srv:3000 (10.244.1.48:3000)
                         /?(.*)                client-srv:3000 (10.244.1.32:3000)
Annotations:             kubernetes.io/ingress.class: nginx
                         nginx.ingress.kubernetes.io/use-regex: true
Events:                  <none>

答案1

得分: 1

确保您的入口控制器已配置为遵守负载均衡器中的代理协议设置。尝试在您的配置映射中添加一个代理协议指令。

如在文档中所述:

启用或禁用PROXY协议以接收通过代理服务器和负载均衡器(如HAProxy和Amazon Elastic Load Balancer(ELB))传递的客户端连接(真实IP地址)信息。

英文:

Make sure you have your ingress controller configured to respect the proxy protocol settings in the LB. Try adding a proxy protocol directive to your config map.

As given in the document:

> Enables or disables the PROXY protocol to receive client connection
> (real IP address) information passed through proxy servers and load
> balancers such as HAProxy and Amazon Elastic Load Balancer (ELB).

huangapple
  • 本文由 发表于 2023年2月19日 15:16:55
  • 转载请务必保留本文链接:https://go.coder-hub.com/75498560.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定