Nginx在Digital Ocean Kubernetes环境中出现400 Bad Request错误。

huangapple
go评论82阅读模式
英文:

Nginx 400 Bad Request in Digital Ocean Kubernetes environment

问题

以下是翻译好的部分:

  1. "The domain configured is ticket.devaibhav.live" 翻译为 "配置的域名是 ticket.devaibhav.live。"

  2. "ping ticket.devaibhav.live is pointing to the correct IP address of the load balancer provisioned by Digital Ocean." 翻译为 "ping ticket.devaibhav.live 指向由Digital Ocean提供的负载均衡器的正确IP地址。"

  3. "I haven't configured SSL on the cluster yet, but if I try to access my website http://ticket.devaibhav.live gives a 400 bad request." 翻译为 "我还没有在集群上配置SSL,但如果我尝试访问我的网站 http://ticket.devaibhav.live,会出现400 Bad Request错误。"

  4. "According to my understanding, when the browser sends a request to http://ticket.devaibhav.live, the request is sent to the Digital Ocean Load balancer and then the ingress service (Ingress-nginx by Kubernetes in my case) routes the traffic based on the rules I have defined." 翻译为 "根据我的理解,当浏览器发送请求到 http://ticket.devaibhav.live 时,请求被发送到Digital Ocean负载均衡器,然后由Ingress服务(在我的情况下是Kubernetes的Ingress-nginx)根据我定义的规则路由流量。"

  5. "essentially when I hit http://ticket.devaibhav.live the request should be mapped to the last rule where it must be routed to client-srv." 翻译为 "基本上,当我访问 http://ticket.devaibhav.live 时,请求应该被映射到最后一条规则,必须路由到 client-srv。"

  6. "The above configuration works well on the development server where I am using minikube." 翻译为 "上述配置在我使用Minikube的开发服务器上运行良好。"

  7. "I am unable to understand where I am going wrong with the configuration. I will provide more details as I feel it would be necessary." 翻译为 "我不明白我在配置上哪里出了问题。如果需要的话,我会提供更多细节。"

  8. "on the cluster that is deployed" 翻译为 "在部署的集群上"。

希望这些翻译对您有所帮助。

英文:

The domain configured is ticket.devaibhav.live

ping ticket.devaibhav.live is pointing to the correct IP address of the load balancer provisioned by Digital Ocean. I haven't configured SSL on the cluster yet, but if I try to access my website http://ticket.devaibhav.live gives an 400 bad request. I am new to kubernetes and networking inside a cluster.

According to my understanding, when browser sends request to http://ticket.devaibhav.live the request is sent to the Digital Ocean Load balancer and then the ingress service (Ingress-nginx by kubernetes in my case) routes the traffic based on the rules I have defined.

ingress-nginx service

  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4.   annotations:
  5.     service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
  6.     service.beta.kubernetes.io/do-loadbalancer-hostname: 'ticket.devaibhav.live'
  7.   labels:
  8.     helm.sh/chart: ingress-nginx-2.0.3
  9.     app.kubernetes.io/name: ingress-nginx
  10.     app.kubernetes.io/instance: ingress-nginx
  11.     app.kubernetes.io/version: 0.32.0
  12.     app.kubernetes.io/managed-by: Helm
  13.     app.kubernetes.io/component: controller
  14.   name: ingress-nginx-controller
  15.   namespace: ingress-nginx
  16. spec:
  17.   type: LoadBalancer
  18.   externalTrafficPolicy: Local
  19.   ports:
  20.     - name: http
  21.       port: 80
  22.       protocol: TCP
  23.       targetPort: http
  24.     - name: https
  25.       port: 443
  26.       protocol: TCP
  27.       targetPort: https
  28.   selector:
  29.     app.kubernetes.io/name: ingress-nginx
  30.     app.kubernetes.io/instance: ingress-nginx
  31.     app.kubernetes.io/component: controller

ingress resource rules

  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4.   name: ingress-service
  5.   annotations:
  6.     kubernetes.io/ingress.class: nginx
  7.     nginx.ingress.kubernetes.io/use-regex: 'true'
  8. spec:
  9.   rules:
  10.     - host: ticket.devaibhav.live
  11.       http:
  12.         paths:
  13.           - path: /api/users/?(.*)
  14.             pathType: Prefix
  15.             backend:
  16.               service:
  17.                 name: auth-srv
  18.                 port:
  19.                   number: 3000
  20.           - path: /api/tickets/?(.*)
  21.             pathType: Prefix
  22.             backend:
  23.               service:
  24.                 name: tickets-srv
  25.                 port:
  26.                   number: 3000
  27.           - path: /api/orders/?(.*)
  28.             pathType: Prefix
  29.             backend:
  30.               service:
  31.                 name: orders-srv
  32.                 port:
  33.                   number: 3000
  34.           - path: /api/payments/?(.*)
  35.             pathType: Prefix
  36.             backend:
  37.               service:
  38.                 name: payments-srv
  39.                 port:
  40.                   number: 3000
  41.           - path: /?(.*)
  42.             pathType: Prefix
  43.             backend:
  44.               service:
  45.                 name: client-srv
  46.                 port:
  47.                   number: 3000

essentially when I hit http://ticket.devaibhav.live the request should be mapped to the last rule where it must be routed to client-srv.

client deployment and service

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: client-depl
  5. spec:
  6.   replicas: 1
  7.   selector:
  8.     matchLabels:
  9.       app: client
  10.   template:
  11.     metadata:
  12.       labels:
  13.         app: client
  14.     spec:
  15.       containers:
  16.         - name: client
  17.           image: vaibhav908/client
  19. ---
  20. apiVersion: v1
  21. kind: Service
  22. metadata:
  23.   name: client-srv
  24. spec:
  25.   selector:
  26.     app: client
  27.   ports:
  28.     - name: client
  29.       protocol: TCP
  30.       port: 3000
  31.       targetPort: 3000

The above configuration works well on the development server where I am using minikube.
I am unable to understand where I am going wrong with the configuration. I will provide more details as I feel it would be necessary.

[edit]
on the cluster that is deployed
kubectl get services

  1. NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
  2. client-srv             ClusterIP   10.245.100.25    <none>        3000/TCP            2d17h
  3. and some other services

kubectl describe ingress

  1. Name:             ingress-service
  2. Labels:           <none>
  3. Namespace:        default
  4. Address:          ticket.devaibhav.live
  5. Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
  6. Rules:
  7.   Host                   Path  Backends
  8.   ----                   ----  --------
  9.   ticket.devaibhav.live  
  10.                          /api/users/?(.*)      auth-srv:3000 (10.244.1.76:3000)
  11.                          /api/tickets/?(.*)    tickets-srv:3000 (10.244.0.145:3000)
  12.                          /api/orders/?(.*)     orders-srv:3000 (10.244.1.121:3000)
  13.                          /api/payments/?(.*)   payments-srv:3000 (10.244.1.48:3000)
  14.                          /?(.*)                client-srv:3000 (10.244.1.32:3000)
  15. Annotations:             kubernetes.io/ingress.class: nginx
  16.                          nginx.ingress.kubernetes.io/use-regex: true
  17. Events:                  <none>

答案1

得分: 1

确保您的入口控制器已配置为遵守负载均衡器中的代理协议设置。尝试在您的配置映射中添加一个代理协议指令。

如在文档中所述:

启用或禁用PROXY协议以接收通过代理服务器和负载均衡器(如HAProxy和Amazon Elastic Load Balancer(ELB))传递的客户端连接(真实IP地址)信息。

英文:

Make sure you have your ingress controller configured to respect the proxy protocol settings in the LB. Try adding a proxy protocol directive to your config map.

As given in the document:

> Enables or disables the PROXY protocol to receive client connection
> (real IP address) information passed through proxy servers and load
> balancers such as HAProxy and Amazon Elastic Load Balancer (ELB).

huangapple
  • 本文由 发表于 2023年2月19日 15:16:55
  • 转载请务必保留本文链接:https://go.coder-hub.com/75498560.html
  • ingress-nginx
  • kubernetes
  • nginx
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定