英文:
Nginx 400 Bad Request in Digital Ocean Kubernetes environment
问题
以下是翻译好的部分:
-
"The domain configured is
ticket.devaibhav.live" 翻译为 "配置的域名是ticket.devaibhav.live。" -
"ping ticket.devaibhav.live is pointing to the correct IP address of the load balancer provisioned by Digital Ocean." 翻译为 "ping ticket.devaibhav.live 指向由Digital Ocean提供的负载均衡器的正确IP地址。"
-
"I haven't configured SSL on the cluster yet, but if I try to access my website http://ticket.devaibhav.live gives a 400 bad request." 翻译为 "我还没有在集群上配置SSL,但如果我尝试访问我的网站 http://ticket.devaibhav.live,会出现400 Bad Request错误。"
-
"According to my understanding, when the browser sends a request to http://ticket.devaibhav.live, the request is sent to the Digital Ocean Load balancer and then the ingress service (Ingress-nginx by Kubernetes in my case) routes the traffic based on the rules I have defined." 翻译为 "根据我的理解,当浏览器发送请求到 http://ticket.devaibhav.live 时,请求被发送到Digital Ocean负载均衡器,然后由Ingress服务(在我的情况下是Kubernetes的Ingress-nginx)根据我定义的规则路由流量。"
-
"essentially when I hit http://ticket.devaibhav.live the request should be mapped to the last rule where it must be routed to client-srv." 翻译为 "基本上,当我访问 http://ticket.devaibhav.live 时,请求应该被映射到最后一条规则,必须路由到 client-srv。"
-
"The above configuration works well on the development server where I am using minikube." 翻译为 "上述配置在我使用Minikube的开发服务器上运行良好。"
-
"I am unable to understand where I am going wrong with the configuration. I will provide more details as I feel it would be necessary." 翻译为 "我不明白我在配置上哪里出了问题。如果需要的话,我会提供更多细节。"
-
"on the cluster that is deployed" 翻译为 "在部署的集群上"。
希望这些翻译对您有所帮助。
英文:
The domain configured is ticket.devaibhav.live
ping ticket.devaibhav.live is pointing to the correct IP address of the load balancer provisioned by Digital Ocean. I haven't configured SSL on the cluster yet, but if I try to access my website http://ticket.devaibhav.live gives an 400 bad request. I am new to kubernetes and networking inside a cluster.
According to my understanding, when browser sends request to http://ticket.devaibhav.live the request is sent to the Digital Ocean Load balancer and then the ingress service (Ingress-nginx by kubernetes in my case) routes the traffic based on the rules I have defined.
ingress-nginx service
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
service.beta.kubernetes.io/do-loadbalancer-hostname: 'ticket.devaibhav.live'
labels:
helm.sh/chart: ingress-nginx-2.0.3
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
ingress resource rules
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
rules:
- host: ticket.devaibhav.live
http:
paths:
- path: /api/users/?(.*)
pathType: Prefix
backend:
service:
name: auth-srv
port:
number: 3000
- path: /api/tickets/?(.*)
pathType: Prefix
backend:
service:
name: tickets-srv
port:
number: 3000
- path: /api/orders/?(.*)
pathType: Prefix
backend:
service:
name: orders-srv
port:
number: 3000
- path: /api/payments/?(.*)
pathType: Prefix
backend:
service:
name: payments-srv
port:
number: 3000
- path: /?(.*)
pathType: Prefix
backend:
service:
name: client-srv
port:
number: 3000
essentially when I hit http://ticket.devaibhav.live the request should be mapped to the last rule where it must be routed to client-srv.
client deployment and service
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-depl
spec:
replicas: 1
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: vaibhav908/client
---
apiVersion: v1
kind: Service
metadata:
name: client-srv
spec:
selector:
app: client
ports:
- name: client
protocol: TCP
port: 3000
targetPort: 3000
The above configuration works well on the development server where I am using minikube.
I am unable to understand where I am going wrong with the configuration. I will provide more details as I feel it would be necessary.
[edit]
on the cluster that is deployed
kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
client-srv ClusterIP 10.245.100.25 <none> 3000/TCP 2d17h
and some other services
kubectl describe ingress
Name: ingress-service
Labels: <none>
Namespace: default
Address: ticket.devaibhav.live
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
ticket.devaibhav.live
/api/users/?(.*) auth-srv:3000 (10.244.1.76:3000)
/api/tickets/?(.*) tickets-srv:3000 (10.244.0.145:3000)
/api/orders/?(.*) orders-srv:3000 (10.244.1.121:3000)
/api/payments/?(.*) payments-srv:3000 (10.244.1.48:3000)
/?(.*) client-srv:3000 (10.244.1.32:3000)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: true
Events: <none>
答案1
得分: 1
确保您的入口控制器已配置为遵守负载均衡器中的代理协议设置。尝试在您的配置映射中添加一个代理协议指令。
如在文档中所述:
启用或禁用PROXY协议以接收通过代理服务器和负载均衡器(如HAProxy和Amazon Elastic Load Balancer(ELB))传递的客户端连接(真实IP地址)信息。
英文:
Make sure you have your ingress controller configured to respect the proxy protocol settings in the LB. Try adding a proxy protocol directive to your config map.
As given in the document:
> Enables or disables the PROXY protocol to receive client connection
> (real IP address) information passed through proxy servers and load
> balancers such as HAProxy and Amazon Elastic Load Balancer (ELB).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论